Hola Aloha,
Dunno how many nettimers are travelling to the US - something I would not
advise at the moment (to put it mildly) - but here's an interesting piece of
advice regarding your privacy when interacting with immigration people. And
yes, we've reached the point where travelling to 'our closest ally' (and
protector) means taking measures formerly reserved to travels to tech savvy
dictatorships.
Protect yourselves at all times!
Cheers all the same, p+7D!
Original to:
https://www.theguardian.com/technology/2025/mar/26/phone-search-privacy-us-border-immigration
(for links & pics)
How to protect your phone and data privacy at the US border
With reports of people being turned away at airports over messages found on
devices, here’s what to do to minimize risks
Johana Bhuiyan
Wed 26 Mar 2025
Welcome to Opt Out, a semi-regular column in which we help you navigate your
online privacy and show you how to say no to surveillance. The last column
covered what to do with your 23andMe account after the company filed
bankruptcy. If you’d like to skip to a section about a particular tip, click
the “Jump to” menu at the top of this article.
If you’re a visa or green card holder with plans to travel to the US, reports
of people being turned away at airports over messages found on their devices
might be prompting you to second-guess your travel plans. You might be asking
whether Customs and Border Protection (CBP) can search your phone, whether you
can opt out and what you should do to minimize your risks.
The short answer is that yes, CBP can search your devices. Constitutional
protections are generally weaker at US borders, including airports. You can try
to opt out, but depending on your specific circumstances, you might not be
willing to risk the potential ramifications of not complying, which can include
the confiscation of your devices.
Privacy experts say everyone should conduct a personal risk assessment – which
should include your immigration status, travel history and what data you might
have on your phone. There’s not a one-size-fits all solution because data that
may seem sensitive to some may not be to others, depending on your
circumstances. That assessment might affect your calculus of whether to push
back if CBP attempts to search your phone, for instance, or how much you want
to lock down your devices before heading to the airport.
While CBP said it only searched about 47,000 devices of the 420 million people
who crossed the US border in 2024, experts the Guardian spoke to say border
enforcement has been unpredictable under the Trump administration, so figuring
out whether you’re at risk of a device search is not as straightforward as it
once was. French officials said a French scientist was recently turned away at
an airport in Texas because immigration officers found texts that were critical
of Trump on his phone.
“The super-conservative perspective is to assume they are completely unhinged
and that even the most benign reasons for travel are going to subject
non-citizens to these device searches,” said Sophia Cope, a senior staff
attorney at the Electronic Frontier Foundation (EFF), a non-profit digital
rights group.
If you’re a US citizen, you must be admitted into the country. That said, some
jurisdictions allow CBP to work with the FBI or local police to advance
domestic investigations, so there are still some risks of your devices being
searched for domestic reasons.
There are steps you can take to make it harder for CBP officers to access your
device and the data on it. So what should you do to protect the data on your
phone from being searched? The main thing is to prepare ahead of heading to the
airport. Here is what you should be thinking about:
Decide if you will comply with a phone search
Before you travel, start to prepare for the possibility of being pulled into
secondary screening. First, you should decide if you’re going to comply if an
immigration officer asks if they can search your device. They may ask for your
phone password or for you to unlock the device. Ideally, you would unlock the
device yourself and not share your password. You can decide not to give your
consent, but that does come with its own risks.
From a guide to the border from the EFF: “This presents a no-win dilemma. If a
traveler complies, then the agents can scrutinize and copy their sensitive
digital information. If a traveler declines, then the agents can seize their
devices and subject the traveler to additional questioning and detention.”
It’s possible that, if you refuse the search, the officer might decide that you
are not worth the trouble because you do not present a high risk. They might
let you go. On the flip side, though, declining could make the process longer
or could result in border agents confiscating your device. If they do
confiscate your device, make sure you ask for a property receipt so you can
document that they have your device when you try to get it back. Even if you
don’t give up your password, immigration officials can use various tools on
your device to unlock it themselves. They can also try to guess your password,
so make sure you have a strong and long password.
There are a lot of reasons you might not want to risk being held back longer
than you already have been or risk having your device confiscated – including
that you don’t know how long border agents will keep your phone.
If you plan to comply with a phone search to avoid any further complications,
your phone might be searched either manually or with forensic tools. It is
worthwhile to prepare for both types of searches.
Turn your phone and Face ID off before entering the US
The EFF recommends turning your devices completely off before entering the US.
This could return your phone or laptop to a heightened security state and, as a
result, could make it harder for anyone to break the encryption on your device.
Privacy advocates also recommend making sure your device requires a password to
decrypt or unlock. If you use Face ID or a fingerprint to unlock your phone,
for instance, it would be easier for an officer to use it to gain access to
your device.
Do not wipe your phone
You might think the most protective options are to completely wipe your phone
before traveling, use a burner or travel without a phone. But the EFF’s Cope
said that could actually raise suspicions.
“People are damned if they do and damned if they don’t,” Cope said. “If you
cross the border with no data on your device, that itself can be seen as
suspicious.”
Instead, if you want to seem cooperative but do have data or texts stored on
your phone that you wouldn’t want to be accessed, Cope suggests deleting that
information selectively rather than wiping your whole device.
Encrypt your data and use a strong password
The most important step to take before you travel is to encrypt the data on
your device, which is different than using encrypted messaging services like
Signal. Device encryption can make it harder for CBP officers to access files
on your phone or laptop or recover deleted files, even if they confiscate the
device and subject it to sophisticated forensic tools.
Fortunately, all recent models of both iPhones and most Android phones come
with full-device encryption automatically turned on. On an Android, double
check that yours is on in the “advanced settings” tab of your “Security” menu.
You will want to choose a strong password that is not easy to guess so CBP
can’t walk in the front door to your device. Here’s a good primer on how to
make a strong password.
“This encryption is only as good as the encryption passphrase someone uses on
their device, though,” said EFF senior staff technologist Bill Budington. “So
the best advice is to choose a strong, nine- to 12-random-character (or four-
to five-word) passphrase for the device, and make sure that biometric unlocks
like Face ID or Touch ID are turned off when going through sensitive areas like
checkpoints or somewhere your device could be confiscated.”
Laptops, on the other hand, do not all come with full-device encryption. You
can use the encryption tools some of them offer to encrypt your data. MacOS has
a tool called FileVault, which you can access by searching for it in the top
right corner of your screen, and some Windows computers come with a tool called
Bitlocker, which can be used to encrypt your device. The EFF has a full list of
tools you can use on various operating systems here.
For those of you traveling with a device owned by your employer or someone
else, you will want to make sure to have a conversation with them before you
travel to ensure your device is sufficiently protected.
How to securely delete your data
In addition to encrypting your devices, you should delete any specific texts,
apps, photos, etc that you feel are sensitive or you wouldn’t want a government
agent to see.
Securely deleting this data requires a few steps and comes with limitations. If
you are not wiping your phone entirely, as that may raise suspicions, you will
probably opt to delete specific files. That more practical option may be
effective for a manual or cursory search but may not be sufficient in the event
of a more advanced search by US immigration personnel. Files may not be fully
deleted, or there may be references to these files that remain on your device.
On top of ensuring your device is encrypted, you will want to make sure that
you’ve deleted your files from any trash folders as well. On iMessage, for
instance, if you click on “filters” in the top left corner you’ll find a
“recently deleted” folder. Make sure you’ve cleared texts from there as well.
On iPhones, once a file is deleted from both the main iMessage interface and
the “recently deleted” file, it is permanently deleted, according to the
company.
Cope suggests pre-emptively deleting some apps you don’t want to be searched.
This protective method is imperfect because an advanced search could reveal
that an app was installed, but it would be a way to avoid having your WhatsApp
messages searched, for instance, in the case of a manual search.
Move things on to a cloud storage server
During law enforcement searches inside the boundaries of the US, a cloud
storage server is not more protected than your devices. At the border, however,
there are currently policies in place that prohibit CBP from searching online
cloud services. In practice, that means that immigration officers will have to
put your phone in airplane mode before searching it.
“They do specifically say officers are only authorized to look at data that are
‘resident on the device’,” Cope said. “So that is data that is actually on the
hard drive of your phone, laptop or camera. They’re supposed to disconnect it
from the internet, if it’s an internet-connected device.”
If you have data that you don’t want to or can’t delete permanently for any
reason, you can delete it off your device and store it on your cloud storage
like iCloud, Google Drive or Microsoft One Drive.
This is a high-level guide that may not touch on the specifics of your
situation. For a full comprehensive guide on how to protect your devices at US
borders, please visit the Electronic Frontier Foundation.
--
# distributed via <nettime>: no commercial use without permission
# <nettime> is a moderated mailing list for net criticism,
# collaborative text filtering and cultural politics of the nets
# more info: https://www.nettime.org
# contact: [email protected]
