Traveling with Technology: An Information Security Guide
Traveling abroad with technology brings with it certain risks and may subject you to government surveillance in ways that are different from domestic travel. According to the FBI, you shouldn’t expect privacy in most countries outside the United States. Although some countries are more likely to engage in surveillance than others, you get the point. Your data is less secure when you travel.
Ask the Feds
The FBI knows a lot about spies, and a lot about spying. Public reports describe governments surreptitiously taking control over electronic devices by having hotel Wi-Fi networks push fake software patches and by using cell towers to “update” your phone’s firmware. So, when the Bureau offers advice about protecting secrets, it’s worth paying attention. Here’s the FBI’s advice:
- If you can do without your normal device, leave it home and use a clean one.
- Don’t take sensitive information (including digital and paper files, email, text and voice messages).
- Consider creating new, throwaway email accounts.
- Don’t leave electronic devices unattended (this includes checked bags and hotel safes).
- Clear your Internet browser after each use (or use private mode).
- Be leery of public equipment (the hotel business center may have a keystroke logger; seemingly secure communications may only appear encrypted; charging kiosks may be infected).
- Avoid Wi-Fi networks.
- Don’t plug somebody else’s thumb drive into your computer.
- Update your software before you travel.
- Use encryption.
Take Advice of Counsel
Interestingly, the same tips the FBI gives Americans to protect their privacy abroad, are important to consider when re-entering the United States Did you know that DHS employees search an average of 45 cellphones and laptops a day at U.S. borders – and that U.S. citizens are among those being searched – all without the need for a warrant or individualized suspicion of a crime? These warrantless border searches, which include demands for passwords and at times the temporary confiscation of devices, are the subject of a pending federal lawsuit.
The New York City Bar Association recently issued a formal opinion regarding an attorney’s ethical duties at the U.S. border. Yes, you read that right. This is not advice to U.S. lawyers when traveling abroad. It’s advice for returning home. In addition to using blank or encrypted “burner” devices, they recommend considering these steps:
- Use cloud services with secure, encrypted remote access.
- Turn off syncing of cloud services to avoid storing data locally.
- Sign ;out of web-based services.
- Uninstall applications that provide local or remote access to confidential information.
- Securely delete anything that was stored locally.
Take One Tablet, With Meals
For businesses that provide loaner devices, tablets may be an especially good international choice. They are easier to restore to factory settings, their standardization helps determine potential export control restrictions, and they may be compact enough to carry with you throughout the day. Granted, complete risk aversion can interfere with getting work done, especially during a long plane trip. So, sit back, relax and enjoy the in-flight entertainment.