As the US government ramps up its insistence that visitors (and US citizens) unlock their devices and provide their social media accounts, the solution have run the gamut from extreme technological caution, abandoning mobile devices while traveling, or asking the government to rethink its policy. But Maciej Cegłowski has another solution: a "travel mode" for our social media accounts.
Here's the crux: "We don’t take our other valuables with us when we travel—we leave the important stuff at home, or in a safe place. But Facebook and Google don’t give us similar control over our valuable data. With these online services, it’s all or nothing."
Cegłowski's proposal is for a timed "trip mode" during which our social media only allows us to access a few days' worth of material. It would be irrevocable, so you couldn't be ordered to disable it during a border crossing.
Google already does this, but only for googlers. The Google employees I know who travel to China say that when they go abroad, their managers and IT support arrange to constrain their accounts, so they can only see a subset of their email and access a subset of Google's internal servers while traveling, typically with an otherwise blank Chromebook that is dropped in a shredder when they return to the USA.
Cegłowski is right that telling people to maintain monotonically perfect operational security is unrealistic; he's right that being able to afford travel doesn't mean you're able to afford a spare laptop and phone; he's right that lying to border guards is a radioactively bad idea; and that doing nothing potentially puts your friends and loved ones at risk. He discounts (seemingly out of hand) the possibility of putting curbs on government intrusion, possibly because fixing this in the USA still leaves us vulnerable at other countries' borders -- but of course, other countries often take their lead from the US in these matters.
Google already has internal procedures to protect its trade secrets while its employees travel -- getting these measures in place for all of us would only be for the good. And as Cegłowski says, "If you want to put an always-on microphone in my home, then protect me at the border."
A trip mode should also strike a balance between privacy and usability. You want enough of your contact list and message history on the site for it to still be useful, but not enough to hurt people if you’re forced to surrender your password, or if someone gains access to your device through other means.
Most importantly, such a mode should not put people in the position of attempting to talk their way past border guards. Border interviews are tense situations where it’s easy to put yourself in danger—lying to a Federal agent is a felony—or be pressured into making bad decisions.
The only people who can offer reliable protection against invasive data searches at national borders are the billion-dollar companies who control the servers. They have the technology, the expertise, and the legal muscle to protect their users. All that’s missing is the will.
Facebook has already done something similar with messaging. By baking state-of-the-art end-to-end encryption into WhatsApp, used by a billion people, they scored a major victory against dragnet surveillance. (Of course, being Facebook, they weren’t able to resist mining the metadata to feed their advertising platform.)
[Maciej Cegłowski/Idle Words]
(via 4 Short Links)