EFF’s Guide to Protecting Electronic Devices and Data at the U.S. Border

Store the information you need somewhere else, then download it when you reach your destination. Store your confidential data on your employer’s servers or with a third party. Then take a clean device on your trip, download the information you need when you’ve reached your destination, and securely delete the files from your device before you return home.

This approach doesn’t offer absolute protection for the data you’ve stored elsewhere. The FISA Amendments Act of 2008 loosened the requirements for government surveillance of people reasonably believed to be located outside the United States, so international communications can now be monitored without a warrant. Furthermore, law enforcement officers can access communications stored by third-party providers through the Electronic Communications Privacy Act as long as they have appropriate legal process, which might not be more than a subpoena in certain circumstances.

If your goal is to keep border agents from perusing vacation photos on your camera, storing your files with a third-party service and then deleting them from your device might be fine. (Note, however, that deleted images on a camera, if not actively overwritten, can be easily undeleted, just like other kinds of computer files.) But if you’re concerned about government access to confidential business email, encrypting your data is a more effective solution. Also use an encrypted VPN, and/or SSH or HTTPS, to send and receive communications and other data while abroad.

Protect the data on your devices with passwords. Many devices such as laptops and phones give you the option to set a password, numeric PIN, pattern or other authentication method to control access to your data. Take advantage of this security feature to give your data a little more protection.

As with encryption keys, border agents can’t force you to turn over passwords. However, researchers have demonstrated flaws that make it easy to get around iPhone passcodes, and Android patterns are often not hard to identify. And, as we discuss below, user-account passwords, if not combined with encryption, can always be bypassed by simply removing the hard drive and putting it in another machine.

You might also consider creating separate password-protected user accounts on your laptop for your personal data and work data. Then you can allow a border agent to examine your own account, while storing client data or trade secrets in a separate account controlled by your employer. Your employer might disclose the password for this account to you only after you reach your destination.

Under certain circumstances, a border agent might be satisfied to take a look at your personal data. But simply storing confidential information in a separate password-protected account will not absolutely shield that data from government scrutiny. Many forensic search tools can access and search unencrypted data in every account on a machine, even if you yourself don’t know the passwords to log in to those accounts or don’t have administrative privileges on the machine. An agent can use these tools, for instance, by taking the hard drive out of your machine and putting it in their investigative machine. This allows reading the data right off the disk, regardless of the file and account permissions in your operating system. Don’t rely on passwords to be your only form of security — encryption is still critically important to protect the information stored on a device.

For more thoughts on protecting data at the border, see Wired’s wiki on how to protect data during border searches, Declan McCullagh’s Security Guide to Customs-Proofing Your Laptop, and Chris Soghoian’s Guide to Safe International Data Transport.

This guide was written by Marcia Hofmann and originally published at the Electronic Frontier Foundation.

Related Posts

The most important work for freedom that this culture has seen in generations "The Free Software Foundation and Richard Stallman's work represents the most important work for freedom that this culture, the American culture, has ...
Join EFF in Standing up Against Internet Censorship Over the past few weeks, we here at EFF have watched as whistleblowing website WikiLeaks has fueled an emotionally charged debate about the secrecy ...
Android Malware DroidDream: How it Works Yesterday, Google pulled more than 50 apps from the Android Market after they were found to contain the Android malware dubbed DroidDream. Similar to...
MasterCard’s Support for COICA Threatens A Free And Open Internet In the last months of 2010, the WikiLeaks wars reminded transparency activists of something copyright and trademark lawyers know all too well – online...
Location, Location, Location: Three Recent Court Controversies on Cell Phone & GPS Tr... Welcome to the 21st century, where we all carry tracking devices in our pockets and where one morning you might find an FBI-installed GPS tracking dev...
“Who Has Your Back?” In Depth: Which Companies Promise To Tell Users About Gov... EFF recently launched a campaign calling on companies to stand with their users when the government comes looking for data. (If you haven’t done so...

We Recommend These Vendors and Free Offers

ContainerizeThis 2016 is a free, 2-day conference for all things containers and big data. Featured, will be presentations and free, hands-on workshops. Learn more at ContainerizeThis.com

Launch an SSD VPS in Europe, USA, Asia & Australia on Vultr's KVM-based Cloud platform starting at $5:00/month (15 GB SSD, 768 MB of RAM).

Deploy an SSD Cloud server in 55 seconds on DigitalOcean. Built for developers and starting at $5:00/month (20 GB SSD, 512 MB of RAM).

Want to become an expert ethical hacker and penetration tester? Request your free video training course of Online Penetration Testing and Ethical Hacking

Whether you're new to Linux or are a Linux guru, you can learn a lot more about the Linux kernel by requesting your free ebook of Linux Kernel In A Nutshell.

One Comment

  1. Pingback: Tweets that mention EFF’s Guide to Protecting Electronic Devices and Data at the U.S. Border -- Topsy.com

Leave a Comment

Your email address will not be published. Required fields are marked *