I'll Never Take My Phone on an International Flight Again - Neither Should You
A few months ago I wrote about how you can encrypt your entire life in less than an hour. Well, all the security in the world can’t save you if someone has physical possession of your phone or laptop, and can intimidate you into giving up your password.
A few weeks ago, that’s precisely what happened to a U.S. citizen returning home from abroad.
On January 30, Sidd Bikkannavar, a U.S.-born scientist at NASA’s Jet Propulsion Laboratory, flew back to Houston, Texas, from Santiago, Chile.
On his way through the airport, Customs and Border Patrol agents pulled him aside. They searched him, then detained him in a room with a bunch of other people sleeping on cots. They eventually returned and said they’d release him if he told them the password to unlock his phone.
Bikkannavar explained that the phone belonged to NASA and had sensitive information on it, but his pleas fell on deaf ears. He eventually yielded and unlocked his phone. The agents left with his phone. Half an hour later, they returned, handed him his phone and released him.
We’re going to discuss the legality of all of this, and what likely happened during that 30 minutes where Bikkannavar’s phone was unlocked and outside of his possession.
But before we do, take a moment to think about all the apps you have on your phone. Email? Facebook? Dropbox? Your browser? Signal? The history of everything you’ve ever doneâ€Š—â€Ševerything you’ve ever searched, and everything you’ve ever said to anyoneâ€Š—â€Šis right there in those apps.
“We should treat personal electronic data with the same care and respect as weapons-grade plutoniumâ€Š—â€Šit is dangerous, long-lasting and once it has leaked there’s no getting it back.”â€Š —â€ŠCory Doctorow
How many potentially incriminating things do you have lying around your home? If you’re like most people, the answer is probably zero. And yet police would need to go before a judge and establish probable cause before they could get a warrant to search your home.
What we’re seeing now is that anyone can be grabbed on their way through customs and forced to hand over the full contents of their digital life.
Companies like Elcomsoft make “forensic software” that can suck down all your photos, contactsâ€Š—â€Ševen passwords for your email and social media accountsâ€Š—â€Šin a matter of minutes. Their customers include the police forces of various countries, militaries, and private security forces. They can use these tools to permanently archive everything there is to know about you. All they need is your unlocked phone.
“If one would give me six lines written by the hand of the most honest man, I would find something in them to have him hanged.”â€Š —â€ŠCardinal Richelieu in 1641
What’s the worst thing that could happen if the Customs and Border Patrol succeed in getting ahold of your unlocked phone? Well…
- Think of all of the people you’ve ever called or emailed and all the people you’re connected with on Facebook and LinkedIn. What are the chances that one of them has committed a serious crime, or will do so in the future?
- Have you ever taken a photo at a protest, bought a controversial book on Amazon or vented about an encounter with a police officer to a loved one? That information is now part of your permanent record, and could be dragged out as evidence against you if you ever end up in court.
There’s a movement within government to make all data from all departments available to all staff at a local, state and federal level. The more places your data ends up, the larger a hacker’s “attack surface” isâ€Š—â€Šthat is, the more vulnerable your data. A security breach in a single police station in the middle of nowhere could result in your data ending up in the hands of hackersâ€Š—â€Šand potentially used against you from the shadowsâ€Š—â€Šfor the rest of your life.
Wait a second. What about my Fourth and Fifth Amendment rights? Isn’t this illegal?
The Fourth Amendment protects you against unreasonable search and seizure. The Fifth Amendment protects you against self-incrimination.
If a police officer were to stop you on the streets of America and ask you to unlock your phone and give it to him, these amendments would give you strong legal ground for refusing to do so. But unfortunately, the U.S. border isn’t technically the U.S., and you don’t have either of these rights at the border.
It’s totally legal for a U.S. Customs and Border Patrol officer to ask you to unlock your phone and hand it over. He can detain you indefinitely if you don’t—even if you’re an American citizen.
The border is technically outside of U.S. jurisdiction, in a sort of legal no-man’s-land. You have very few rights there. Barring the use of “excessive force,” agents can do whatever they want to you.
So my advice is to just do whatever they tell you, and get through customs and into the U.S. as quickly as you can.
The U.S. isn’t the only country that does this.
It’s only a matter of time before downloading the contents of people’s phones becomes a standard procedure for entering every country. This already happens in Canada. And you can bet that countries like China and Russia aren’t far behind.
“Never say anything in an electronic message that you wouldn’t want appearing, and attributed to you, in tomorrow morning’s front-page headline in the New York Times.”â€Š —â€ŠColonel David Russell, former head of DARPA’s Information Processing Techniques Office
Since it’s illegal in most countries to profile individual travelers, customs officers will soon require everyone to do this.
The companies that make the software that downloads data from your phone are about to get a huge infusion of money from governments. Their software will get much fasterâ€Š—â€Šmaybe requiring only a few seconds to download all of your most pertinent data from your phone.
If we do nothing to resist, pretty soon we will all have to unlock our phones and hand them over to customs agents while we're getting our passports swiped.
Over time, this unparalleled intrusion into your personal privacy may come to feel as routine as taking off your shoes and putting them on a conveyer belt.
With this single new procedure, all the hard work that Apple and Google have invested in encrypting the data on your phone, â€Šand fighting for your privacy in courtâ€Š, â€Šwill be a moot point. Governments will have succeeded in circumventing decades of innovation in security and privacy protection. All by demanding you hand them the skeleton key to your life: â€Šyour unlocked phone.
You can’t hand over a device that you don’t have.
When you travel internationally, you should leave your mobile phone and laptop at home. You can rent phones at most international airports that include data plans.
If you have family overseas, you can buy a second phone and laptop and leave them at their home.
If you’re an employer, you can create a policy that your employees are not to take devices with them during international travel. You can issue them “loaner” laptops and phones once they enter the country.
Since most of our private data is stored in the cloudâ€Š—â€Šand not on individual devicesâ€Š—â€Šyou could also reset your phone to its factory settings before boarding an international flight. This process will also delete the keys necessary to unencrypt any residual data on your phone (iOS and Android fully encrypt your data).
This way, you could take your physical phone with you, then reinstall apps and re-authenticate with them once you’ve arrived. If you’re asked to hand over your unlocked phone at the border, there won’t be any personal data on it. All your data will be safe behind the world-class security that Facebook, Google, Apple, Signal, and all these other companies use.
Is all this inconvenient? Absolutely. But it’s the only sane course of action when you consider the gravity of your data falling into the wrong hands.
If you bother locking your doors at night, you should bother securing your phone’s data during international travel.
This may upset Customs and Border Patrol agents, who are probably smart enough to realize that 85% of Americans now have smart phones, and probably 100% of the Americans who travel internationally have smart phones. They may choose to detain you anyway, and force you to give them passwords to various accounts manually. But there’s no easy way for them to know which services you use and which services you don’t use, or whether you have multiple accounts.
We live in an era of mass surveillance, where governments around the world are passing new anti-privacy laws every year.
“Those who are willing to surrender their freedom for security have always demanded that if they give up their full freedom it should also be taken from those not prepared to do so.” â€Š—â€ŠFriedrich Hayek
With a lot of hard work on our part, enlightenment will triumph. Privacy will be restored. And we will beat back the current climate of fear that’s confusing people into unnecessarily giving up their rights.
In the meantime, follow the Boy Scouts of America motto: always be prepared. The next time you plan to cross a border, leave your phone at home.