Traveling with Technology: An Information Security Guide

Traveling with Technology Security Magazine November 2017

November 1, 2017

Traveling abroad with technology brings with it certain risks and may subject you to government surveillance in ways that are different from domestic travel. According to the FBI, you shouldn’t expect privacy in most countries outside the United States. Although some countries are more likely to engage in surveillance than others, you get the point. Your data is less secure when you travel.

Ask the Feds

The FBI knows a lot about spies, and a lot about spying. Public reports describe governments surreptitiously taking control over electronic devices by having hotel Wi-Fi networks push fake software patches and by using cell towers to “update” your phone’s firmware. So, when the Bureau offers advice about protecting secrets, it’s worth paying attention. Here’s the FBI’s advice:

If you can do without your normal device, leave it home and use a clean one.
Don’t take sensitive information (including digital and paper files, email, text and voice messages).
Consider creating new, throwaway email accounts.
Don’t leave electronic devices unattended (this includes checked bags and hotel safes).
Clear your Internet browser after each use (or use private mode).
Be leery of public equipment (the hotel business center may have a keystroke logger; seemingly secure communications may only appear encrypted; charging kiosks may be infected).
Avoid Wi-Fi networks.
Don’t plug somebody else’s thumb drive into your computer.
Update your software before you travel.
Use encryption.

Take Advice of Counsel

Interestingly, the same tips the FBI gives Americans to protect their privacy abroad, are important to consider when re-entering the United States Did you know that DHS employees search an average of 45 cellphones and laptops a day at U.S. borders – and that U.S. citizens are among those being searched – all without the need for a warrant or individualized suspicion of a crime? These warrantless border searches, which include demands for passwords and at times the temporary confiscation of devices, are the subject of a pending federal lawsuit.

The New York City Bar Association recently issued a formal opinion regarding an attorney’s ethical duties at the U.S. border. Yes, you read that right. This is not advice to U.S. lawyers when traveling abroad. It’s advice for returning home. In addition to using blank or encrypted “burner” devices, they recommend considering these steps:

Use cloud services with secure, encrypted remote access.
Turn off syncing of cloud services to avoid storing data locally.
Sign ;out of web-based services.
Uninstall applications that provide local or remote access to confidential information.
Securely delete anything that was stored locally.

Take One Tablet, With Meals

For businesses that provide loaner devices, tablets may be an especially good international choice. They are easier to restore to factory settings, their standardization helps determine potential export control restrictions, and they may be compact enough to carry with you throughout the day. Granted, complete risk aversion can interfere with getting work done, especially during a long plane trip. So, sit back, relax and enjoy the in-flight entertainment.

Steven Chabinsky is global chair of the Data, Privacy, and Cyber Security practice at White & Case LLP, an international law firm. He previously served as a member of the President’s Commission on Enhancing National Cybersecurity, the General Counsel and Chief Risk Officer of CrowdStrike, and Deputy Assistant Director of the FBI Cyber Division. He can be reached at chabinsky@whitecase.com.

Pandemics, Recessions and Disasters: Insider Threats During Troubling Times

ON DEMAND: The insider threat—consisting of scores of different types of crimes and incidents—is a scourge even during the best of times. But the chaos, instability and desperation that characterize crises also catalyze both intentional and unwitting insider attacks. Learn how your workers, contractors, volunteers and partners are exploiting the dislocation caused by today's climate of Coronavirus, unemployment, disinformation and social unrest.

Industrial Cybersecurity: What Every Food & Bev Executive Needs to Know

ON DEMAND: There's a lot at stake when it comes to cybersecurity. Reputation, productivity, quality. Join us to discuss the future of your global security strategy and a path forward with trusted partners Cisco and Rockwell Automation, and turn your Food & Bev security challenges into strategic advantages that drive business value.

Poll

Who has ownership or primary responsibility of video surveillance at your enterprise?

View Results

Poll Archive

Products

Effective Security Management, 7th Edition

Effective Security Management, 5e, teaches practicing security professionals how to build their careers by mastering the fundamentals of good management. Charles Sennewald brings a time-tested blend of common sense, wisdom, and humor to this bestselling introduction to workplace dynamics.

See More Products