Protect Your Data When Crossing Borders
Anyone who has travelled to the United States will know how seriously border security is taken. In recent years, Customs & Border Protection (CBP) agents have been increasingly searching travellers’ electronic media. As our digital devices usually contain our most private information, you might want to think twice before a situation where someone could request access to your machines. So it’s essential to understand your rights to protect your data when crossing borders. Then you can take necessary precautions to prevent unwanted legal troubles.
Know your data privacy rights
There are several professions that would want to keep their data hidden from search: doctors, lawyers, scientists, government officials, and business people with access to sensitive data. You might as well want to protect your data just for the sake of it. Therefore, it is critical to understand what situations you may encounter and to plan ahead. Protecting your data when crossing borders is different than protecting your data or devices from home, as it’s a specific context.
First of all, it’s important to be aware that border agents have the right to search your electronic devices, just like they do with your luggage. When suspicious, they can even legally make a copy of them and/or detain them for a period of time.
Your rights at the border depend on whether or not you are a citizen of the country you enter. As a citizen, you will not be refused to enter, but your devices may be taken from you for some hours in case you refuse to collaborate. Failure to cooperate with agents can cause legal permanent residents to have their status scrutinized and possibly jeopardized. Travellers with a visa can be denied entry by agents. Non-citizens do not technically have to give up passwords or encryption keys. However, border agents have the right to refuse entry if you fail to cooperate.
Limit the data
If you don’t want to expose your passwords or data to border agents, your best bet is not to have access to this information on your devices. A good start is removing social media apps like Facebook, LinkedIn, and WhatsApp from your phone. You can easily re-download these apps once you are safely through the border crossing process.
If you use a password management app, which we recommend, you will genuinely not know your passwords. This kind of app stores lengthy and difficult to remember passwords for your various accounts. It uses a master password to access the others (alongside 2FA).
However, an agent could ask you for this master password, just like they could ask to access any app. In this case, it might be a good idea not to have these password management apps installed on your devices when crossing the border. You could therefore store the master password database (if it is not auto-synced with an online service) in a secure email service like Mailfence. In general, always avoid bad password habits.
Back up your data or bring a burner
As mentioned in our blog on protecting your device while travelling, a simple way to prevent your sensitive data is not to have any on the device.
For this reason, we recommend you back up your data and then wipe or perform a factory reset of your device before crossing the border. This Electronic Frontier Foundation (EFF) guide gives step-by-step instructions on wiping data from your computer. Ensure your data is back up in a secure cloud or a device you’re not travelling with.
Bear in mind that a wiped device may cause the border agent to be suspicious. If you decide to take this risk, then the best method is ‘secure formatting’. This means that your hard drive is first wiped and then overwritten. This method ensures that authorities cannot use special software to recover files deleted in a quick format.
Remember that anything stored on Google’s Cloud services will remain when you perform a factory reset.
Some security-conscious travellers also use a ‘burner’ phone or laptop. An added advantage is that should your device get lost or stolen in transit it’s much cheaper to replace than a top-of-the-line iPhone or MacBook Pro.
Encrypt your files on the cloud
Keeping sensitive files off your local device is a great way to protect your data when crossing borders. However, there are some extra precautions you should take when using cloud-based file storage. Services such as boxcryptor, Cryptomator, or Sookasa offer an extra level of security by encrypting files that are placed into specially-designated folders. It means that you can reduce the risk of someone accessing sensitive data, even in case of compromised cloud accounts.
Last but not least
Remember that only citizens are exempt from requirements to reveal data or passwords without potentially serious consequences. For everyone else, following the steps in this article should protect you from exposing sensitive data to border agents. If you think your rights were violated, the EFF is here to assist. If you want to file a complaint, remember to write down any necessary information, such as the agents’ names.
Finally, remember that these individuals are just doing their jobs. So being polite, honest, and straightforward is the best way to handle interactions with border agents and to avoid potentially sticky situations.
– Mailfence Team