Privacy

Keep Your Data Safe From Snoopy Officials at the Border

|

If only they'd thought to encrypt their data.

It's summer and a holiday looms, which means a lot of people are traveling. And with those travelers goes any number of laptops, tablet computers, smart phones, flash drives and other widget-y repositories of important and often-private data. If you plan on going anywhere near an international border, get ready to share your information with officials — or even to hand your widgets over on indefinite loan for the perusing pleasure of those who protect us from whatever bogeymen the government is invoking at the moment. Fortunately, the Electronic Frontier Foundation has produced a handy guide that won't eliminate invasions of electronic privacy at the border, but might help you manage them.

Acording to the ACLU, which represents joint U.S.-French citizen Pascal Abidor in a lawsuit over border searches of electronic gear, "[b]etween October 1, 2008 and June 2, 2010, over 6,500 people — nearly 3,000 of them U.S. citizens — were subjected to a search of their electronic devices as they crossed U.S. borders." EFF points out that the feds can get away with this because:

Several federal courts have considered whether the government needs any suspicion of criminal activity to search a traveler's laptop at the U.S. border. Unfortunately, so far they have decided that the answer is no. Congress has also weighed several bills to protect travelers from suspicionless searches at the border, but none has yet passed.

For now, a border agent has the legal authority to search your electronic devices at the border even if she has no reason to think that you've done anything wrong.

In a printable, PDF-format guide for travelers, EFF advises two basic precautions:

  • Making regular backups, which ensures that your important information stays available to you if your computer is ever taken from you, lost, or destroyed. (If you don't have access to your computer, you'll still have access to your data.)
  • Encrypting the information on the computer, which ensures that your information stays confidential from other people whom you don't authorize to access it. (If you lose control of your computer, other people won't have access to your data.)

Cloud-based backups are discussed as a good tool for travelers, though the connections to the backup service should be encrypted. If the data is first encrypted before backing it up, it's especially secure. Very sensitive files can be backed up, completely deleted using special software before crossing the border, and then restored. That could avoid a confrontation with border officials who might demand a password as the price of keeping your property.

EFF also mentions scenarios in which a traveler mails a laptop ahead in order to avoid crossing the border with sensitive data on an electronic device, or travels with a wiped device after copying the data to storage devices and sending that along separately.

And, of course, software such as TrueCrypt can create hidden encrypted volumes on a hard drive that aren't apparent to most inspections.

Defending Privacy at the U.S. Border: A Guide for Travelers Carrying Digital Devices (PDF) doesn't contain any absolute solutions to the problem of snoopy border checkpoints, but it's worth looking at for anybody who has to cross an international border with sensitive data.

NEXT: Tim Cavanaugh on the Obama Administration's Stupidly Optimistic Predictions About Economic Recovery

Editor's Note: We invite comments and request that they be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of Reason.com or Reason Foundation. We reserve the right to delete any comment for any reason at any time. Report abuses.

  1. Don’t most people store their sensitive data on Facebook?

    I’m here all week.

    Personal OT Note: Seattle PD recovered my stolen shotgun. Keep and save your serial numbers, gentlemen. It can pay off.

    1. Or maybe your friendship with dunphy paid off.

    2. How the fuck did your shotgun get stolen? You probably just have it sitting in a closet and not a gun safe. Like me.

      1. Yep, pretty much. Had I purchased a safe, it would have not been anything that would have held a long gun and, unfortunately that safe would have been sitting “hidden” in a closet somewhere, and they would have just taken the safe.

        While I can purchase a safe, I’m not sure if I’ll be attaching the safe to anything– building it into the house structure, so the real issue keeping the guns hidden. There were places in the house (both times) the ne’r-do-wells didn’t go or look, so a new strategy of gun-securing/gun-hiding is going to take place.

        Lastly, I’ll be getting my carry license so in most cases, the gun will never be left in the home (speaking for the sidearms), it’ll be on my person.

        Tulpa: Dunphy will be delivering the shotgun back to me, sirens blazing with an escort of motorcycle cops. He will apologize, on behalf of police officers everywhere, for all the brutality and erroneously shot dogs. He will then pledge to transform the PD from the inside, working tirelessly to end corruption and brutality, wherever it may rear itself.

        1. SuperDunphy, away!

          You didn’t already have your carry permit? Dope.

          I don’t have a gun safe (me being an apartment dweller and all), so all my guns are in the closet (yes, my guns are gay, but they won’t admit it). Except for the one in my bedside table. And the one I carry. And the other one I carry sometimes. But I have multiple layers of security since I’m in an apartment building, so that makes me a little less nervous about it.

          1. You didn’t already have your carry permit? Dope.

            In Seattle, you have to register for your carry permit at the same desk you register as a sex offender. There’s no way I’m going there twice in one week.

            1. See, I did both at the same time. You know, Paul, I do this little thing called “thinking ahead”. Maybe you should try it.

  2. While no doubt they go through your laptops and other electronics, when I crossed back to the US from Germany they were by far most concerned with my DSLR Camera. They spent nearly 10 minutes going through all of my pictures before letting me back in.

    Though anyone who has a laptop that leaves the house and DOESN’T encrypt it deserves to have all their shit gone through…

    1. How did they even know you had one?

    2. Anyone who doesn’t take the card out of their DSLR deserves to have to wait ten minutes for some asshat to go through all of their pictures.

  3. My suggestion is having a “travel laptop”. Have it be a light, small laptop (that also means “cheap” if it gets confiscated) that you keep none of your files on, just apps; those go on an encrypted external hard drive that you keep in a separate part of your bag or even in checked luggage. They can inspect your laptop all day and find nothing. If they confiscate it, you shrug and buy another one. When you get to your destination, plug in the hard drive and you’re good to go.

      1. Way to NutraSweet the link, BP.

        How about this?

  4. Can’t they just ask require you to decrypt it?

    1. Yeah, wasn’t there a case recently where a woman was forced to enter her encryption software password?

      1. You give them the fake password which destroys the data!

        1. I’ll have to try to find the case. It was a judge who ordered her to either enter or turn over her password because the court was requiring her to turn over her data, and law enforcement’s brute force attempt at cracking it didn’t work.

          1. Yes, without looking it up I believe you are correct. And it was something that some of us predicted here a while back. That they don’t need to crack your shit, they’ll just throw your ass in jail until you give up the password.

            Never underestimate the government’s ability to regulate something by sheer force of will.

            1. What if you don’t have it? For instance, what if I encrypt 10^9 0s, then destroy the key?

              1. Destroying evidence? Along the lines of what Pauldot said, don’t underestimate the vindictiveness of prosecutors.

                1. Destroying evidence? Along the lines of what Pauldot said, don’t underestimate the vindictiveness of prosecutors.

                  Uhm, this on steroids. They used Sarbanes-Oxley to prosecute a guy for child porn. One of my old hat-tips: https://reason.com/blog/2011/07…..-with-sarb

    2. Can’t they just ask require you to decrypt it?

      TrueCrypt has what they call a “plausible deniability” feature that allows your files to remain hidden in the event that you’re forced to reveal your password.

      But to answer your question, I would THINK that unless they have a warrant, you can tell them to go suck a fat baby’s dick if they demand a password. Sure, you won’t get your laptop/thumb drive back, but they won’t get your files, either.
      http://www.truecrypt.org/docs/…..eniability

      1. There are two passwords for Truecrypt. One for the Outer layer (innocuous stuff) and one for an inner “hidden” layer for what you are really trying to hide.

        The inner area/hidden appear as random memory. Or so I hear.

  5. Is it true that if you wrap tinfoil around your US passport, it will keep it safe from electronic snooping?

Please to post comments

Comments are closed.