guflyer

So based upon the NBC article (http://www.nbcnews.com/news/us-news/...h-your-n732746), does this mean that things from one's phone's past are never really deleted, even with Apple phones? What if someone purchased a used phone--are they then responsible for everything that the past user may have done (their geographic coordinates, content on phone, etc)?

Thus there is no way for one to sterilize one's phone?

GUWonder

If a person is arrested at the border, they have some rights applicable that weren't applicable prior to being arrested at the border.

The more extreme CBP goes, the more likely there will be opportunities for the government to see its power formally limited due to abuse of border crossing Americans getting to the courts.

Boggie Dog

From the various articles that I have read recently there seem to be tools in the hands of government that can recover data from phones and other personal electronics that most would think would be unrecoverable. Even wiping (what, like with a cloth or something) the device does not clear the data. If data has ever been present on the device then assume it is still there.

Assuming you have nothing of a criminal nature then all you are protecting is your right to privacy which I believe is worth protecting. If you have information that is classified or company sensitive then I see no reason to help disclose that information. Figure out how best to safeguard your data that may likely be viewed by others when crossing the border.

guflyer

Thanks for verifying this. My concern is that many on this forum who discuss deleting everything before traveling are giving themselves a false sense of security as their data can be accessed even after the deletion.

I am surprised that no company has come out with a phone/tablet device that really deletes data, making it completely irretrievable. It seems like there would be a significant market for this right now.

Boggie Dog

I am no expert, but understand, it is very specialized tools that can recover data from a device that has been purposely cleaned. I don't know if CBP would go to that kind of trouble, or if it is available to them, unless a really strong reason was presented. I would be more concerned with the addition of software by government.

KenTarmac

There are ways to irrecoverably delete data but But, if Edward Snowed showed us anything, it's that all these companies are in bed with the NSA either by choice or by duress. As a result of that coerced NSA access the CBP and other agencies now have the same access.

GUWonder

There are ways to delete data on devices and utilize those devices such that it makes it very difficult to impossible for the government to recover deleted data. But there is something to be said about "less is more" when it comes to what you carry across borders or how you use "smartphones", a super-surveillance tool if ever there were one before. If the device or software makers are compromised even before getting the product out of the factory or distributed, it's game over whenever the government thinks it important enough to pursue the matter and risk getting its sources/methods exposed or to recreate an investigative trail (i.e., make up a story/excuse on how the target became a target/suspect) and risk that being exposed.

Boggie Dog

As I have stated I'm no expert but some of the bits and pieces from the latest wikileaks data trove might give question to your statement.

Boggie Dog

Another article describing what CBP can do at the border.

https://uk.news.yahoo.com/heres-us-c...014200934.htmlThe section of giving up passwords is interesting. Take the article for what it's worth.

I think the bottom line is that if a person enters the U.S. then any electronic device a person may have is subject to inspection.

GUWonder

Indeed. And if you've got devices that are set to be paired together and have them both with you at a border crossing, then there is a rather high chance you've comrpomised your ability to have your device information secured even if both devices are protected by passwords. And the use of third party applications or browser use on the devices only further exacerbates the risk that the information can be extracted and utilized.

The bottom line is that less is more when it comes to how we use devices taken across the border and how much we travel with, as your own possessions and their use are subject to being used against even the innocent. And in some countries, you can be forced to give up a password or otherwise face criminal punishment for not doing so. And it's not just tinpot dictatorships where this is a potential problem at the border.

kmersh

My best friend from college travels heavily internationally for work and after reading this thread I asked him what if anything has his employers said to do if CBP asks to have phone unlocked for inspection.

He said that in late 2014 or 2015 the Chief Counsels office gave specific advice and I found it interesting, not terribly applicable to me as I do not bring work home with me and if CBP wanted to inspect my phone be my guest there is nothing of value on it, besides this two other bulletin boards I do not use social media and beyond a bunch of photos of supercars (I am a gearhead) there is nothing of any interest, it would be a very boring inspection, I do not even check email from my phone.

Anyway, here it is for whatever it is worth.

1)State that the phone and all its contents do not belong to the traveler, but to the company and that CBP is more than welcome to call and ask permission from the Chief Counsels Office to unlock the phone.

2)Offer the CPB Officer or his/her Superiors The Chief Counsels Business Card with both daytime and night time numbers.

3) If the Officer or his/her Superiors are unable to reach the Chief Counsel or his designee than ask the Officer to reach your Superior or his/her Superior.

4) If the Officer or his/her Superiors refuse to contact either the Chief Counsel or your Superior or his/her Superior, than ask the CBP to confiscate the device, so that you can leave and then contact the Chief Counsel or his designee and explain what happened and they will handle it from there.

He said that in training they received last year, the Chief Counsel said that they do not care about the physical device, nothing sensitive is stored locally, they care about their employees and their safety and getting out of the CBP offices is paramount, they can handle the device and its seizure if it comes to that.

Apparently the Chief Counsel said that did have to deal with CBP once and after he spoke to a Supervising Officer, the employee was released without his device and he had IT disable access to the companies server and they issued a new device to the employee post haste.

greggarious

If you're a US citizen, they have to let you in.

I'd recommend encrypting your laptop / phone with a strong password. Even if they seize it they won't be able to do anything. (Though if you're especially paranoid, you may have to discard the device since it may now be bugged...)

TWA884

Advice from The New York Times:

TheBOSman

The Feds surely have a number of zero-day exploits at their disposal, whether of their own creation or out there for purchase. If they really, REALLY, truly, want to get in your phone (see San Bernardino terrorist attackers), they will get in. The Feds won't reveal how they accessed that phone, and I highly doubt they will ever tell us. However, I doubt nearly any FTer's phone would rise to that level of priority for them to access, as they're only going to risk burning that option on a truly major case like that (i.e. an actual terrorist attacker). But just for the really especially paranoid among us...

GUWonder

Indeed there are situations where the government doesn't want the public to know the methods and sources available to it and thus doesn't use those means for non-national security/non-foreign-element type investigations that do make it technically feasible to extract "useful" data from the targeted devices for even non-national security type investigations. This doesn't mean they won't use the means and then recreate an investigative trail to otherwise get at a targeted individual and make for a criminal trial against the individual rooted in lifted information using questionable means.

In this arena, less is more. The more devices with which a device has been paired, and the more accessible the device and its paired devices are, the more likely the government has a crack into it. In other words, travel with less.

But for those devices being used while traveling, encrypting the built-in drives and using disposable drives to run a clean operating system is good enough for most privacy/data-protection purposes.

This paper on encryption workarounds https://papers.ssrn.com/sol3/papers....act_id=2938033 should give some idea about what is at risk and how.