How to keep your data safe when travelling
Getting on a plane? Turn on 2FA and consider picking up a Chromebook
It's wise to enable two-factor authentication where available, making it harder for someone to access your account if your handset is stolen or taken out of your sight for further examination by border control. "Even if somebody manages to steal your private password, you'll get a text notifying you when the thief tries to login from an unfamiliar phone or computer," noted Kessler. "It's easy to set this up and requires both your password and device to get access to your accounts."
Password managers are already a handy way to ensure you have strong credentials, but 1Password this year unveiled a Travel Mode, which removes your "vaults" from devices unless they're marked "safe for travel", according to Rick Fillion, from 1Password developer AgileBits, in a blog post.
Flip the mode on, and the rest of the data is removed; flip it off at your destination, and the disappeared vaults return. "Your vaults aren't just hidden; they're completely removed from your devices as long as Travel Mode is on," he said. "That includes every item and all your encryption keys. There are no traces left for anyone to find. So even if you're asked to unlock 1Password by someone at the border, there's no way for them to tell that Travel Mode is even enabled."
If you're worried about physical tampering to your device when it's checked in your luggage, being examined by border control, or by hackers who have snuck into your hotel room when you're indulging in a buffet breakfast you can place seals or stickers on ports and screws. One technique, described in Wired, is to use glitter nail polish, as it creates a seal with a random pattern. Just snap a photo before you go, and another when you return; flip between them to see if anything has changed.
Pack light
If there's an app you don't want the US (or other) authorities gaining access to, delete it from your phone don't forget that encrypted apps will still reveal your messages if the app itself is opened.
Don't want to flag your digital security nous? Temporarily delete Signal. Use a dating app and going to a country with homophobic government? Remove Grindr from your phone. Don't forget to clear your browser, as it will store your login details and browsing history, too. If you travel frequently, consider picking up a secondary handset, purely for travel.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
Another option is to leave the phone at home, mail it to your destination, or pack it in a checked bag (where it may still be spotted and searched), but the mere absence of such a device may raise questions.
Rather than bring your personal laptop or a work one fully loaded with your business' valuable information, ask IT if there's a spare you can wipe clean and carry empty, accessing the data you need over the (secured, naturally) network. A Chromebook is particularly handy for this, assuming you'll have sturdy internet wherever you land. "Chromebooks minimise the data stored on the device itself and are particularly easy to clear or reset," the EFF noted.
Shifting data from your hard drive to the cloud can add a layer of protection, but border agents can simply ask for your login credentials, and if you say no you could be refused access to the country in question. However, travelling with an easy to wipe device, cheap device such as Chromebook is helpful if you are forced to check your laptop, reducing concerns of unauthorised access and theft.
What to do at the border
Crossing into the US, border control agents can ask you to unlock your device or tell them your passwords.
Some have suggested complicated answers. Reset your password to something you don't know, and send it to someone else, such as a friend or lawyer. Or, lock down devices with two-factor authentication, and mail your SIM to your final destination, so that when Google et al send through your unlock codes, you won't have them. Such approaches may have the effect of making you look more suspicious, and may not go down so well with border staff, so consider them at your own risk.
"Your response to this dilemma may vary according to your risk assessment," noted the EFF. "However, all travelers should stay calm and respectful, should not lie to border agents or physically obstruct them, and should plan for this dilemma ahead of time. Try to document or politely ask for the names, badge numbers, and agencies of the government officers you interact with." If you do think border agents overstepped the mark, write it all down and email borders@eff.org.
The EFF suggests deciding how you'll react to a demand for your password or to unlock a device before you get to any border. Do remember that it's a crime to lie to a US border agent, so if they ask if you use Twitter, it may not be worth being denied entry and facing arrest.
Border guards may ask for your consent in a vague way to avoid confrontation. "You can try to dispel this ambiguity by inquiring whether border agents are asking you or ordering you to unlock your device, provide your device password, or disclose your social media information," the EFF notes. "If an agent says it is a request only, you might politely but firmly decline to comply with the request." If it's not a request and you don't want to unlock your device but decide to comply to get on with your day, state that you comply "under protest", which will help make any future legal challenge more clear. And if you have handed over passwords, change them immediately to limit the amount of time the government has access to your accounts and data.
Main image credit: Bigstock