Should You Take Your Phone To The United States?

February 18, 2017 CyberCecurity Leave a comment

An article on BBC.com really is asking that question.

Recently, NASA engineer Sidd Bikkannavar, a U.S. citizen working at NASA’s Jet Propulsion Laboratory was stopped at Houston customs. He was returning from Chile where he was racing solar power cars. Customs demanded that he hand over his phone and the phone PIN. When he protested that it was a NASA phone and contained sensitive information, but they told him he needed to give them the phone. They took the phone away after he gave them the PIN and brought it back 30 minutes later. Likely, they made an image copy of the phone.

Sidd had even been cleared by Homeland Security’s GLOBAL ENTRY program, where they do a background check on you in advance to speed you through customs and immigration.

Homeland Security Secretary John Kelly has talked about requiring visa applicants to turn over their social media account passwords. No passwords, no visa.

Some people are suggesting that downloading the contents of your phone and/or laptop is going to be standard issue to cross the border, both in the United States and other countries.

The BBC author decided to ask some questions, thinking this might be a bit extreme.

The UK Foreign Office said that they didn’t have any advice on the subject, but if the author was “trapped in immigration at JFK” with a customs and border patrol agent demanding his password, he could call the British embassy and arrange a lawyer.

The American embassy said that they would need to contact Washington and call him back. He is still waiting for that call.

If you have a concern, then leaving anything sensitive at home might be wise. Alternatively, you could encrypt your data and upload it to the cloud, download it once you are across the border and reverse the process before you go home. Make sure you scrub the laptop after you do that with something like CCLEANER.

I know of at least one company that gives employees burner laptops when they travel. The only data on the device is data that is (a) necessary for the trip and (b) approved by security. When the is over, the device is sanitized and re-inventoried for the next trip.

Obviously, everyone’s level of paranoia is different, but it seems like if you can reduce the threat level, that is always better. This is one case where less is more.

Given the amount of storage on all mobile devices these days (a phone with a hundred gigabytes of storage or more is not unusual), it is likely that there will be sensitive data on your device if you don’t do something about it.

And once you are across the border, then you only have to worry about the espionage agents of the host nation you are in.

Countries like France have a long and storied history of going into foreign business persons’ hotel rooms and cloning the disk on their laptop. They are hardly alone.

The Department of Defense has a detailed briefing for service personnel and contractors crossing the border.

In your case, the data in question could be trade secrets, business plans or just naked selfies of you and your friends.

In the case of Sidd, he contacted NASA security as soon as he could, powered down all of his devices and let them deal with it. They gave him new devices (which is really the only safe bet after you have lost physical control of the devices) and they will do whatever with the old devices.

For business people traveling internationally, it is probably better to plan for the worst and hope for the best than the alternative.

I may be a pessimist, but I don’t think it is going to get better any time soon.

Information for this post came from BBC.