Yves here. I assume another option is to wipe your hard disk, although that supposedly makes the device police very unhappy. But if you smile and say it was a company laptop and it’s your employer’s policy because they have confidential client information, they might be less hostile since you’d be depicting it as not your decision.
By Gaius Publius, a professional writer living on the West Coast of the United States and frequent contributor to DownWithTyranny, digby, Truthout, and Naked Capitalism. Follow him on Twitter @Gaius_Publius, Tumblr and Facebook. GP article archive here. Originally published at DownWithTyranny
It used to be that when most people crossed the U.S. border, their electronic devices — computers, smartphones, tablets — were not routinely searched. This is no longer the case. As Murtaza Hussain notes at The Intercept, searches are up sharply, from 5,000 in 2015 … to 5,000 in just last February alone.
It’s not just ICE agents whose jobs are “fun” again, it’s the men and women at the U.S. Border Protection service too.
Lawsuit Seeks Transparency as Searches of Cellphones and Laptops Skyrocket at Borders
A lawsuit filed today by the Knight First Amendment Institute, a public interest legal organization based at Columbia University, seeks to shed light on invasive searches of laptops and cellphones by Customs and Border Protection officers at U.S. border crossings.
Documents filed in the case note that these searches have risen precipitously over the past two years, from a total of 5,000 searches in 2015 to 25,000 in 2016, and rising to 5,000 in the month of February 2017 alone. Among other questions, the lawsuit seeks to compel the federal government to provide more information about these searches, including how many of those searched have been U.S. citizens, the number of searches by port of entry, and the number of searches by the country of origin of the travelers.
The obvious problem — that pesky Fourth Amendment aside — is, as the author puts it, “the wealth of personal data often held on such devices.” Seizure and search of these devices puts that highly personal treasure trove in the hands of the Trump-led, even-more-muscular government and its agents, to do with as they will. (And don’t discount the possibility that Trojan horse software could be implanted. Not that our government would do that, mind you — that would be wrong — but still.)
Of course, the border agents can’t order you to surrender your devices and unlock codes — not exactly — though intimidation and coercion is in their repertoire. How long, for example, are you willing to put your life on hold while you defy them and they wait you out … at the airport, with a flight to catch or a job to get to?
A number of recent cases in the media have revealed instances of U.S. citizens and others being compelled by CBP agents to unlock their devices for search. In some instances, people have claimed to have been physically coerced into complying, including one American citizen who said that CBP agents grabbed him by the neck in order to take his cellphone out of his possession.
With that in mind, I thought I’d offer a few suggestions, as a partial answer to questions I’m seeing more and more, asked by people who have reason to believe they may be on the “outs” with the brave new world in Washington and its agenda.
How to Safeguard Your Data From Searches at the Border
The first set of suggestions comes from the New York Times. Brian Chen, the author of the piece, gives a nice introduction to the problems encountered by those who cross the U.S. border, closing with the admonition, Do not lie about your passwords. That would not only be wrong, it would be punishable.
That said, here are his suggestions. Note that many of them hinge on not crossing the border with your data to begin with — or not crossing the border with your passwords, even in your head. Chen:
Consider a cheap device
The best way to prevent your information from being searched is to travel with a device that never had any of your data in the first place.
It’s a wise idea to invest in a so-called travel device, a cheap smartphone or computer that you use only abroad … So leave your fancy equipment — along with your photo album, Facebook, Snapchat and Twitter apps — at home.
Which devices to buy? The Wirecutter, the product recommendations site owned by The New York Times, published a guide on budget Android phones, including the $100 Moto G4 Play that comes unlocked so that it can work with foreign SIM cards. For cheap computers, consider a $550 Acer laptop or a $430 Dell Chromebook.
When it comes to phones, you could even forego a local phone and, as an East London friend suggests, buy a cheap smartphone or even a “dumbphone” at your destination. Then load a pay-as-you-go SIM card into it and use it exclusively. You could even abandon it before leaving if you’re feeling really bold. (Remember when travelers didn’t feel incomplete if they didn’t have a phone in their pocket? That could be you.)
If you want it back, I’m sure a friend would be glad to mail it to you after you leave — or you could simply mail it to yourself before you depart.
Three more small pieces of advice before one major one:
Disable fingerprint readers
…[In] the United States, law enforcement agencies have successfully used warrants to compel people to unlock their cellphones with a fingerprint. But because of your right to remain silent, it would be tough (though not impossible) for the federal government to force you to share your passcode. So disabling your fingerprint sensor when traveling is generally a safer move. …
Encrypt your devices
Whether you are using a burner device or your own, always make sure to lock down the system with encryption, which scrambles your data so it becomes indecipherable without the right key.
Desktop apps like BitLocker or Apple’s FileVault let you encrypt your hard drive, requiring a passphrase to decrypt your files. To avoid surrendering this passphrase, you could jot it down and hand it to a friend and contact that person for the passphrase after crossing the border. [emphasis added]
Back up to the cloud, then wipe before you cross
…[To have access to your data while abroad] back up your data to a cloud service and then wipe, or erase, all the data from your device before arriving at the border, Mr. Zdziarski said. After passing through customs, you could then restore your information from the online backup.
I want to focus on the comment above about your passphrase for a moment. You can’t surrender your passphrase (a more complex form of password) if you don’t know it. So, when you encrypt your device, use a complex passphrase that you (1) don’t memorize, and (2) give to someone not traveling with you.
If You Don’t Know Your Passwords, You Can’t Surrender Them
Which leads to the final piece of advice, a major one:
Don’t memorize your passwords
The best way to protect your passwords is to not know them. When resisting a data frisk, it is easier to say you didn’t memorize your password as opposed to refusing to provide it to border agents, Mr. Grossman said.
“If you don’t know them it’s hard to compel you to give them over if you don’t know how,” he said. “Even if somebody put a gun to my head, I don’t know it.”
Password management apps like 1Password and LastPass can automatically create strong, lengthy passwords for all your online accounts and keep them stored in a vault that is accessible with one master password.
However, Mr. Grossman said you are better off traveling without your password management software loaded on your devices so that you won’t be asked to hand over the master password to your vault. You could store a copy of the password vault on a cloud service like Dropbox and get access to your vault of passwords when you reach your travel destination, he said.
An alternative to using a password-managing app is to write your passwords down and leave them with someone you trust. After getting through customs, contact that person and ask him or her to read off your passwords.
What’s really needed, of course, is for someone who can put her life on hold — and who has a great lawyer prepared to defend her — to challenge these searches and seizures in court. Some lawyers I spoke to don’t think they’re legal — though note the strong objections to that opinion here.
Suggestions from the CIA
The other suggestions I want to offer come from the CIA. This isn’t related to carrying electronic devices per se, but to how to comport yourself during screenings. WikiLeaks has leaked internal documents from the CIA that advise its own agents how to behave when they cross the border. After all, if you’re a spy with a cover story, you don’t want it blown by some border cop who pulls you out of line for a random secondary check and spots your nervousness.
Those documents are here:
CIA Advice for Operatives Infiltrating Schengen [Countries] (pdf)