EFF presents: a guide to protecting your data privacy when crossing the US border

Originally published at: http://boingboing.net/2017/03/09/liminal-states.html

The only way I can think of to avoid this is not to carry any kind of electronic device if I travel outside of the country. No laptop, no tablet, no smartphone. Leave it all at home in a safe. Maybe take a digital camera, but outside of that…nothing.


Why not just out source your security to the Russians? For a couple hundred bucks, you can deliberately get some ransomware on there before re-entry to the US, then make the payoff when you return stateside!

Fool proof!


What I haven’t heard mentioned yet is the impact to those not traveling when one of their friends does? If I give up my password to FB, then they would have access to all of my Friends’ feeds as well as my own. That alone should be an illegal search, given that my friend isn’t traveling. This is no good.

Except that most people find that they actually need some form of internet access when travelling (think e-mail, booking hotels or cars, etc…).

1 Like

What the legislation ignores is that, in a modern world, we all have secrets to hide. Even the most basic, law-abiding citizen has at least one secret to hide: the credentials to his or her bank account.


This! I f***ing HATE the argument “if you aren’t doing anything wrong you have nothing to hide.” How would those people feel about me putting an infrared webcam in their bedroom, or hacking in to their baby monitor? They shouldn’t have anything to hide…

Man, i am really, really worried about this. I’m going to Philadelphia in July (I’m European) and because I’m going to a scientific conference, not taking my laptop is out of the question. Not taking my phone would be a real bother as well (although I will look into temporary devices). And I’m not sure I will be able to contain myself, should someone start asking really stupid questions. (Having long hair as a guy and the beard probably won’t help a lot either, if they decide to be suspicious.)

1 Like

Might this habit of snooping be a useful vector for for introducing malware into interesting networks?

Probably, the safest way is the following:
1 make an innocuous account on your laptop, with very little, but the email you used to require your esta certificate
2 make a backup of your real account with all you will need in the US
3 have this backup on a private server with strong encryption (vpn or similar), the password being in your head only
4 delete your main account
5 at the other side of customs, restore your backup

The problem is that it is pretty involved and your backup may be a bit big. The difficulty is to make the bogus account believable enough. Technically, you did nothing illegal by installing a bogus account and deleting the main one, but if customs find out, they will not like it nevertheless.

You may also want to test the restore part beforehand and check whether the services you need will not require two-step authentication with a token which is not in your backup.

You will lose access to your data, mail, social accounts, etc… for the time of the flight (until you can restore).


This topic was automatically closed after 5 days. New replies are no longer allowed.