“Not everybody has the same risk profile,” says Molly Rose Freeman Cyr, a member of Amnesty International’s Security Lab. “A person’s legal status, the social media accounts that they use, the messaging apps that they use, and the contents of their chats” should all factor into their risk calculus and the decisions they make about border crossings, Cyr says.
If you feel safe refusing a search, make sure to disable biometrics used to unlock your device, like face or fingerprint scanners, which CBP officers can use to access your device. Instead, use only a PIN or an alphanumeric code (if available on your device). Make sure to keep your phone’s operating system up to date, which can make it hard to crack with forensic tools.
You should also consider factors like nationality, citizenship, profession, and geopolitical views in assessing whether you or someone you’re traveling with could be at higher risk of scrutiny during border crossings.
In short, you need to make some decisions before you travel about whether you would be prepared to refuse a device search and whether you want to make changes to your devices before your trips.
Keep in mind that there are simple steps anyone can take to keep your devices out of sight and, hopefully, out of mind during border crossings. It’s always a good idea to obtain a printed boarding pass or prepare other paper documents for review and then turn your phone off and store it in your bag before you approach a CBP agent.
Traveling with an alternate phone
There are two ways to approach device privacy for border crossings. One is to start with a clean slate, purchasing a phone for the purpose of traveling or wiping and repurposing your old phone—if it still receives software updates.
The device doesn’t need to be a true “burner” phone, in the sense that you will be carrying it with you as if nothing is out of the ordinary, so you don’t need to purchase it with cash or take other steps to ensure that it can’t be connected to you. The idea, though, is to build a sanitized version of your digital life on the travel phone, ideally with separate communication and social media accounts created specifically for travel. This way, if your device is searched, it won’t have the back catalog of data—old text messages, years of photos, forgotten apps, and access to many or all of your digital accounts—that exists on your primary phone and could reveal details of your political views, your associations, or your movements over time.
Starting with a clean slate makes it easy to practice “data minimization,” or reducing the data available to another person: Simply put the things you’ll need for a trip on the phone without anything you won’t need. You might make a travel email address, some alternate social media accounts, and a separate account for end-to-end encrypted communications using an app like Signal or WhatsApp. Ideally you would totally silo your real digital life from this travel life. But you can also include some of your regular personal apps, building back from the ground up while determining on a selective basis whether you have existing accounts that you feel comfortable potentially exposing. Perhaps, for example, you think that showing a connection to your employer or a community organization could be advantageous in a fraught situation.
