Protect your data when crossing borders
Anyone who has traveled to the United States will know how seriously border security is taken. In recent years, Customs & Border Protection (CBP) agents have been increasingly searching travelers’ electronic media, with a five-fold increase from 2015 to 2016 alone. So it’s important to understand your rights in order to protect your data when crossing borders. Then you can take necessary precautions to prevent unwanted legal troubles.
Know your data privacy rights when entering the united states
First of all, your rights at the border depend on whether or not you are a US citizen. CBP agents cannot deny US citizens entry into the country, but the protections for other groups (including green card holders) are less strong. Failure to cooperate with CBP agents can cause legal permanent residents to have their status scrutinized and possibly jeopardized. Travelers with a visa or visa waiver (such as ESTA) can be denied entry by agents. Non-citizens do not technically have to give up passwords or encryption keys. However, the CBP reserves the right to refuse entry if you fail to cooperate.
There are a number of professions that would might want to keep their data hidden from search: doctors, lawyers, scientists, government officials, and business people with access to sensitive data. Therefore, to protect your data when crossing the border, it is critical to understand ahead of time what situations you may encounter and to plan ahead for these situations.
According to a spokesperson, the CBP has the right to check “computers, disks, drives, tapes, mobile phones and other communication devices, cameras, music and other media players, and any other electronic or digital devices.” The reasons given for this center around national security, since “CBP officers must determine the identity and citizenship of all persons seeking entry into the United States, determine the admissibility of foreign nationals, and deter the entry of possible terrorists, terrorist weapons, controlled substances, and a wide variety of other prohibited and restricted items.”
Before you travel
It should go without saying that to protect your data when crossing borders you should not lie to CBP agents or other officials. So if you don’t want to expose your passwords or data to them, your best bet is to genuinely not have access to this information on your devices. A good place to start is to remove social media apps like Facebook, LinkedIn, and WhatsApp from your phone. You can easily re-download these apps once you are safely through the border crossing process. Remember, if a CBP agent asks for your login credentials for a particular app, non-citizens risk being denied entry if they do not cooperate.
However, you will genuinely not know your passwords if you use a password management app like 1Password, KeePass, Dashlane, or LastPass. These are cloud-based services that store lengthy and difficult to remember (i.e. strong) passwords for your various accounts. These apps use a master password to access all of the others (alongside 2FA). However, it is possible that an agent could ask you for this master password. In this case, it might be a good idea to not have these password management apps installed on your devices when you are crossing the border. You could also store the master password in a secure email service like Mailfence. In general, always avoid bad password habits.
Bring a burner
As mentioned in our blog on protecting your device while traveling, a simple way to prevent your sensitive data being exposed is not to have any on the device. For this reason, some security-conscious travelers use a ‘burner’ phone or laptop. An added advantage is that should your device get lost or stolen in transit, it’s much cheaper to replace than a top-of-the-line iPhone or MacBook Pro.
There are a number of decent Android devices available for under $200. Some cheap laptops even start at under $500. Wirecutter has a good list of solid but cheap devices that will fulfill the purpose of traveling without your primary device.
Some tips on how to protect your data when crossing the border is to minimize the amount of sensitive data on your device. You can do this by first backing up your data to the cloud or a secure external storage device. Then wipe or perform a factory reset of your device before you cross the border. This guide from digital rights group Electronic Frontier Foundation gives step-by-step instructions on wiping data from your computer.
Bear in mind that a wiped device may cause the border agent to be suspicious. If you decide to take this risk, then the best method is called ‘secure formatting’. This means that your hard drive is first wiped and then overwritten. This method ensures that authorities cannot use special software to recover files that were deleted with a quick format.
It’s also important to know that secure formatting is more effective with traditional magnetic disk hard drives. Newer technologies like solid-state drives (SSD) and USB flash drives may require some extra steps. A technology called ‘wear leveling’ physically spreads files (reducing wear and tear) across the drive. This means that overwriting an entire drive could still leave certain fragments of data available for recovery. According to research by Wei, et al., performing two complete overwrites is usually effective for properly cleaning an SSD.
Your ability to format a built-in drive depends on the operating system your computer uses. MacOS allows users to perform a secure format of external storage media from within Disk Utility by clicking the “Most secure” option. Pressing ⌘R to erase the built-in hard drive during startup. Click here for full instructions for formatting an Apple computer
Windows users can also format external storage media with the Disk Management tool. If you boot the computer from an operating system on the local hard drive, start the computer from a bootable CD or USB drive.
If you’ve got a Chromebook, you can restore your device’s factory settings and remove locally stored data. Keep in mind that anything stored on Google’s Cloud services will remain there when you perform a factory reset.
Encrypt your files on the cloud
Keeping sensitive files off your local device is a good way to avoid exposing this information when entering the United States. However, there are some extra precautions you should take when using cloud-based file storage. Services such as boxcryptor, Cryptomator, or Sookasa offer an extra level of security by encrypting files that are placed into specially-designated folders. This means that you can reduce the risk of someone accessing sensitive data, even in case of compromised cloud accounts.
Protect your data when crossing borders
To protect your data when crossing borders, it’s important to first understand your rights. Remember that only US citizens are exempt from requirements to reveal data or passwords without potentially serious consequences. For everyone else, following the steps in this article should protect you from exposing sensitive data to border agents. Finally, remember that these individuals are just doing their jobs. So being polite, honest, and straightforward is the best way to handle interactions with CBP agents and to avoid potentially sticky situations.
– Mailfence Team