Is it possible to cross an international border and not give up all your data to law enforcement? If so, how?
A friend called my attention to this article “I’ll never bring my phone on an international flight again. Neither should you.” by Quincy Larson.
There’s a lot of truth to it. But, the author overstates something significant. He says: …all the hard work that Apple and Google have invested in encrypting the data on your phone … will be a completely moot point. That’s quite not true. Before I give my thoughts, I want to acknowledge two important authorities on this subject. If you want the authoritative view on what to do and why, read:
- “Protecting Your Data at a Border Crossing” by Jonathan Zdziarski, and
- This tweet stream by thegrugq, which lays out a pretty extreme approach.
I only understand Apple’s tech on this, so I can’t speak for Android. But here’s a more nuanced view if you use Apple devices. If you wipe your phone properly, using Apple’s official methods, the data that was on it is totally unrecoverable—even using FBI/NSA techniques (as far as we know). So you can backup to some medium (cloud? home? laptop?) and wipe your phone. It will have essentially no data on it. Use 1234 as your passcode and let them image it. They will get nothing. Then, when you’re safely across the border, restore your phone from backup. So you don’t have to leave the device behind, while still not giving everything up.
Backup and Restore
You can even backup to the laptop you’re bringing with you. iTunes backups are encrypted with a distinct password. So even if they take a full image of your laptop, they STILL don’t get the iTunes backup data unless they make you give over the backup password. Make the backup password something random that you don’t know and can’t get, and I’m not sure what they can do. Make it so that password has to be downloaded from somewhere later. Or write it on a piece of paper that a trusted someone can send you a photo of later when you have cleared the border. Again, this is all thanks to robust cryptography that Apple has built into their products. Moreover, Apple’s backup/restore functionality is nearly flawless. So if you get good at backing up your phone, your phone will be recovered beautifully to its prior state.
The Weak Link
The weak link in all this is the government’s increasing demand for your actual passwords. If you give them your iCloud password, and that’s where your phone is backed up, this is all pointless. If you give them your Google password and all your data is on Google Drive, you haven’t protected anything at all. As I mentioned before, you can backup your phone to your laptop, but if they can compel you to give them the password for the backup archive, they have gotten everything. This is why folks like thegrugq keep different accounts for travel and real life. So if they give over the travel accounts’ details, they haven’t given anything important.
Time and Bandwidth
This is all a huge pain in the butt. And depending on where you’re going, you might not have hours and hours to restore from backups over the net. You have to be willing to take the time to do this, and sometimes we don’t have time or access to sufficient bandwidth to do this. You could power-off your phone and ship it via FedEx or DHL or something. When powered off and if you use a long passcode (not a 4-digit or 6-digit PIN), it is quite safe (as far as we know).
The Chilling Reality
I am very worried about this quote, that seems quite true: Over time, this unparalleled intrusion into your personal privacy may come to feel as routine as taking off your shoes and putting them on a conveyer belt.