As international travel resumes, travelers are facing increased scrutiny of their electronic devices at borders, particularly when entering the United States. The Canadian government recently issued a travel advisory warning that U.S. border agents have the right to search electronic devices without needing to provide a reason. This has raised concerns about privacy, especially following incidents such as that of a Brown University professor who was deported to Lebanon after border agents discovered a photo of Hezbollah's leader on her phone.
Patricia Egger, head of security at Proton Mail, emphasizes the importance of minimizing the amount of information carried while traveling. She suggests that if possible, travelers should leave their phones at home or use a temporary device, often referred to as a "burner" device, which contains only essential information for the trip. Additionally, sensitive information should be uploaded to a cloud storage service that utilizes end-to-end encryption, and then deleted from the device.
To further protect their privacy, travelers are advised to encrypt their device's storage drive and secure it with a strong password. This is crucial, as a simple device passcode lock can be easily bypassed. Egger also recommends disabling fingerprint or facial recognition features in favor of using a PIN or passcode.
According to the U.S. Customs and Border Protection (CBP), there are two types of searches that can be conducted on electronic devices. A basic search involves an officer scrolling through photos, emails, apps, and files without any suspicion of wrongdoing. In contrast, an advanced search allows for the copying of a device's contents for analysis, but this requires a senior manager's approval and reasonable suspicion of a legal violation, except in cases concerning national security.
Sophia Cope, a senior staff attorney at the Electronic Frontier Foundation (EFF), highlights that warrants are not required for inspecting devices at the border. Last year, CBP agents conducted over 47,000 electronic device searches, a staggering increase from a decade ago. Cope notes that basic searches can be conducted randomly or based on a mere hunch, while travel history may also play a role in determining whether a device is searched.
Travelers are cautioned that border agents can also search devices at the request of other agencies, such as the FBI, or if they are linked to someone of interest, such as a journalist's source or a business associate.
To avoid complications, it is recommended that travelers power off their devices upon arrival at the border. Under current policy, U.S. border agents are only permitted to examine information stored directly on the device and not anything kept in the cloud. Therefore, if a device must remain on, it should be set to airplane mode to prevent remote files from being downloaded accidentally.
American citizens cannot be denied entry into the United States for refusing to consent to device searches. However, agents may make the process difficult, leading to questioning, temporary detention, or the seizure of devices that may not be returned for days or even weeks. Foreign travelers, on the other hand, could be turned back if they refuse to allow their devices to be searched.
If forced to unlock a device, Egger advises travelers to log in themselves rather than divulging any PINs or passwords. If compelled to share passwords, it is wise to change them as soon as possible.
Experts warn against using biometric features such as fingerprint or facial recognition, as these can be easily compelled by border agents. For instance, an agent could hold a phone up to a traveler's face or force them to press their finger onto the device. Additionally, there are concerns that police could use fingerprints stored in government databases.
Powering off devices is another recommended strategy to safeguard against sophisticated attacks if a traveler does not consent to a search. Many modern phones and laptops encrypt their data using strong cryptographic keys that are only accessible when the device is unlocked with the passcode. If the device is locked but not turned off, the key remains loaded in the device's memory, making it vulnerable to hacking tools. However, if the device is powered off, the key is unloaded and cannot be accessed until it is turned on and unlocked.
Travelers are also advised to delete social media apps prior to their journey. Although content is primarily stored on the servers of social media companies, some posts or images may remain cached on the device and could be viewable even in airplane mode.
It is important to note that not only phones and laptops can be searched; digital cameras, smartwatches, tablets, and external hard drives are also subject to inspection. However, experts caution against completely wiping a device's hard drive before traveling, as this could raise suspicion among border agents.
Lastly, travelers are advised not to attempt to hide information on their devices, as this could be construed as lying, which is considered a serious offense. It is also essential to check local laws regarding device searches at borders. For instance, in Britain, police can demand that individuals hand over devices and passwords, and refusal can lead to terrorism charges.
As travelers prepare for their journeys, understanding the potential risks associated with electronic device searches at borders is crucial. By taking proactive measures to safeguard their privacy, individuals can navigate the complexities of international travel with greater confidence.
