HOWTO keep your data safe at the US border

The Electronic Frontier Foundation has published a new guide, "Defending Privacy at the U.S. Border: A Guide for Travelers Carrying Digital Devices," which explains how the law, good technology choices, cryptography and backups can be combined to keep your data safe while you travel, especially when crossing into the USA, where customs officials reserve the rights to search your laptop and mobile phone without a warrant and keep whatever they find.

"Different people need different kinds of precautions for protecting their personal information when they travel," said EFF Senior Staff Technologist Seth Schoen. "Our guide helps you assess your personal risks and concerns, and makes recommendations for various scenarios. If you are traveling over the U.S. border soon, you should read our guide now and get started on taking precautions before your trip."

Over the past few years, Congress has weighed several bills to protect travelers from suspicionless searches at the border, but none has had enough support to become law. You can join EFF in calling on the Department of Homeland Security to publish clear guidelines for what they do with sensitive traveler information collected in digital searches by signing our petition. You can also test your knowledge about travelers' privacy rights and help spread the word about the risks by taking our border privacy quiz.

"We store detailed records of our lives on our laptops and our phones. But the courts have diminished our constitutional right to privacy at the border," said EFF Senior Staff Attorney Marcia Hofmann. "It's time for travelers to take action and protect themselves and their private information during international trips."

Defending Privacy at the U.S. Border: A Guide for Travelers Carrying Digital Devices



  1. and woe-unto-you if the (underpaid so overcompensating via bullying) goons discover a copy of  EFF-border-search-.pdf on your hard-drive

    1. I do believe that Jacob Appelbaum sometimes will travel without any storage except for a thumbdrive or somesuch containing the 4th amendment to the U.S. constitution. Might be someone else on the harassment list, though.

  2. the law, good technology choices, cryptography and backups can be combined to keep your data safe while you travel, especially when crossing into the USA

    As an American, reading that makes me sick to my stomach.

  3. Them: “Your computer will not boot! Your hard-drive is nothing but random bits! Your keyboard makes no sense!*”

    Me: “Hm.”

    *I use Dvorak

  4. TrueCrypt.  Make a hidden encrypted volume.  No one will find it unless they’re specifically looking for it.  And, even then, it will be encrypted.

    1. Be careful with the idea of hidden volumes. As the pamphlet says, lying to CBP is very illegal. If they ask you “is that all there is?” and you refuse to answer, you are now behaving very suspiciously. If you lie and say there is nothing more to see, this is virtually impossible to keep up forever, if lawyers, judges, better forensic techniques and external evidence get involved. Once your lie is found out, you’re in deep shit.

      Encrypt your whole disk with simple full disk encryption, and decide ahead of time whether to turn over your passphrase for a search or refuse and face “temporary” detention and more questioning. … Or don’t bring data with you.

      1. That’s bogus.  If anyone asks a vague “Is that all there is?”  There are a million ways to dodge that question and not appear like a suspicious ass.  Just say, “Yes, just the thumb drive.”  or “Yes, that’s all I brought.”  Make THEM be specific.  You’re not lying.  You’re giving true answers.

  5. If I were Jacob Appelbaum or someone else who is routinely subjected to search-and-seizure at the border, I’d prepare a ‘special’ phone with a contacts list that contained only phone numbers belonging to members of Congress, senior TSA officials, etc. Should be good for some lulz. 

  6. Use good, one-time-pad encryption, such as TrueCrypt, and


    Even if you use a theoretically-hard encryption, there may be a flaw in the implementation.

  7. There’s a typo in the pdf of the article.  On page 13 it says “EEF built a crypto-cracking machine that could try 2^256 possibilities in under three days.”

    It should be 2^56; the article on the web page is correct.

    That is all.

  8. I’m more worried about spyware being installed on the hypothetical border-crossing computer (by border patrol, etc) w/o permission…

  9. I’ve often wondered what would happen if a researcher had quarantined something very malicious on a flash drive that was seized.  I am sure the protests of “You really don’t want to do that” would get that sucker loaded every faster…

  10. One more step towards a totally martial law state. Next you’ll be asking when you can take a crap and where you have to do it lol.

Comments are closed.