I was at a networking event last night and I was speaking to a colleague who was planning a business trip to the US next week and she was speaking about her concerns crossing the border. As a side note I mentioned that she should think about the technology she was bringing with her as border guards can request to look through the data on her phone or laptop.
She was surprised as many are, but the reality is that this practice is becoming increasingly common not only with US Immigration but also Canadian Border Services Agency (CBSA) officers, and border security in many other countries.
Border officers are permitted to complete a search of a traveller’s possessions when they are requesting entry to Canada or the USA. This ability to search includes searching any electronic devices and the data stored on them. This practice can be applied to both non- citizens and citizens of the country in question.
In theory, such a search should be justified. The officer should have cause or some justifiable reason before they take such an invasive action, however cause to one person may not be cause to another, and justification can often be easy to find.
Password protection doesn’t protect you at the port of entry. Officers can demand that you provide your password. If you refuse they can subsequently refuse your entry or confiscate your phone and have the password cracked. Some creative officers have also been known to ask to see your travel itinerary, which most of us store on our phones, and then search the devise while they have it unprotected and in hand.
Searches by CBSA are limited to the information actually located on the device and they are not supposed to access any remote information such as data stored in the cloud, however US immigration does not have similar restrictions.
So, this question begs, how to I protect myself from such a search? Some say just don’t travel with your phone or laptop. However, not traveling with your phone can in itself be considered suspect activity, and for most of us who travel for business, it is simply not a practical solution.
The best way to protect yourself is to be thoughtful about what information you are carrying on your device before you travel:
- Remove what is not necessary
- Information that is privileged, confidential, or otherwise protected that you require for your business travel should be stored remotely, such as in a secured cloud and then retrieved once you need it (but remember to clear it again before you return home)
- Think about the content of text messages and photos on your phone. Anything that suggests suspect activity, even if it is innocent, needs to be cleared
A good example of the last point is the following. When texting I often refer to people using their first initial. I had arranged to meet a friend for coffee after I had dropped my daughter at school. My daughter’s name starts with an E. I was running late and texted my friend the following: “Just dropped E. Be there soon.” Can you imagine what an immigration officer would with that!