Y0ur P@ssw0rd S*cks is a bi-weekly column that answers the most pressing internet security questions web_crawlr readers have to make sure they can navigate the ‘net safely. If you want to get this column a day before we publish it, subscribe to web_crawlr, where you’ll get the daily scoop of internet culture delivered straight to your inbox.
Welcome to Your Password Sucks, the Daily Dot newsletter that answers all your internet security-related questions.
Today, we’ll discuss how you can protect the data on your cell phone when traveling, specifically when going through U.S. airports.
If you’ve been paying attention to the headlines as of late, you’ll know that there have been high-profile incidents where people critical of President Donald Trump have had their devices seized.
In one example from March, a French scientist was denied entry to the U.S. after border agents found WhatsApp messages condemning the president’s policies regarding scientific research on his phone.
Such searches aren’t new, and U.S. customs officials have been able to go through travelers’ devices without a warrant for years. But many fear the Trump administration could expand the practice, and that anyone could become a target during his tenure.
So, what can you do?
How to protect your sensitive data from border agents
These tips, which can be used at any border crossing, range from simple to advanced. Ultimately, the specific threats you face should help dictate how far you’re willing to go.
For starters, let’s discuss some basic phone security. When getting ready to cross a border, you should switch your phone over to a pin or passcode and disable biometrics such as fingerprints or FaceID.
Law enforcement can compel you to unlock a phone with your face, but can’t force you to put in your password. Keep in mind, you can be denied entry to the country if you are a non-citizen who refuses to comply.
And although your phone, if off, could easily be turned back on by border agents, it’s still smart to encrypt your device. Most modern phones do this automatically during setup, but you can check that encryption is enabled just to make sure.
The final pre-travel step I would suggest is to disable USB data transfer on your phone, so when a USB cord is plugged in, all it will do is charge your device. Instructions for iPhone and Android can be found here. Border agents have been known to seize phones and download the data off them, so this could help thwart their efforts in some instances.
Of course, they’ll try to get you to unlock your phone first. But if you’ve already refused to do so, keeping your phone locked may help protect it further. That being said, if you are not a U.S. citizen, you can be denied entry to the country. If you are a U.S. citizen and refuse, you could be detained for longer or have your device seized for an unknown amount of time, disrupting your travel plans.
The best plan is to travel with as little data as possible
Knowing all of this, the best bet when going through the airport is to have as little data as possible. This can be done in a number of ways. Firstly, you can simply uninstall any apps that may contain information from your phone when traveling and reinstall them when safe.
Now, you may think that you could simply back up all your phone’s content to the cloud and factory reset it before traveling. But such a move is ill-advised, as entering a country with a blank device could raise even more suspicion. Another option is to get yourself a dedicated phone for traveling that only contains the bare minimum, although this may not be practical for many. It could also look suspicious if the phone has no texts or other common data.
Still, you can delete or back up at least some sensitive information to the cloud and remove it from your phone to be safe.
Phone profiles
If you have an Android, there is an easier option: Profiles.
Many modern Android phones––you’ll have to search online to see if yours applies––have a feature that lets you run multiple phones within your phone. This means each profile can have its own password, apps, and settings.
Using this feature, you could set up a profile specifically for travel that only shows basic apps. This way, if you end up needing to let border agents search your phone so you don’t get denied entry or held up, you can show them just the travel profile.
Personally, I’m a big fan of GrapheneOS. It’s an ultra-secure operating system that can be installed for free on Pixel devices. It has a ton of security and privacy features out of the box that no other phone does, and it utilizes the multiple profile feature.
However, this feature comes with risks. The Electronic Frontier Foundation (EFF) says actions that could be seen as attempts to hide data could make your situation worse.
“There is a significant risk that border agents could view deliberately hiding data from them as illegal,” the organization says. “Lying to border agents can be a serious crime, and the agents may take a very broad view of what constitutes lying. We urge travelers to take that risk very seriously.”
And by the way, if your device is ever taken, or if you feel your rights were violated, you may want to seek legal counsel. The EFF is one option (borders@eff.org). Either way, you may need to take certain steps if your phone is taken to ensure your data is still safe.
Again, you can always refuse searches and refuse to speak, but keep in mind the potential consequences concerning your travel.
And remember, if border agents want to, they can see which apps were previously installed on your phone. They may also check places you forgot about, such as the “recently deleted” folder in iMessage.
Keeping all this in mind, how far you go and what steps you take will be your choice and depend largely on the threats you face. Are you a human rights worker or prominent activist? Then you may need to implement stronger precautions than others.
Beyond that, don’t forget to make your social media profiles private well ahead of travel if you have concerns over what you’ve posted.
Thankfully, most people, at least at the moment, will not have to deal with such intrusive searches. But if you want to be prepared, it won’t hurt to take some of these steps.
The internet is chaotic—but we’ll break it down for you in one daily email. Sign up for the Daily Dot’s web_crawlr newsletter here to get the best (and worst) of the internet straight into your inbox.
