As a practical matter, there's got to be persistent data storage. Tony might joke that "steganographic" means dinosaur porn, but he understands that something that looks like nothing attracts less attention. Steganographic encryption hides data in a way that is difficult to distinguish from garbage. (Sanitation is the cover? Tony gets this part.)

A steganographic file system makes it easy to load and save files in a single hidden encrypted container, and there are a few implementations that can even use the computer's hard drive -- overlaying encrypted data into the unused space in a way that's indistinguishable from random garbage. The trouble is, the unused file system space or slack space shouldn't look like random garbage; it should look like old files that used to belong there.

No, data might be somewhere local -- just not on the laptop itself. These days, a gigabyte or two can masquerade as a zipper pull or shiny button. To hide in plain sight, a camera's apparently-unused memory card ought to look like it's full of random garbage data. It'll get easier when the data interface is through passive RFID woven into clothes (imagine a StegFS that only works when the yellow tie is worn with a matching jacket), but for now, something has to be plugged into a USB port.

Muting and un-muting the sound (or performing some other simple action) adds an entry to the fstab file, only after which the StegFS driver is called when the memory card key is inserted. One long Italian passphrase (or a string of memorable obscenities) later, and the filesystem is loaded. Tony sees his stuff, pulls his numbers, makes his calls, saves what he has to, then shuts down... sort of. More on that in a minute.

What about backups? Tony doesn't do backups. The risk from having your stuff lying around is a lot higher than spreading the information around and knowing how to piece it back together later. But he does send a copy to himself every now and then.

Getting in touch

How's he do that? There's no Web browser or e-mail on the system, but messaging can be accomplished through a couple of options. The Freenet network looks like a good idea because it provides reliable but deniable document exchange and discussions, and the Frost program provides a nice Java interface to Freenet. The newer version of Freenet provides faster data exchange with trusted parties, but it's still an asynchronous transfer even though the network is heavily based on trust in individual recipients.

While Freenet may be populated in large part by thieves and perverts, the lousy hoodlums leave it alone, and Tony can be practical about that. The trouble is it's slow, and needs a connection to the internet for more than just a few minutes. Others might be tempted to try and use Tor, an onion-routing anonymizer, but it's mostly focused on anonymous web browsing -- and I don't think the boss wants to get into services maintained too far out of view.

Pushing messages and files through Freenet can be accomplished several ways, and there are some interesting options. Borrowing a trick from the people who thought up the halted-firewall, a couple of custom kernel-level drivers can handle the data transfer. If a halted system is prevented from actually powering down the hardware, it leaves only the kernel and kernel-level drivers running in a state that can't easily be recovered. At the kernel level there's a wireless network driver set to rotate MAC addresses and attach promiscuously to unsecured networks (based on cool preexisting tools), and a custom Freenet injection module with the current queue of incoming and outgoing messages.

Incoming data -- messages for Tony sent to his "KSK" dropbox -- is dumped to the encrypted Freenet store, which can look like another blob of unidentifiable garbage data through deft application of an encryption wrapper. (The system's not fully halted if there's a file system to write to, but otherwise retrieved messages can't be saved.) If that's too much work, closing the laptop lid and going for a drive can be made to do that same trick, allowing the Freenet data store to be parked in the hidden filesystem, but that can be pretty risky.

From the passenger seat, the system periodically looks for unsecured wireless access points or ones with default configurations -- at randomly-timed intervals so that the laptop doesn't become a homing beacon -- and sends the payload when it can. When the payload queue is done, the system powers off. This means even Tony doesn't know where the data is sent or received, and the pattern and location of network transmission is never the same. Never.

If the system is lost or seized with messages in the queue, there'd be no way to reconstruct the portions of the message already sent, no way to examine the current queue without rebooting the system, and no way to document or preserve the system state without keeping it in a closely-monitored Faraday cage. If that's the situation, the family's going to have trouble keeping the man out of the other kind of cage.