Protecting Electronic Devices and Stored Information from Customs Searches
#121
Join Date: Nov 2010
Posts: 580
So based upon the NBC article (http://www.nbcnews.com/news/us-news/...h-your-n732746), does this mean that things from one's phone's past are never really deleted, even with Apple phones? What if someone purchased a used phone--are they then responsible for everything that the past user may have done (their geographic coordinates, content on phone, etc)?
Thus there is no way for one to sterilize one's phone?
Thus there is no way for one to sterilize one's phone?
#122
Suspended
Join Date: Jul 2001
Location: Watchlisted by the prejudiced, en route to purgatory
Programs: Just Say No to Fleecing and Blacklisting
Posts: 102,095
The more extreme CBP goes, the more likely there will be opportunities for the government to see its power formally limited due to abuse of border crossing Americans getting to the courts.
Last edited by GUWonder; Mar 14, 2017 at 1:24 pm
#123
FlyerTalk Evangelist
Join Date: Mar 2008
Location: DFW
Posts: 28,110
So based upon the NBC article (http://www.nbcnews.com/news/us-news/...h-your-n732746), does this mean that things from one's phone's past are never really deleted, even with Apple phones? What if someone purchased a used phone--are they then responsible for everything that the past user may have done (their geographic coordinates, content on phone, etc)?
Thus there is no way for one to sterilize one's phone?
Thus there is no way for one to sterilize one's phone?
Assuming you have nothing of a criminal nature then all you are protecting is your right to privacy which I believe is worth protecting. If you have information that is classified or company sensitive then I see no reason to help disclose that information. Figure out how best to safeguard your data that may likely be viewed by others when crossing the border.
#124
Join Date: Nov 2010
Posts: 580
Thanks for verifying this. My concern is that many on this forum who discuss deleting everything before traveling are giving themselves a false sense of security as their data can be accessed even after the deletion.
I am surprised that no company has come out with a phone/tablet device that really deletes data, making it completely irretrievable. It seems like there would be a significant market for this right now.
I am surprised that no company has come out with a phone/tablet device that really deletes data, making it completely irretrievable. It seems like there would be a significant market for this right now.
#125
FlyerTalk Evangelist
Join Date: Mar 2008
Location: DFW
Posts: 28,110
Thanks for verifying this. My concern is that many on this forum who discuss deleting everything before traveling are giving themselves a false sense of security as their data can be accessed even after the deletion.
I am surprised that no company has come out with a phone/tablet device that really deletes data, making it completely irretrievable. It seems like there would be a significant market for this right now.
I am surprised that no company has come out with a phone/tablet device that really deletes data, making it completely irretrievable. It seems like there would be a significant market for this right now.
#126
Join Date: Oct 2011
Location: CLT
Programs: Pre✓, Delta DM, Hilton LT Diamond, Mariott Plat, PC Gold, National EE, Hertz PC
Posts: 1,655
There are ways to irrecoverably delete data but But, if Edward Snowed showed us anything, it's that all these companies are in bed with the NSA either by choice or by duress. As a result of that coerced NSA access the CBP and other agencies now have the same access.
#127
Suspended
Join Date: Jul 2001
Location: Watchlisted by the prejudiced, en route to purgatory
Programs: Just Say No to Fleecing and Blacklisting
Posts: 102,095
Thanks for verifying this. My concern is that many on this forum who discuss deleting everything before traveling are giving themselves a false sense of security as their data can be accessed even after the deletion.
I am surprised that no company has come out with a phone/tablet device that really deletes data, making it completely irretrievable. It seems like there would be a significant market for this right now.
I am surprised that no company has come out with a phone/tablet device that really deletes data, making it completely irretrievable. It seems like there would be a significant market for this right now.
#128
FlyerTalk Evangelist
Join Date: Mar 2008
Location: DFW
Posts: 28,110
As I have stated I'm no expert but some of the bits and pieces from the latest wikileaks data trove might give question to your statement.
#129
FlyerTalk Evangelist
Join Date: Mar 2008
Location: DFW
Posts: 28,110
Another article describing what CBP can do at the border.
https://uk.news.yahoo.com/heres-us-c...014200934.html
The section of giving up passwords is interesting. Take the article for what it's worth.
I think the bottom line is that if a person enters the U.S. then any electronic device a person may have is subject to inspection.
https://uk.news.yahoo.com/heres-us-c...014200934.html
Here's what US Customs and Border Protection agents can and can't do with your devices
I think the bottom line is that if a person enters the U.S. then any electronic device a person may have is subject to inspection.
#130
Suspended
Join Date: Jul 2001
Location: Watchlisted by the prejudiced, en route to purgatory
Programs: Just Say No to Fleecing and Blacklisting
Posts: 102,095
Another article describing what CBP can do at the border.
https://uk.news.yahoo.com/heres-us-c...014200934.html
The section of giving up passwords is interesting. Take the article for what it's worth.
I think the bottom line is that if a person enters the U.S. then any electronic device a person may have is subject to inspection.
https://uk.news.yahoo.com/heres-us-c...014200934.html
The section of giving up passwords is interesting. Take the article for what it's worth.
I think the bottom line is that if a person enters the U.S. then any electronic device a person may have is subject to inspection.
The bottom line is that less is more when it comes to how we use devices taken across the border and how much we travel with, as your own possessions and their use are subject to being used against even the innocent. And in some countries, you can be forced to give up a password or otherwise face criminal punishment for not doing so. And it's not just tinpot dictatorships where this is a potential problem at the border.
#131
Join Date: Mar 2015
Posts: 1,620
My best friend from college travels heavily internationally for work and after reading this thread I asked him what if anything has his employers said to do if CBP asks to have phone unlocked for inspection.
He said that in late 2014 or 2015 the Chief Counsels office gave specific advice and I found it interesting, not terribly applicable to me as I do not bring work home with me and if CBP wanted to inspect my phone be my guest there is nothing of value on it, besides this two other bulletin boards I do not use social media and beyond a bunch of photos of supercars (I am a gearhead) there is nothing of any interest, it would be a very boring inspection, I do not even check email from my phone.
Anyway, here it is for whatever it is worth.
1)State that the phone and all its contents do not belong to the traveler, but to the company and that CBP is more than welcome to call and ask permission from the Chief Counsels Office to unlock the phone.
2)Offer the CPB Officer or his/her Superiors The Chief Counsels Business Card with both daytime and night time numbers.
3) If the Officer or his/her Superiors are unable to reach the Chief Counsel or his designee than ask the Officer to reach your Superior or his/her Superior.
4) If the Officer or his/her Superiors refuse to contact either the Chief Counsel or your Superior or his/her Superior, than ask the CBP to confiscate the device, so that you can leave and then contact the Chief Counsel or his designee and explain what happened and they will handle it from there.
He said that in training they received last year, the Chief Counsel said that they do not care about the physical device, nothing sensitive is stored locally, they care about their employees and their safety and getting out of the CBP offices is paramount, they can handle the device and its seizure if it comes to that.
Apparently the Chief Counsel said that did have to deal with CBP once and after he spoke to a Supervising Officer, the employee was released without his device and he had IT disable access to the companies server and they issued a new device to the employee post haste.
He said that in late 2014 or 2015 the Chief Counsels office gave specific advice and I found it interesting, not terribly applicable to me as I do not bring work home with me and if CBP wanted to inspect my phone be my guest there is nothing of value on it, besides this two other bulletin boards I do not use social media and beyond a bunch of photos of supercars (I am a gearhead) there is nothing of any interest, it would be a very boring inspection, I do not even check email from my phone.
Anyway, here it is for whatever it is worth.
1)State that the phone and all its contents do not belong to the traveler, but to the company and that CBP is more than welcome to call and ask permission from the Chief Counsels Office to unlock the phone.
2)Offer the CPB Officer or his/her Superiors The Chief Counsels Business Card with both daytime and night time numbers.
3) If the Officer or his/her Superiors are unable to reach the Chief Counsel or his designee than ask the Officer to reach your Superior or his/her Superior.
4) If the Officer or his/her Superiors refuse to contact either the Chief Counsel or your Superior or his/her Superior, than ask the CBP to confiscate the device, so that you can leave and then contact the Chief Counsel or his designee and explain what happened and they will handle it from there.
He said that in training they received last year, the Chief Counsel said that they do not care about the physical device, nothing sensitive is stored locally, they care about their employees and their safety and getting out of the CBP offices is paramount, they can handle the device and its seizure if it comes to that.
Apparently the Chief Counsel said that did have to deal with CBP once and after he spoke to a Supervising Officer, the employee was released without his device and he had IT disable access to the companies server and they issued a new device to the employee post haste.
#132
Suspended
Join Date: Sep 2013
Posts: 817
If you're a US citizen, they have to let you in.
I'd recommend encrypting your laptop / phone with a strong password. Even if they seize it they won't be able to do anything. (Though if you're especially paranoid, you may have to discard the device since it may now be bugged...)
I'd recommend encrypting your laptop / phone with a strong password. Even if they seize it they won't be able to do anything. (Though if you're especially paranoid, you may have to discard the device since it may now be bugged...)
#133
Moderator: Travel Safety/Security, Travel Tools, California, Los Angeles; FlyerTalk Evangelist
Join Date: Dec 2009
Location: LAX
Programs: oneword Emerald
Posts: 20,631
Advice from The New York Times:
Crossing the Border? Here’s How to Safeguard Your Data From Searches
Excerpts
Excerpts
***
Legally, citizens are not required to unlock their cellphones or share their passwords with United States government officials. But rules may vary depending on where you are traveling to and from. And any stopping by a government official can be inconvenient, and even intimidating. What to do? There’s one thing all the experts agree on: Do not lie to government officials about your passwords or social media accounts. “They’d make your life miserable if they found that out,” said Jeremiah Grossman, the head of security strategy for SentinelOne, a computer security company.
***
Here are some of the best tips, based on interviews with security and forensics specialists.
Consider a cheap device
***
Disable fingerprint readers
***
Don’t memorize your passwords
***
Encrypt your devices
***
Back up to the cloud, then wipe before you cross
***
Legally, citizens are not required to unlock their cellphones or share their passwords with United States government officials. But rules may vary depending on where you are traveling to and from. And any stopping by a government official can be inconvenient, and even intimidating. What to do? There’s one thing all the experts agree on: Do not lie to government officials about your passwords or social media accounts. “They’d make your life miserable if they found that out,” said Jeremiah Grossman, the head of security strategy for SentinelOne, a computer security company.
***
Here are some of the best tips, based on interviews with security and forensics specialists.
Consider a cheap device
***
Disable fingerprint readers
***
Don’t memorize your passwords
***
You could store a copy of the password vault on a cloud service like Dropbox and get access to your vault of passwords when you reach your travel destination, he said.
***
Use two-step verificationYou could store a copy of the password vault on a cloud service like Dropbox and get access to your vault of passwords when you reach your travel destination, he said.
***
***
Encrypt your devices
***
Back up to the cloud, then wipe before you cross
***
#134
FlyerTalk Evangelist
Join Date: Aug 2011
Location: Austin, Texas
Programs: Airline nobody. Sad!
Posts: 26,062
The Feds surely have a number of zero-day exploits at their disposal, whether of their own creation or out there for purchase. If they really, REALLY, truly, want to get in your phone (see San Bernardino terrorist attackers), they will get in. The Feds won't reveal how they accessed that phone, and I highly doubt they will ever tell us. However, I doubt nearly any FTer's phone would rise to that level of priority for them to access, as they're only going to risk burning that option on a truly major case like that (i.e. an actual terrorist attacker). But just for the really especially paranoid among us...
#135
Suspended
Join Date: Jul 2001
Location: Watchlisted by the prejudiced, en route to purgatory
Programs: Just Say No to Fleecing and Blacklisting
Posts: 102,095
The Feds surely have a number of zero-day exploits at their disposal, whether of their own creation or out there for purchase. If they really, REALLY, truly, want to get in your phone (see San Bernardino terrorist attackers), they will get in. The Feds won't reveal how they accessed that phone, and I highly doubt they will ever tell us. However, I doubt nearly any FTer's phone would rise to that level of priority for them to access, as they're only going to risk burning that option on a truly major case like that (i.e. an actual terrorist attacker). But just for the really especially paranoid among us...
In this arena, less is more. The more devices with which a device has been paired, and the more accessible the device and its paired devices are, the more likely the government has a crack into it. In other words, travel with less.
But for those devices being used while traveling, encrypting the built-in drives and using disposable drives to run a clean operating system is good enough for most privacy/data-protection purposes.
This paper on encryption workarounds https://papers.ssrn.com/sol3/papers....act_id=2938033 should give some idea about what is at risk and how.
Last edited by GUWonder; Mar 24, 2017 at 6:37 pm