How does one permanently disable GNU/linux networking?
How would one make it impossible for Ubuntu 12 to talk to the network, even though there's a network card present (which may have a cable plugged-in)?
I found this answer which advocates removing the NIC drivers, but I'm concerned that the driver might be re-installed during an upgrade. I don't have much experience of administering linux.
Is there a best practice for running GNU/linux without networking capabilities?
You can do this by disabling different network capabilities in the the Linux kernel. It will be destructive to disable ALL networking options (because some programs do use loopback interface for operation - one of them is X server). But what can help - disable any NIC device drivers from kernel. This will ensure no external network activity.
But here is another point - as you stated:
but I'm concerned that the driver might be re-installed during an upgrade
This assumes user who is doing updates has root access to the system. If this is the case - you can't solve the problem with software-like solution. Since user has root access (and knowledge) - user will be able to make any changes.
Another point - even if user does not have root access - there is possibility to boot Linux live distribution and make any changes to config files of the computer including substituting kernel image with new one (thus enabling NIC drivers).
This all is about that simple fact - if one has physical access to the computer - one can change anything on it (providing one has knowledge and tools).
So following are some possible ways:
If users do not have advanced Linux knowledge than compiling Linux kernel without NIC drivers (do not forget about USB network cards) in the kernel will be sufficient IMO.
Also, you can disable network card in the BIOS settings - but again, these settings can be reset if one has physical access to computer.
You can set iptables rules to reject any external network traffic.
Use physical security device like port lock kit;