Travel

Tech Security While Crossing Borders
Planning Ahead: Before Your Trip 
 Minimize What You Carry 
 
 Leave devices at home when possible - border agents cannot search what you don't bring 
 Use a temporary "travel" device with minimal data loaded on it 
 Remove sensitive information from devices you must bring 
 Consider which apps you actually need - fewer is better 
 
 Backup Everything 
 
 Make complete backups of all devices to encrypted storage (leave at home) 
 Ensure cloud backups are current and accessible remotely after crossing 
 Document device serial numbers for insurance/tracking purposes 
 Remember: You may need to factory reset devices, so backups are critical 
 
 Protect Data You Carry Over the Border 
 Encryption (Most Important) 
 
 Use full-disk encryption on all devices (FileVault for Mac, BitLocker for Windows, built-in for iOS/Android) 
 Encryption makes data unreadable without your password 
 Create a strong password for your devices: Use 4-6 random words or a long passphrase (12+ characters) 
 Do NOT rely on biometric locks alone (fingerprint, Face ID) - use strong passwords or PINs 
 
 Power Off Your Devices 
 
 Turn off all devices completely before reaching the border (don't just sleep/lock them) 
 This protects against sophisticated attacks that only work on powered-on devices 
 Powering off also forces password entry rather than biometric unlock 
 
 Additional Preparations 
 
 Log out of cloud services and apps you won't need during travel 
 Clear browser history and remove saved passwords 
 Consider temporarily uninstall messaging apps 
 Consider making social media profiles temporarily private 
 
 At the Border: Know Your Rights 
 Your Legal Status Matters 
 U.S. Citizens: 
 
 Cannot be denied entry to the U.S. for refusing to unlock devices or provide passwords 
 However, refusal may result in device seizure, extensive questioning, and significant delays 
 You have the right to remain silent and cannot be compelled to answer questions about religion or political beliefs 
 
 Lawful Permanent Residents (Green Card Holders): 
 
 Generally cannot be denied re-entry for refusing to unlock devices 
 However, agents may raise questions about your continued status as a resident 
 Do not give up your green card voluntarily 
 
 Foreign Visitors (Visa/VWP travelers): 
 
 May be denied entry for refusing to unlock devices or provide passwords 
 Face the highest risk of consequences for non-compliance 
 Should carefully weigh risks before traveling with sensitive data 
 
 What Border Agents Can Do 
 Legal Authority: 
 
 Border agents claim authority to search electronic devices without any suspicion 
 They can demand that you unlock devices, provide passwords, or disclose social media information 
 They can seize devices for extended examination (days, weeks, or months) 
 
 Important Legal Developments: 
 
 A 2019 federal court ruled that suspicionless searches of electronic devices may be unconstitutional 
 However, current CBP policy still allows searches without individualized suspicion 
 Legal protections continue to evolve - this is contested territory 
 
 If Asked to Unlock Your Device 
 Basic Rules for Everyone: 
 
 Stay calm and respectful - getting emotional may escalate the situation 
 Do not lie - lying to federal agents is a federal crime 
 Do not physically interfere - comply with demands to hand over devices 
 Document everything - try to note agent names, badge numbers, and what was accessed 
 
 Your Options: 
 Option 1: Comply 
 
 If you unlock your device, agents can search all content and make copies 
 Consider stating you are complying "under protest and without consent" 
 Request that searches be conducted in front of a supervisor 
 
 Option 2: Decline 
 
 Politely ask whether they are ordering or requesting you unlock the device 
 If it's a request, you can decline 
 If it's an order and you refuse:
 
 U.S. Citizens: May face device seizure, delays, additional questioning, but cannot be denied entry 
 LPRs: Similar to citizens, but may face immigration status questions 
 Foreign visitors: May be denied entry to the U.S. 
 
 
 
 If Your Device is Seized: 
 
 Request a receipt (Customs Form 6051D) documenting what was taken 
 Ask when you can expect the device to be returned 
 Do not expect quick return - devices may be held for months 
 
 Special Considerations 
 Attorney-Client Privilege: 
 
 If you're an attorney carrying privileged communications, inform agents 
 CBP policy requires agents to consult their legal office before searching privileged materials 
 However, this is not a complete protection 
 
 Journalists: 
 
 Protecting confidential sources is critical 
 Consider not traveling with sensitive source information 
 Document any attempts to access source materials 
 
 Cloud Data: 
 
 CBP policy (as of 2017) states agents should only search data "physically resident on the device" 
 They should not use your device to access cloud content 
 However, enforcement of this policy is unclear 
 If asked for cloud account passwords, you can decline (but face consequences noted above) 
 
 Social Media: 
 
 Border agents may ask for social media identifiers/handles 
 They may ask to see social media content on your phone 
 Foreign visitors on Visa Waiver Program are asked to "voluntarily" provide social media identifiers 
 
 After Crossing: Post-Travel Security 
 Immediate Actions 
 
 Change all passwords if you unlocked devices for border agents or provided passwords 
 Review account activity logs for unauthorized access 
 Check devices for new apps, configuration changes, or suspicious files 
 Enable 2FA if it was disabled for travel 
 
 Device Inspection 
 
 Consider devices potentially compromised if seized or extensively searched 
 Have IT staff conduct security inspection if you have organizational support 
 For highly sensitive situations, wipe device and restore from backup 
 
 Documentation and Reporting 
 
 Write down everything that happened as soon as possible 
 Note all agents involved (names, badge numbers, agencies) 
 If your rights were violated, contact: 
 
 EFF at borders@eff.org 
 ACLU for civil rights complaints: https://www.dhs.gov/file-civil-rights-complaint 
 Your organization's legal counsel 
 
 
 
 High-Risk Travelers: Special Precautions 
 Journalists, Attorneys, Healthcare Workers, Activists: 
 
 You have professional obligations to protect confidential information 
 Strongest protection: Don't bring sensitive data across the border 
 Access via secure cloud connection after clearing border 
 Use burner devices with minimal/no sensitive data 
 Ship devices separately (though they can still be searched) 
 
 Organizations Should: 
 
 Establish clear travel security policies 
 Identify which roles require burner devices 
 Provide temporary travel devices when needed 
 Create protocols for accessing sensitive data remotely after crossing 
 Have incident response procedures for device seizures 
 
 Resources 
 Official Guides: 
 
 EFF's Digital Privacy at the U.S. Border: https://www.eff.org/wp/digital-privacy-us-border-2017 
 ACLU Know Your Rights: https://www.aclu.org/know-your-rights/what-do-when-encountering-law-enforcement-airports-and-other-ports-entry-us 
 
 Tools and Services: 
 
 Full-disk encryption: FileVault (Mac), BitLocker (Windows), built-in (iOS/Android) 
 Password managers: 1Password, Bitwarden 
 Secure deletion tools: See EFF's Surveillance Self-Defense guide 
 Cloud storage: Consider services with client-side encryption like Tresorit 
 
 File Complaints: 
 
 CBP: https://www.cbp.gov/contact/ports 
 DHS Office of Civil Rights and Civil Liberties: https://www.dhs.gov/file-civil-rights-complaint 
 Traveler Redress Inquiry Program (TRIP) if you believe you're on a watchlist: https://www.dhs.gov/dhs-trip