UPDATES: Aside from the strategies listed below, here are some some other guides, resources and tips on dealing with your digital privacy in U.S. airports, or around any borders with paranoid state regimes…
- Keep your politically active Tweets in a secure container, separate from your personal life. — the grugq
- Advice on preparation to cross borders. — The Umbrella App
- Data at the border — Yours truly
The United States of America can now be fairly classified as a declining state in terms of freedom, liberty, speech and human rights. The Economist has downgraded it’s status to “flawed democracy” (late in the game). The White House is presently battling with the courts for the right to exclude entry to the country from not just seven Muslim majority countries (bad enough as that would be), but the right to ban people of any nationality on the basis that they were born in one of these countries. It is the thin end of the wedge to enact President Trump’s promise of a complete ban on Muslims and a Muslim registry.
The Trump regime also plans to require foreign visitors to disclose websites, social media activity, and let American border agents copy data and contacts from their mobile phones as a requirement of entry. Plan ahead.
Muslim Americans returning to the U.S. are reporting CBP officers have demanded access to social media information https://t.co/ULNcRMNedk
— EFF (@EFF) January 29, 2017
If you need to go to the United States, your rights may be at serious risk. But this is nothing new in terms of data. Department of Homeland Security agents were allowed (under President Obama) the authority to copy the your device hard drive at any point of entry into the U.S. But this will probably be put into greater practice in the coming days.
So, if you’re traveling to the United States, consider the following:
Travel tech-light. Leave your computer at home, or carry a wiped machine and/or mobile. Get a mobile after you arrive. Basic mobile phones and pay-as-you-go SIMS are easy to obtain (still) for cash in the U.S. See if you can use a local laptop after you arrive, and get into your accounts on the other side. The less you carry, the safer you and your contacts will be.
Encrypt your computer and your mobile hard drives. If agents are going to access it or copy information from a device, they’ll have to talk with you about it first. Switch your devices off before you land, for this to mean anything.
Log out of everything. Before you arrive at the border, make sure that nothing is syncing, updating or sending or receiving from your devices. Wipe all the local data in your browser. Don’t leave passwords, browsing history, cookie information or download history in your cache. Remove your accounts from any email clients you have set up. Wipe any access information. If agents want to access theses, they will have to ask you to log into each one, keeping everything they see transparent to you. Don’t leave clues on your machine as to what services you use.
Create alternate social media personas. This is more difficult to pull off than it sounds, but essentially it means creating fairly vanilla/bland social profiles that don’t include any social, political or other aspects of your identity you think may get you or others in trouble. It means keeping a smattering of contacts that you don’t think will raise your profile in a problematic way at the border. Honestly, this is how they™ win, but if you need to get from point A to B, then sometimes needs must. If you’re involved in an sort of anti-regime activism or opposition, then keeping that information containerized is just a practical reality.
Encrypt files locally and send what you need ahead of you. If you have someone on the other side you trust, encrypt the files and information you’ll want to use after you pass through the U.S. border, and send it to them. Use Veracrypt or pgp key encryption to secure the information locally. Transfer it using a secure cloud service or a volatile, encrypted file-sharing service such as onionshare, or run FileTea through a decent VPN or Tor. Wipe it from your device, and re-install it when you get to your friend.
Encrypt your information and hide it in the cloud. Find a decent, secure cloud storage service. Export your confidential information and encrypt it locally on your machine. Rename your file as well (“pics_of_cat.zip”, “art_masters_thesis.tar” or so on). Store this in your cloud hosting service and make sure to securely wipe it from your machine. Get it back when you’ve got a secure internet connection after you’re away from the border control.
Set up 2-factor authentication on any accounts that have it available. If you’re asked to log into an account, this will give the border control agent and the Department of Homeland Security future access to that account. 2-factor authentication on many services allows you to monitor where your account is logged in and end those sessions remotely. It will let you know when and if anyone tries to log in from a different location.
Consider all accounts accessed at the border to be compromised. As a matter of digital hygiene, change any password that you use at the request of a government official. Update your passwords using stronger ones not similar to your compromised passwords.
Consider any device handed over to a border agent to be compromised. If a border agent takes your device and does anything you can’t visibly see happening, then assume the device has been infected with malware (spyware) and wipe it before using again. Dismantle it to look for physical tampering, if it’s taken where you can’t see it.
Such are the times in which we live.
— For a friend