How to Protect Your Phone and Data Privacy at US Customs

International travelers may know that US Customs and Border Protection (CBP) can scroll your phone in a “random search.” But new details paint a picture of vast and messy data collection that puts your privacy at risk.

Data copied from devices to entry points in the United States — including airports and border crossings — is recorded for 15 years in a searchable database by thousands of CBP employees without warrants, Drew Harwell of The Washington Post reported this week. The data includes contacts, call logs, messages and photos from phones, tablets and computers, according to CBP. It could also contain social media posts, medical and financial information or internet browsing history, according to a report by New York-based think tank Brennan Center for Justice.

Sen. Ron Wyden (D-Ore.) wrote a letter Sept. 15 asking the CBP commissioner to stop allowing “the indiscriminate search of Americans’ private records without suspicion of a crime.”

Customs officers copied Americans’ phone data on a large scale

It’s unclear to what extent federal agents can use the copied data because there are few meaningful safeguards, said Saira Hussain, an attorney at the nonprofit Electronic Frontier Foundation.

Hussain argued in court that CBP’s current data collection practices violate Americans’ constitutional protections. Based on her interviews with research subjects, agents often profile people from Muslim or neighboring Muslim communities, she said, but these searches impact people from “all walks of life.” American life”.

“You don’t have to have committed a crime to want to keep parts of your life private from interference by government agents,” said Nathan Freed Wessler, deputy director of the Speech, Privacy, and Technology Project at the American Civil Liberties Union. . “It could be medical diagnoses, mental health issues, romantic associations, information about our children, etc.”

A CBP spokesperson said in a statement that the agency searches for the devices “in accordance with statutory and regulatory authorities” and that its guidelines ensure that every search is “conducted judiciously, responsibly, and consistent with the public trust.” .

Don’t want to open your contacts, call logs, and messages to thousands of government-employed strangers? Here is what you can do before going to customs:

Unlike other law enforcement agencies, border authorities do not need a warrant to search your device. They can perform a basic search – in which they scroll through your device inspecting texts, photos or anything else they can easily access – even if they don’t suspect you of wrongdoing. But if an agent suspects you pose a “national security concern,” they can run an advanced search using a digital forensics tool to copy data from your device.

How you prepare to cross the border with your devices depends on how much risk you’re willing to tolerate, said Nathan Freed Wessler, deputy director of the Speech, Privacy, and Technology Project at the American Civil Liberties Union.

If you’re more worried about agents going through your messages and photos in a basic search, deleting files from your device would do the trick. If you’re a political dissident, human rights activist, journalist, or anyone else seeking to avoid government surveillance or overreach, your goal will likely be to keep agents out of your device.

If you are a US citizen, you can refuse to unlock your devices for CBP agents and still enter the country. (This may not be clear from the information sheet agents are supposed to give you when searching, which says the process is “mandatory.”)

If you refuse to cooperate, CBP may keep your device. It says detention generally shouldn’t last longer than five days, but Hussain said she’s spoken to people who haven’t picked up their devices in months.

Non-citizens, meanwhile, aren’t guaranteed entry if they refuse to unlock their devices.

Travel with few devices and turn them off beforehand

The fewer devices you travel with, the fewer search opportunities there are, Wessler said. Consider adopting a separate phone or laptop for traveling without storing sensitive data.

How to Avoid Spam and Data Breaches with Disposable Numbers, Email Addresses and Credit Cards

Turn off devices before going through customs. This protects against advanced search tools that can bypass the screen lock on devices left powered on, according to EFF.

The encrypted data is scrambled into a format unreadable to people who don’t have the code – in this case, a password. iOS, Android, Windows, and MacOS all come with built-in device encryption options.

Most contemporary smartphones are encrypted by default (be sure to lock your device). Here are the general instructions for Windows and MacOS.

The fastest methods to unlock your device – such as Face ID or a weak passcode – are also the least secure. If you refuse to unlock your device for a search, CBP can try to unlock it themselves, Wessler said. A strong password with letters and numbers, or a password with at least six numbers will make this more difficult.

The Ultimate Guide to Secure Passwords

CBP guidelines instruct officers to review only data stored on your device itself, not any information that apps like Facebook and Gmail send to the cloud. If you consent to a search, switching your device to airplane mode will limit the search to what is recorded or cached.

You can choose to move your data to a cloud storage provider, such as iCloud, Google, or Microsoft OneDrive, then wipe or factory reset your device. This would protect your data from basic visual search. But beware: most file deletion methods leave behind traces that forensic research would uncover. Additionally, going through customs with a blank device could raise suspicion and make you more likely to become a target, Hussain said.

If you have sensitive photos, messages, or other easily visible data on your device, move them somewhere private, like a hidden or password-protected folder. (Please don’t accidentally show nudes to a customs officer – or anyone else. Here’s how to hide them.)

Consider where you enter the country

Different states have different laws governing what CBP can inspect at US ports of entry. In Arizona, for example, CBP can only search devices without a warrant if it is looking for specific digital contraband. If you want to protect your privacy, it can be helpful to fly in a state with stricter limits for CBP.