How to legally cross a US (or other) border without surrendering your data and passwords

The combination of 2014's Supreme Court decision not to hear Cotterman (where the 9th Circuit held that the data on your devices was subject to suspicionless border-searches, and suggested that you simply not bring any data you don't want stored and shared by US government agencies with you when you cross the border) and Trump's announcement that people entering the USA will be required to give border officers their social media passwords means that a wealth of sensitive data on our devices and in the cloud is now liable to search and retention when we cross into the USA.


On Wired, Andy Greenberg assembles some best-guess advice on the legal and technical strategies you can deploy to maintain the privacy of your sensitive data, based on techniques that security-conscious travelers have arrived at for crossing into authoritarian countries like China and Russia.

The most obvious step is to not carry your data across the border with you in the first place: get a second laptop and phone, load them with a minimal data-set, log out of any services you won't need on your trip and don't bring the passwords for them (or a password locker that accesses them) with you, delete all logs of cloud-based chat services. I use POP mail, which means that I don't keep any mail on a server or in a cloud, so I could leave all my mail archives at home, inaccessible to me and everyone else while I'm outside of the USA or at the border.

Call your lawyer (or a trusted friend with your lawyer's number) before you cross the border, then call them again when you're released; if they don't hear from you, they can take steps to ensure that you have crossed successfully, or send help if you need it.

One thing Greenberg misses is the necessity of completing a US Customs and Immigration Service Form G-28 before you cross the border. This form authorizes an attorney to visit you if you are detained at the border, but it has to be completed and signed in advance of your crossing. It also should be printed on green paper. The current version of the form expires in 2018, so you can complete it now, file it with your attorney or friend, and leave it until next year.

Remove any fingerprint-based authentication before you cross and replace them with PINs. Greenberg's experts recommend using very strong passwords/PINs to lock your devices. I plan on a different strategy: before my next crossing, I'll change all of these passwords/PINs to 0000 or aaaaaaaa, so that I can easily convey them to US border officials and they can quickly verify that I have no sensitive data on any of my devices. Once I have successfully crossed, I'll change these authentication tokens back to strong versions.

Another thing missing from this advice (possibly because it's viewed as obvious, but I think it bears stating): never, ever lie to border officials. Lots of privacy tools include "plausible deniability" partitions and similar ruses to allow you to login to what appears to be all the data on your device, but using these to attempt to deceive border guards is radioactively illegal and fantastically stupid. I have never — and will never — lie or shade the truth with border officials, because the penalties for lying at the border are generally significantly worse than whatever you're trying to keep to yourself. In the wake of Cotterman, and in the current authoritarian climate, the way to keep a government from using a border-crossing as a basis for acquiring your sensitive data without a warrant is to make sure that you do not possess, and cannot access, your data at a border.


Better than telling customs officials that you won't offer access to your accounts, says security researcher and forensics expert Jonathan Zdziarski, is to tell them you can't. One somewhat extreme method he suggests is to set up two-factor authentication for your sensitive accounts, so that accessing them requires entering not only a password but a code sent to your phone via text message. Then, before you cross the border, make sure you don't have the SIM card that allows you—or customs officials—to receive that text message, essentially denying yourself the ability to cooperate with agents even if you wanted to. Zdziarski suggests mailing yourself the SIM card, or destroying it and then recovering the accounts with backup codes you leave at home (for American residents) or keep in an encrypted account online. "If you ditch your SIM before you approach the border, you can give them any password you want and they won't be able to get access," Zdziarski says. He cautions, however, that he's never tested that know-nothing strategy in the face of angry CBP agents.

Those more involved subversion techniques, warns University of California at Davis law professor Elizabeth Joh, also create the risk that you'll also arouse more suspicion, making CBP agents all the more likely to detain you or deny entrance to the country. But she has no better answer. "There's not that much you can do when you cross the border in terms of the government's power," she admits.

A Guide to Getting Past Customs With Your Digital Privacy Intact [Andy Greenberg/Wired]