Protecting your data while traveling
Protecting you & your data whilst traveling
disclaimer: this is not legal advice.
In the past years, much has changed about the way we travel. Border crossing globally have become more hostile to travelers and more intrusive. Sometimes requiring access to your phone and/or laptop and even requesting passwords to social media and personal apps like Tinder and Grinder, as well as access to sensitive company information as was recently experienced by a staff member of the NASA Jet Propulsion Laboratories.
It is important to know two things, firstly whilst you are within the boundaries of a border crossing you are essentially in a no man’s land where that country's normal legal protection of your privacy does not apply, many countries are making full use of this loophole in their laws to intimidate not only foreign travelers by also the own citizens. Secondly, as this intrusive behaviour ramps up in one countries, other countries see this as an opportunity to retaliate with similar sanctions.
If you are unwilling to unlock your computer or devices, you could well be barred entry into the country you are traveling to.
So how do you protect yourself and your data at border crossings? Particularly when entering potentially hostile countries.
Several articles have been written about using encryption technologies on your devices etc. However, the significant problem with these strategies is that if you are being coerced into unlocking your device or providing your computer password, the data on your devices will be exposed.
The easiest and possibly the more difficult path, is to simply not travel with any electronic devices, as suggested by other articles. I already can hear you saying “I need my computer or phone when I get to my destination”.
The alternative is to NOT travel with your data and NOT travel with your social media or personal media footprint.
How to do this?
I’ll break this down into two sections, travelling with the phone and dealing with sensitive information on your computer.
Regardless of whether you have an iPhone or Android-based phone, once it is unlocked, any border protection personnel will now have access to your Facebook account, your Tinder/Grinder/Scruff profile, your Whatsapp/Facebook messaging app, your Dropbox file access etc etc. You could log out of all these applications, but that will only result in border control asking for the passwords to these applications. So what’s the solution, three options spring to mind.
- Delete those sensitive apps, before entry into a country that is hostile to travelers
- Reset your phone before you travel and setup any apps when you have arrived in country
- Take a burner, not like a secret squirrel phone, just another phone that has nothing by phone OS and you can get a local SIM card and setup any apps once you have arrived.
Option 1 – delete any sensitive apps on your phone prior to entry into a country.
This is the easiest method, however you need to ensure you’ve deleted everything that could be considered sensitive or provide access to your companies data, including your email, DropBox or other file access system, Facebook etc. However, the downside with this option is that if the customs/border agents are forensically smart, they can activate your App store on your phone, download your Apps again and then demand that you provide passwords to them. Also you should make sure you clear your phones browser history as well.
Option 2 – Resetting your device to factory default setting
Is easy to do and will wipe any and all apps and data from our device, including access to your App Store.
To do this on an Apple phone go to
Settings->General->Reset-> Erase All Content and Settings
To do this on an Android Phone (may vary depending on Android version) go to
Settings->Backup and Reset->Factory data reset (at bottom)
Option 3 – Take a burner.
Purchase a cheap Android phone (even if you are an avid Apple fan boy/girl), make sure you have just a SIM and nothing else stored on the phone. Most larger businesses will have spare phones that can could be used for this purpose. I have a cheap model Samsung for testing Apps, and it would work perfectly fine for short trips and holidays. If you can afford it, a burner phone is your best option, just have your SIM installed and minimal contact information, enough to make it look like your everyday phone, but with nothing sensitive on it.
Some important notes
For options 1 and 2 - Make sure you have a backup of your phone before you travel and that the backup exists on a computer that is NOT the one you are traveling with. As some applications store their data in the cloud, e.g. Facebook Messenger, some Apps like WhatsApp and SMS/Text Messages store your data/conversations on the phone you are using. So, backups are important if you want to recover your conversations and data when you get home.
A lot of the same strategies apply to your laptop. Protecting sensitive company data and your personal data also requires some thought. There are a couple of options here.
- Purge your laptop of company files and personal info
- Take a loaner laptop.
Option 1 – Purging your laptop.
If you use Dropbox/Box/Egnyte/OneDrive for file storage and backup to cloud, you will want to firstly delete the App that you use to synch your files, then delete the files themselves. It’s important you do it in this order, if you delete the files first, your synching software will then instruct your cloud provider to delete the files as well. To delete or remove Dropbox/Egnyte Etc.
- Quit or Kill the App in question e.g. Quit Dropbox. Usually a right mouse click on the App and choose the Quit option.
- On a PC/Windows machine – go to Control Panel->Programs and Features. Locate the App and right mouse click choose Uninstall.
- On an Apple Mac computer, go to the Applications Folder, drag the App to the Trash can, make sure you then empty the Trash can.
Purge your Browser Cache, all modern browser have a clear cache option, you will also want to check any options about clearing passwords, as you don’t want custom agents to open Facebook, be presented with your logon and password information.
For example clearing chrome cache is done via the following instructions
- On your computer, open Chrome.
- At the top right, click More
- Click More tools Clear browsing data.
- In the box that appears, at the top, choose a time period, such past hour or past day. To delete everything, select beginning of time.
- Select the types of information you want to remove, including Passwords
- Click Clear browsing data.
Special Note for Apple Mac users, a lot of logon information (usernames and passwords) are stored in Keychain. You may need to purge keychain of all its saved data, particularly if you use Safari. Disconnect your AppleID before you do this - otherwise deleting items from Keychain will sync across all your devices.
Another option, if you use Chrome or another non-native browser (Safari native to Apple, Internet Explorer native to Windows) such as Firefox, Opera, TOR, is to uninstall these Apps prior to your departure for a hostile country.
Mail – depending on how sensitive you think the contents of your mail is – you might want to consider deleting your mail profile on your computer. Most business travelers use Outlook and this is fairly easy to do, and generally fairly easy to set up again when you are in the country. Or you can simply use Webmail through your browser while traveling.
Option 2 – take a loaner laptop.
Many mid-size to larger businesses will have loan or older laptops in storage, get your IT people to minimally configure a loan laptop for you. While this may not be an option for individuals or small businesses, consider renting a laptop in-country when you arrive. If renting you will need to ensure you clear all your data from the laptop before returning it.
If you don't have access to business loan laptops or can't afford to rent, then beg and borrow a laptop from a friend or IT friend (they usually have an old one lying around). Just make sure it is minimally configured and your don't install dropbox etc on it until your at your destination.
Dealing with Customs and Border Patrols.
It can be nerve-wracking dealing with customs officials, particularly in countries that are not welcoming to travelers. If they press you on why your devices don’t have certain App installed, you can always say the following;
- I don’t have a Facebook account (easier to get away with when you're older like myself)
- It’s a new phone, and I did not have a chance to set it up before I left for the airport
- It’s a company phone and company policy doesn’t allow the use of social media apps (which is generally true, most companies have a policy like this, usually they don’t enforce it).
Once you clear customs
Once you have cleared border patrol/customs and you are safely in your hotel or other accommodation. You can download and install the apps that you need. Both onto your phone and your laptop.
Most applications are pretty easy to install, but if you’re not confident doing this get your IT team/friend/guru to email you instructions – preferably to an email account not on your computer or device.
Once you have downloaded and installed your apps you can then sync your files and other data down to your device or computer. The worse case most cloud-based apps will have a web interface, that you can use as a short-term measure to access your files, email, and other information.
Some apps, as mentioned above, might not have recoverable data (e.g. WhatsApp) so your backup (back at home) is important so you can restore these app and their content/data when you return from your trip.