How to legally cross a US (or other) border without surrendering your data and passwords

This is some fucking Soviet Russia papers-please bullshit.


The two-factor issue is interesting. I would probably just give up passwords because I use two-factor on my main accounts.

1 Like

First… do not carry anything risky on your phone or laptop. If you’re REALLY paranoid or sloppy, have two phones and two laptops… your usual one and the one you use for travel. The travel one should have ‘real name’ accounts only that you set up and keep clean.

Second… don’t try the ‘hidden partition’ or ‘encrypted archive’ thing. CBP agents aren’t stupid and they’re trained in these things. Finding a locked archive or hidden partition is essentially admission that you’re carrying something risky.

Third… people, this is 2017. Keep sensitive material on the Internet, not on your laptops and phones. You can wipe your links and browser cache and voila… instant clean laptop. If you use Chrome, you can recover all of than when you get to your destination, or in the airport on the other side of the security wall. BTW, while I’m not a big fan of Chromebooks - this is one case where they are literally the best possible solution. Log out of your regular account, wipe it, and log into your clean account before hitting the border.

Where this gets tedious is if you’re a regular traveller - someone who holds a NEXUS card, for example. I’ve been using my card for years without issue. Then this week for the first time, I was heading into the US by car recently and they were stopping a lot of NEXUS card holder for ‘compliance’ checks.

They didn’t ask to look at my phone or laptop, but they asked a LOT of oddball questions and searched my car.

In the end, remember - you’re going into another country. Unless you’re an EU citizen and you’re going into another EU country, the border patrol of ANY country has every right to stop and search you without cause. They also have every right to refuse your entry. If you’re carrying illegal goods you can be detained and charged with various things the minimum of which is smuggling.

Also remember - that gap between your country and theirs is a ‘special area’ where you’re technically not in either country. Your rights are significantly less than they would be in either country. Quoting rights and attitude won’t buy you anything here. Learn the rules, learn what you can bring across and plan accordingly.

As for NEXUS, it’s not a ‘get out of border hassles free’ card even though it does feel like that sometimes. NEXUS cardholders are actually subject to a whole set of special rules like ‘no non-NEXUS passengers’ or the one that regularly trips people up ‘no third party purchases’ while coming back from the other country. A NEXUS card is not a right - it’s very much a privilege that can be taken away at any time.

In the end the best thing to remember is ‘I’m going into another country where I have no protection and much fewer rights.’


Even if I had unlimited, super-fast bandwidth while traveling (which, in my experience: no), it’s not a matter of just downloading some files. Again, my point was that I would need to, for instance, blank my phone - and then reinstall all the apps and email access when I wanted to actually use it (which I would need to do from my computer, which I wouldn’t have with me, because I couldn’t simply download my existing app versions), etc. just to travel, which becomes an absurd task. The whole reason to have a laptop would be the data it had already installed and configured on it, so carrying around a blanked laptop makes no sense at all. So yeah, this may all be very practical - but only if one has a very different life and data use from my own. And it doesn’t change my point - that to cross the border without surrendering data, it’s apparently necessary to not actually have it. (Further protips: How to avoid surrendering cash by not having any. How to avoid surrendering your rights by not asserting any…?)


If you’re travelling around your home country - all of what you’re saying is reasonable. Except that’s not the case. You’re going into another potentially hostile country where your rights are restricted. If you take the ‘but I don’t want the inconvenience of having to keep files on the web’ attitude with you - well, you will eventually get into trouble. In the past, the odds were low - but as I just discovered, things are different now.

1 Like

Shuck, here’s the reality, the CBP’s job isn’t to make your life easier. In fairness, it’s not the job of ANY country’s border guards to do that.

Until now, the Canada/US border (to use an example) has been very lax, but under Bush, it got tighter. Suddenly after decades of passport-less travel, we had to have passports to go into the US. Under Trump, this just got worse and I expect it to get even more ‘less than ideal’.

It’s one of those things where the only way to change things is to elect the people who will make it easier.

Good luck with that. Right now, everyone is running around in… well… terror. The bad guys won.


Sure… the same way that locking the door to a house is admission that you are a fugitive, and putting money in a bank is admission that you are a thief.

Every single time each person cooperates with government goons deepens the precedent and broadcasts submission - not only of themselves, but also of everybody else. Smoothing things over because one’s short-term convenience is more important than one’s principles, or the long-term effects upon society, is precisely the same exact mechanisms they have used time and again to consolidate control over the average person. Doing anything possible to avoid ruffling feathers at the moment can have the consequences of enslaving everybody to that system over the long term.

The long con, the deep illusion is that it is only YOU versus them - an isolated, powerless social atom against some mighty institution. It only works for so long as they are effective at intimidating people into such despair that they are unable or unwilling to organize. The Feds are in reality a small minority, who happen to be organized themselves. So instead of the bad odds of being the lone individual who stands up against the local police, TSA, or border patrol - take them on collectively. It is possible to be polite, forceful, and firm in dealing with The State. They are your employees, after all, and abuses they carry out are perpetrated in your name, so it is the responsible thing to do.

It’s like rushing hijackers on a plane. Nobody wants to be the first to move, because a few people might get shot. But if they are crashing your plane anyway, then inaction and acquiescence are in actuality the riskier option.


It’s one thing to be required to render passwords to devices in your physical possession.

But being required to surrender social media passwords cannot possibly, remotely, be legal.


Same here and that would be my concern, you could land yourself in some truly kafkaesque bullshit when you tell them you’re not one of the 2 billion facebook users. You won’t be going anywhere any time soon.


You might just want to research what your rights and responsibilities are when re-entering the USA, especially if out of country more than 10 days.


Anyone have a secret partition and boot sequence phone? Seems like it’s doable.

Yeah, well that still leaves 5.4 Billion people who don’t use it. In my circle of friends and acquaintances most of them don’t use social media at all. Facebook is the only social media I use and that’s barely at all. Just contacts for old friends. Months can go by before I use it at all. Nor do I use any real information with Facebook or any other online account for that matter. US Customs is quite welcome to search Facebook to see if I have a real account listed under my name, they won’t fine one. And I’m sure as shit not dumb enough to bring anything through customs that’s going to get me in shit.


Well, as a non-facebook user i can tell you i’ve had plenty of looks of utter bewilderment and disbelief when i’ve told people i don’t have a facebook account. A lot find it inconceivable you wouldn’t have one and i think if you come from certain places in the world, the EU for example, some border guard lackey will likely take an answer in the negative as extremely suspicious. Besides, we all have facebook accounts even if we don’t literally have one - shadow profiles.


The thing is this; which social media? It won’t be Baidu because the Chinese are more effective at censorship than the US and anyway I doubt many of the DHS can read it. VK, well, perhaps you’re getting your instructions from Putin via innocuous looking posts on your page? Ars? Disqus? The Register (a hotbed of anti-Trump, anti-Microsoft, anti-Apple sentiment these days)? Once they get suspicious, how far are they going to trawl? Hit you over the head with a lead pipe till you reveal your nick and password?

Either the DHS hasn’t really thought this through or, more worryingly, they have.


In terms of military effectiveness per dollar spent, Osama bin Laden must rank as one of the most successful commanders in history. (Military effectiveness includes economic damage and régime change.)


They can do whatever they want whenever they want if you’re in their zone of control.


Well, when I cross the border, it is usually for my Silicon Valley employer to meet one of the four people on my team who lives in another country (my entire team gets together every six months and we move our meetings around). In that instance, I’m carrying my work laptop and have my work lawyers on speed dial. “Nope, I can’t unlock this. I work in security for so-and-so. You’ll need my legal staff to inform me that I should unlock this as it is their property.”

I may get detained for it but I really do have access to our legal staff and we don’t make a habit of giving our security work to drones in the government so it will be a shit fight.


No but they can take your devices out of your sight and install/do whatever they want to them.

If your device leaves your sight, you should hard reset it, never use it again, and sell it as your next step.


The problem is not traveling to a “another… hostile country” - but returning to my own.


I haven’t thought this all the way though, but today I had the idea, that if I traveled abroad before I left I would create a LastPass emergency code, print it, and store securely somewhere outside my home. Probably with an encrypted backup of the database.

Before returning to the US, I would change the password of my Lastpass account, and expire any and all connections. I would change it to a random string which I don’t know. there are plenty of ways I could get a high entropy impossible to crack password into the clipboard without seeing it.

Then I literally could not give my password to anyone at the border. When asked for it, I could honestly say, I don’t know it. And since all my other passwords were generated by last pass, and stored there, I honestly don’t know them too.

Where’s the flaw in this plan? How could I improve it?