Monday, October 4, 2010

Preparing for a U.S. Border Crossing

If you're planning to leave – and especially to enter – the United States, you need to take several precautions before you do so.

That's because Customs and Border Patrol (CBP) agents can seize and copy the contents of any electronic device you carry across a U.S. border. That includes your laptop, your cell phone, your USB flash drives, your digital camera, etc. Agents don't need probable cause or even reasonable suspicion to conduct a search of your electronic data – just "gimme." They can copy the data for investigative purposes and then use that information against you in a subsequent criminal case.

Fortunately, such searches are relatively rare. For instance, logs from the Department of Homeland Security show that agents searched 1,000 laptops between October 2008 and August 2009. Only 46 of these searches were "in-depth." From these searches, five travelers were found to have "illicit information" on their laptops. During this nine-month period, 221 million travelers came through U.S. ports of entry.

Since the odds are low you'll be targeted for a search, you may be tempted to run the CBP gauntlet without taking precautions to protect your data. That would be a mistake, particularly if your laptop or other electronic device contains any information that you'd prefer not to share.


For instance, if you're an attorney, your laptop may contain information subject to attorney-client privilege. If it does…well, too bad. According to published CBP guidance, "a claim of privilege …does not prevent the search of a traveler's information at the border." Or perhaps your smartphone contains trade secrets or other data you'd rather not share with the U.S. government. But when you carry it across a U.S. border, you've given the government permission to review that data and retain it indefinitely.

The real problem, of course, is that now this policy is in place, it could be greatly expanded. Of course, this would be impractical without massive increases in CBP's budget – but another 9/11-type attack might be all that's needed to spur Congress into action.

To avoid a border inquisition, the best precaution is not to carry any electronic devices across a U.S. border. For most people, this isn't practical, so the next-best strategy is to carry only "sanitized" devices.

For instance, you could purchase an inexpensive laptop and use only for international travel. Keep nothing on it except for the operating system and program files. Before you cross the border, "sanitize" it using a program such as Window Washer. When you return to the United States, securely "wipe" any confidential information off your hard drive, along with the "free space," using a program like PGP Desktop.

Back up your data to an online backup site such as Carbonite. Encrypt the data before uploading it, using a product such as PGP Desktop or True-Crypt.


Buy an "unlocked" tri-band cell phone with a replaceable SIM card for international travel. When you arrive in a new country, purchase a domestic SIM card from a local phone dealer. This not only protects your privacy at the border, but also eliminates roaming charges.

If you must carry sensitive data across the border, encrypt whatever device containing that data. However, CBP officials may demand that you decrypt any encrypted files before you proceed. Refuse, and you might be detained until you agree to decrypt the device for inspection. If you're a foreign national, you might be turned away and informed that you won't be permitted to re-enter the United States. (One possible solution: True-Crypt lets you type in a special access code that provides access only to part of your hard drive. The remainder of your data remains protected in a hidden hard disk partition.)

Blackberries and other smartphones come with built-in encryption. However, many smartphone encryption systems have significant weaknesses. A better solution (unfortunately only for Windows mobile smartphones) may be PGP Mobile.

The CBP believes these rules are necessary to investigate terrorism, child pornography, etc., but I'm not so sure. For instance, if you were a terrorist, would you really bring your laptop across the border with your plans to blow up the White House? No, you'd simply e-mail yourself the plans to blow up, poison, or incinerate whatever you wish to target. As with most anti-terrorism initiatives, this one does little or nothing to fight terrorists. It merely inconveniences law-abiding travelers.

Welcome to the United States!

No comments:

Post a Comment