All in all, it\u2019s very stressful, especially after a long international flight, when you\u2019re eager to get out of the airport as fast as possible. But that doesn\u2019t mean you have to give up your privacy right away. A better way would be to prepare in advance, and that\u2019s exactly what this post is about.<\/p>\n
2. Digital searches never happen at first-line check<\/h3>\n
The border agent you see first thing on arrival does a so-called first-line check. If everything seems all right, you\u2019re allowed entry and that\u2019s that. But if something about you looks suspicious, the agent will send you to the second-line check \u2014 and this is where your property, including digital devices, may be searched.<\/p>\n
Therefore, if you want to avoid digital searches (as well as other searches) it\u2019s a good idea to avoid second-line checks. Of course, it\u2019s not totally up to you, but at least you can do your best not to look suspicious. Some typical triggers that may cause a secondary check are:<\/p>\n
- \n
- Communication difficulties;<\/li>\n
- Irregularities in documentation;<\/li>\n
- Database signals or database mismatches with your paper documents (for example, the wrong dates or a different spelling of your name on your travel visa).<\/li>\n<\/ul>\n
So before traveling, make sure your documents are in order. Prepare to show the border agent any additional papers you may be asked for (return tickets, hotel bookings, and such). At the border, be polite, calm, confident, and ready to explain where you are going and why, when you\u2019re planning to return home, and so on.<\/p>\n
3. Digital searches don\u2019t happen very often<\/h3>\n
Even if you are sent to second-line check, that doesn\u2019t necessarily mean your devices will be searched. Numbers vary greatly for the largest European airports, from just 7% at Frankfurt to 48% at Paris Charles de Gaulle. In any case, there\u2019s a good chance that second-line screening will be limited to an interview and an additional documents check.<\/p>\n
All in all, although the number of digital searches is steadily increasing, they still don\u2019t happen very often. For example, in the US, the number of media searches at borders has grown from 4,764 in 2015 to 23,877 in 2016 and an estimated 30,000 in 2017, but that\u2019s out of about 400 million total border crossings per year, or about 1 in 13,000.<\/p>\n
4. Lying to border agents is not recommended \u2014 and don\u2019t even think about getting physical<\/h3>\n
Lying to border agents is a crime in most countries. Probably not something to try. On top of that, if you\u2019re exposed in a lie, the odds of your device being searched skyrocket. With that said, the lie that you can\u2019t unlock your phone because you forgot your password is not a particularly clever or original one.<\/p>\n
Trying to interfere physically with border agents searching through your stuff is probably the worst course of action: They are well trained, and the consequences would not be nice.<\/p>\n
5. Agents may have some tricks up their sleeves<\/h3>\n
Border agents may have special equipment for quick and effective extraction of data from mobile devices. The most notable examples are devices made by Cellebrite that can extract even deleted information. At least in some cases, this equipment can extract data even from locked devices.<\/p>
![\"\"](\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2018\/01\/23074757\/Cellebrite-UFED-data-dump-main-page.png\")
<\/a>Note that Cellebrite software shows even deleted entries from a phone\u2019s call history, contacts, text messages, and so on<\/p><\/div>\n
6. Fingerprints are weaker than passwords<\/h3>\n
Passwords are somewhat protected by the right to remain silent (not ultimate protection, but it\u2019s better than nothing), but fingerprints are not. Therefore, it\u2019s easier for border agents to order you to unlock a fingerprint-protected device than a password-protected one.<\/p>\n
Moreover, border agents don\u2019t actually have to ask for your fingerprint: They can just grab your finger and unlock your device. Additionally \u2014 although this is extraordinarily unlikely for the average traveler \u2014 if they have your fingerprints in a database, they can unlock your devices with a forged copy.<\/p>\n
The best way to ensure that won\u2019t happen is this: Enable Full Disk Encryption (FDE) in your operating system and switch off the device before you get to the border. You will be prompted to enter your password when you switch on the device, even if you normally use a fingerprint to unlock the screen. And using FDE is a good practice anyway.<\/p>\n
7. People who are searched should document everything \u2014 and change their passwords<\/h3>\n
If you\u2019re searched, write down every detail: what agencies were involved, the names of the agents, badge numbers, what you were ordered to do, and so on. If any of your property is seized, get a receipt.<\/p>\n
After the encounter, immediately change any passwords you gave up to border agents. A good password manager<\/a> can make this part a lot easier for you by creating strong, random passwords and storing them for you.<\/p>\n
8. Cloud data is probably better protected than local data<\/h3>\n
Nowadays, we are used to privacy being ruined on a daily basis by government agencies sniffing around the cloud while not doing much to data stored locally on your devices. But when you\u2019re crossing a border, data in the cloud is likely to be better protected than data stored in device memory. At least, that\u2019s the case in the US. Border agents can search your device and data stored on it, but they don\u2019t have the right to search your data stored in the cloud.<\/p>\n
9. Work devices probably fall under employer policies<\/h3>\n
Find out if your employer is OK with you taking your work devices over a border \u2014 and with the possible consequences of a digital search. Make sure you bear no responsibility in case such consequences, which could include corporate data loss or a data leak, take place. Consider leaving work devices at work if you don\u2019t really need them with you.<\/p>\n
10. The best solution is not to bring your devices or data<\/h3>\n
Consider leaving behind not only your work devices, but personal devices as well. If you don\u2019t have the devices on you, there\u2019s nothing to search. However, having no devices at all can look very suspicious to border agents, so one solution would be to bring temporary devices.<\/p>\n
The same goes for your data: Don\u2019t bring it with you if you don\u2019t really need it. Store the data in the cloud, but do so securely: Either use cloud storage that supports client-side encryption (unfortunately, most popular service providers do not, but we have a guide on the services that do<\/a>) or encrypt the data before uploading.<\/p>\n
11. Data safety is never guaranteed<\/h3>\n
Back up all of your data before traveling. Use strong passwords for every service or app and log out of the services before crossing any borders. It should go without saying that you need to protect your devices\u2019 operating systems with good passwords as well. As a bonus, these measures will help you if your device gets stolen which is more likely when you travel than at home.<\/p>\n
Delete any data that you don\u2019t need or that might raise questions at your destination (photos that might not matter at home but would be problematic in other countries, for example \u2014 showing a lot of skin, say, or drug use). Keep in mind that when you simply delete files, they are not really erased from the disk, so delete data securely.<\/p>\n
Deleting files securely is quite easy on laptops \u2014 you have plenty of options here, including plain and simple disk formatting (but keep in mind that you have to perform a \u201clow-level format,\u201d not a \u201cquick format\u201d), or special utilities that are available for all desktop operating systems. For example, BleachBit<\/a> wipes files and can clean browser and recent document history as well as somewhat obscure things like thumbnails (yep, these tiny previews of your files can persist even after the files are deleted).<\/p>\n
Secure deletion on mobile devices is a lot trickier, but still possible: Enable Full Disk Encryption and then wipe the encryption keys, making data nondecryptable. This operation is built into factory reset in iOS and in the \u201cpower wash\u201d function on Chromebooks (unfortunately, it\u2019s not available in Android).<\/p>\n
To learn more, I recommend watching the whole talk by Kurt Opsahl and Daniel Wegemer. It contains a lot of additional nuance, both legal and technical.<\/p>\n