Crossing the U.S. Border? Here’s How to Protect Yourself
The crackdown is already happening. First, Mahmoud Khalil was snatched from his home in New York. Then, immigrants in the U.S. were targeted for their political views, and foreigners reported being denied entry at the border after having their devices searched.
Even before Donald Trump was sworn in, border searches of electronics were steadily rising. With fears mounting about the Trump administration's attack on dissent, citizens and noncitizens alike are wondering how to protect their privacy.
Experts say it is important to have a plan before you cross the border, to know the law, and to do what you can to minimize your digital footprint. The plans can vary widely based on a person's immigration status and other factors.
Here are some tips on the law - and how to prevent the U.S. government from using your own data against you.
Know the LawIf you think you will simply be able to decline when a border agent asks you to hand over your phone or computer, think again.
U.S. Customs and Border Protection claims broad authority to rifle through the electronic devices of traveling into and out of the country, regardless of their citizenship status. American citizens can decline to hand over their password or PIN code - but that could result in travel delays and in device confiscation, experts warn.
CBP claims to place some limits on its own searches of devices, and courts have issued conflicting rulings about the extent of the government's authority to search electronic devices collected at the border.
Related Trump Wants Immigrants on U.S. Soil to Hand Over Social Media Accounts to Apply for Citizenship One of CBP's policies states that border agents are not supposed to search information that has only been stored remotely. As a practical matter, that often means that border agents put a phone into airplane mode before searching it.
Sophia Cope, an attorney with the Electronic Frontier Foundation, said it was useful to know CBP policies.
We know federal officers often don't follow the law and their own policy," said Cope, whose organization has published its own guide for travelers. If you know they're supposed to put the phone in airplane mode, for example, you can ask them about that."
CBP says that its officers can conduct basic" searches - where an officer scrolls through a device's contents on the spot - at their discretion. Advanced," forensic searches where devices are connected to outside devices for review are only supposed to occur upon reasonable" suspicion of legal violations or a national security concern.
Have a PlanIt is important to think about what you will do if a border agent asks for your personal devices well before you head to the airport. The last thing you want to do is to be caught flat-footed, Cope said.
Her organization has recommended that travelers conduct a risk analysis based on their personal profile, including whether they are a citizen, lawful permanent resident, or visa holder, as well as what kind of data is stored on their device.
Citizens have the right to reenter the U.S., but they can still have their devices seized. The ACLU says the same should" be true for lawful permanent residents, also known as green card holders. However, the group also recommends that noncitizens concerned about having their devices searched should consult with an immigration lawyer about your particular circumstances before traveling."
Visa holders, meanwhile, could be outright refused entry.
It really just depends on what the person's unique situation is, and what their tolerance level is for confrontation and delay and short-term detention and missing their flights and - in more extreme cases - having their immigration status questioned," Cope said.
Consider Leaving Your Usual Devices at HomeThe best way to protect your personal and work devices from search and seizure is simply to leave them at home. Get separate devices that you only use when traveling, and reset them before each trip.
Related Protesters, Here's How to Set Up a Cheap Burner Phone Cheaper and refurbished devices may suffice for many trips. If you absolutely need your usual devices on your trip, consider mailing them to your destination, although this could raise its own risks.
Log Out and Power DownBefore you get to a security checkpoint, and ideally before you're even at your port of entry or exit, fully power off all of your devices. This is important because some devices arein a more secure state before you log in to it for the first time after you've previously shut it down. For instance, forensics firms distinguish between iPhones in before first unlock" versus after first unlock" states, with the former coyly described as less helpful" for data extraction.
Part of practicing strong digital security is making sure you're exercising what's known as defense in depth": Making sure that, should one level of security fail, another layer of protection is in place, just in case. For this reason, be sure to log out of all of your accounts before you power down. You could go as far as deleting the apps you've logged out from altogether, and reinstalling them after you're safely beyond the security checkpoint.
If you are worried about remembering a long list of passwords, that is a good sign you should use password manager software instead. Recommended by many experts, a password manager allows you to use one password to unlock all of your passwords. If your password manager has a travel mode that lets you restrict which specific accounts to display for the duration of your travel, enable it.
Disable BiometricsMake sure that you're using an alphanumeric password to access your phone and other devices. Turn off all biometrics like fingerprint access and facial recognition (branded Touch ID and Face ID, respectively, on iPhones). Otherwise, authorities could put your phone up in front of your face to gain access.
Protect Your DataAside from making sure you're not logged into sensitive accounts, you should also make sure you're not storing sensitive data on your phone. One option is to download data from your phone onto an encrypted device you're not traveling with and leave it at home. Another option, if you need access to some data on the road, is to encrypt it using a tool like Cryptomator, store it on a cloud storage provider, and then download it when you've reached your destination.
If you're using an iPhone, you could back up your phone data using iCloud - just make sure you have Apple's end-to-end encryption solution, Advanced Data Protection, enabled. (If you're in certain regions, such as the U.K., you'll need to switch your region location before you can use this feature.)
Protect Your ContactsDon't forget to make sure you also protect any sensitive contacts. Go through your contacts lists and remove any persons whose affiliation with you may potentially cause issues; for instance, if you have the names of activists, human rights defenders, or other sensitive sources. You could even export and then delete your entire contacts list and restore it later.
At High Risk?If you believe you are at especially high risk when crossing the border, there are more advanced steps you can take.
One option goes beyond leaving your phone at home. You could also leave your SIM card and phone number behind too. Let your contacts know that you'll have a temporary number while traveling. You can purchase a temporary SIM once you're in the country, or beforehand. The reason to leave behind your number is the same as leaving behind your phone - you don't want the authorities or anyone else to take control of your phone number. For instance, if the authorities take your SIM card and place it into their own device, they may be able to receive messages and calls meant for you.
Keep in mind that if you're using SMS verification as a form of two-factor authentication for any accounts, you'll need to temporarily update it to your current number, or have someone with access to your phone at home be able to log you in.
Ideally, however, you shouldn't be using SMS for two-factor authentication in the first place, as it's vulnerable to attackers taking control of your phone number. If there is no other form of two-factor authentication, SMS authentication is still better than nothing at all.
If you're apprehensive that having a phone with minimal information on it may in itself cause you to stand out during an intrusive security check - which experts say is a legitimate concern - keep in mind that it may be preferable to revealing sensitive information.
Another, more elaborate protection option, iswhat the intelligence community calls persona development: Creating alternate accounts which don't contain any sensitive information. In other words, you can snap innocuous photos and upload them to separate social media accounts for traveling. If your phone is searched, only these accounts will then be visible to the authorities.
The post Crossing the U.S. Border? Here's How to Protect Yourself appeared first on The Intercept.