How to protect your phone and data privacy at U.S. Customs

Sen. Ron Wyden (D-Ore.) wrote a letter Sept. 15 urging CBP commissioners to stop “indiscriminate searches of Americans’ private records without suspicion of a crime.”

Customs officials have copied masses of telephone data from Americans

It’s unclear how much federal agents can use the copied data because there are few sensible safeguards in place, said Saira Hussain, an attorney for privacy rights with the nonprofit Electronic Frontier Foundation.

Hussain has argued in court that the CBP’s current data collection practices violate the constitutional protections of Americans. Based on their interviews with searchers, agents often profile people from Muslim or neighboring Muslim communities, she said, but these searches affect people from “all walks of life.”

“You don’t have to have committed a crime to want to keep some parts of your life secret from the interference of government agents,” said Nathan Freed Wessler, associate project director of the Speech, Privacy, and Technology Project at the American Civil Liberties Union. “It can be medical diagnoses, mental health issues, romantic associations, information about our children, and much more.”

A CBP spokesman said in a statement that the agency searches devices “in accordance with legal and regulatory authorities,” and that its policies ensure each search is “conducted prudently, responsibly, and consistent with public confidence.”

Aren’t you keen on making your contacts, call logs, and messages available to potentially thousands of government-employed strangers? Here’s what you can do before reaching customs:

Unlike other law enforcement agencies, border agencies do not require a search warrant to search your device. They can conduct a simple search — where they’ll scroll through your device and examine text, photos, or anything else they can easily access — even if they don’t suspect you of wrongdoing. But if an agent suspects you pose a “national security problem,” they can conduct an advanced search using a digital forensics tool to copy the data from your device.

How you prepare to cross the border with your devices depends on the risks you are willing to tolerate, said Nathan Freed Wessler, deputy project manager for the Speech, Privacy, and Technology Project at the American Civil Liberties Union.

If you’re more worried about agents going through your messages and photos in a simple search, removing files from your device would do the trick. If you’re a political dissident, human rights activist, journalist, or anyone else who wants to avoid government surveillance or encroachment, your focus will likely be on preventing agents from accessing your device in the first place.

If you are an American citizen, you can refuse to unlock your devices to CBP agents and still enter the country. (This may not be clear from the fact sheet agents are supposed to give you during the search, which says the process is “mandatory.”)

If you refuse to cooperate, CBP can keep your device. It said detention should generally last no more than five days, but Hussain said she spoke to people who haven’t had their devices returned for months.

Non-citizens, on the other hand, are not guaranteed entry if they refuse to unlock their devices.

Travel with few devices and switch them off beforehand

The fewer devices you take with you, the fewer search options there are, according to Wessler. Consider using a separate phone or laptop for travel without storing sensitive data.

How to avoid spam and data breaches with disposable numbers, email addresses and credit cards

Turn off devices before going through customs. This protects against advanced search tools that could bypass the lock screen on devices that stay on, according to EFF.

Encrypted data is encrypted into a format unreadable by anyone who doesn’t have the code – in this case, a password. iOS, Android, Windows and macOS all have built-in full device encryption options.

Most modern smartphones are encrypted by default (make sure to lock your device). Here are general instructions for Windows and macOS.

The quickest ways to unlock your device — like face recognition or a weak passcode — are also the least secure. If you decline to unlock your device for a search, CBP can attempt to unlock it itself, Wessler said. A strong password with letters and numbers or a passcode with at least six digits makes this difficult.

The ultimate guide to strong passwords

CBP policies instruct agents to only review the data stored on your device itself — not all the information that apps like Facebook and Gmail send to the cloud. If you agree to a search and put your device in flight mode, the inspection will be limited to what is saved or cached.

You can move your data to a cloud storage provider like iCloud, Google, or Microsoft OneDrive and then erase or factory reset your device. This would protect your data from a simple visual search. But beware: most file deletion methods leave traces that a forensic search would uncover. Additionally, going through customs with an empty device could raise suspicion and make you more likely to be targeted, Hussain said.

If you have sensitive photos, messages, or other data on your device that are easily visible, move them to a private place, such as your B. in a hidden or password-protected folder. (I beg you not to accidentally show files to a customs officer—or anyone else. Here’s how to hide them.)

Consider where you enter the country

Different states have different laws governing what CBP can inspect at US points of entry. In Arizona, for example, CBP can only search devices without a warrant if they are looking for specific digital contraband. If you want to protect your privacy, it might be worth flying to a state with tighter limits on CBP.