Advertisement

SKIP ADVERTISEMENT

Tech Fix

Crossing the Border? Here’s How to Safeguard Your Data From Searches

Credit...Minh Uong/The New York Times

Travelers, beware: When you take your gadgets abroad, maintaining the security of the data on your devices is just as important as protecting yourself from muggers.

For whatever reason, foreign and domestic governments may have an interest in your personal data, including your social media accounts.

This is not just theoretical. Several travelers, including American citizens like Haisam Elsharkawi, were recently pressured into giving officers from the United States Customs and Border Protection access to their cellphones at the airport.

Some travelers now face additional privacy risks because of a new regulation that separates them from their computing equipment. This week, the Department of Homeland Security announced that passengers traveling from eight majority-Muslim countries to the United States could not bring devices larger than cellphones onto planes. So computers, tablets and other devices will have to be stowed in checked luggage.

Legally, citizens are not required to unlock their cellphones or share their passwords with United States government officials. But rules may vary depending on where you are traveling to and from. And any stopping by a government official can be inconvenient, and even intimidating.

What to do? There’s one thing all the experts agree on: Do not lie to government officials about your passwords or social media accounts.

“They’d make your life miserable if they found that out,” said Jeremiah Grossman, the head of security strategy for SentinelOne, a computer security company.

But there are methods for safeguarding your cellphones, tablets and computers from invasive searches, all while remaining honest. Here are some of the best tips, based on interviews with security and forensics specialists.

The best way to prevent your information from being searched is to travel with a device that never had any of your data in the first place.

It’s a wise idea to invest in a so-called travel device, a cheap smartphone or computer that you use only abroad: You don’t want your nice equipment to get lost or stolen while traveling, anyway, let alone searched by border agents. So leave your fancy equipment — along with your photo album, Facebook, Snapchat and Twitter apps — at home.

Which devices to buy? The Wirecutter, the product recommendations site owned by The New York Times, published a guide on budget Android phones, including the $100 Moto G4 Play that comes unlocked so that it can work with foreign SIM cards. For cheap computers, consider a $550 Acer laptop or a $430 Dell Chromebook.

Fingerprint sensors, like the ones found on many Apple and Android smartphones, are a nifty security feature for unlocking your phone quickly. But Jonathan Zdziarski, a security researcher who has taught forensics courses to law enforcement agencies on collecting data from smartphones, said your best bet when traveling was to turn the feature off.

Image
Outbound travelers waiting to pass through a security screening area in December at Reagan National Airport in Arlington, Va.Credit...Mark Wilson/Getty Images

That’s because in the United States, law enforcement agencies have successfully used warrants to compel people to unlock their cellphones with a fingerprint. But because of your right to remain silent, it would be tough (though not impossible) for the federal government to force you to share your passcode. So disabling your fingerprint sensor when traveling is generally a safer move.

The best way to protect your passwords is to not know them. When resisting a data frisk, it is easier to say you didn’t memorize your password as opposed to refusing to provide it to border agents, Mr. Grossman said.

“If you don’t know them it’s hard to compel you to give them over if you don’t know how,” he said. “Even if somebody put a gun to my head, I don’t know it.”

Password management apps like 1Password and LastPass can automatically create strong, lengthy passwords for all your online accounts and keep them stored in a vault that is accessible with one master password.

However, Mr. Grossman said you are better off traveling without your password management software loaded on your devices so that you won’t be asked to hand over the master password to your vault. You could store a copy of the password vault on a cloud service like Dropbox and get access to your vault of passwords when you reach your travel destination, he said.

An alternative to using a password-managing app is to write your passwords down and leave them with someone you trust. After getting through customs, contact that person and ask him or her to read off your passwords.

In the unlikely event that you are asked to provide a password to your email or social media account, having two-step verification enabled will act as an extra safeguard — assuming that you left your primary cellphone at home.

With two-step verification turned on, whenever you enter your password, you will receive a text message with a one-time code that you must enter before you can log in. Because the message containing the code would be sent to your phone at home, a customs agent wouldn’t be able to log in to your account even if you gave up your password.

Of course, two-step verification could make logging in to your accounts difficult for yourself if you left your primary cellphone at home. You could always leave your phone with someone you trust and contact them to ask for codes when you are trying to log in. However, it would generally be wiser to stay off your social media accounts while traveling to avoid leaving any traces of data on a burner device.

Whether you are using a burner device or your own, always make sure to lock down the system with encryption, which scrambles your data so it becomes indecipherable without the right key.

Desktop apps like BitLocker or Apple’s FileVault let you encrypt your hard drive, requiring a passphrase to decrypt your files. To avoid surrendering this passphrase, you could jot it down and hand it to a friend and contact that person for the passphrase after crossing the border.

When you’re traveling, at minimum you will need access to your address book and calendar, and you may also want to take some photos. But this is all sensitive information that border patrol agents could get their hands on.

Your best option is to back up your data to a cloud service and then wipe, or erase, all the data from your device before arriving at the border, Mr. Zdziarski said. After passing through customs, you could then restore your information from the online backup.

Email: brian.chen@nytimes.com; Twitter: @bxchen.

A version of this article appears in print on  , Section B, Page 6 of the New York edition with the headline: Protecting Your Data From Border Snoops. Order Reprints | Today’s Paper | Subscribe

Advertisement

SKIP ADVERTISEMENT