Digital security - crossing borders and getting through checkpoints
RPS Partnership - 4 November 2019
Whilst teaching digital security updates for our Hostile Environments Training (HET and HEFAT), we have signposted our delegates to the Rory Peck website, for further information. There is some excellent information here. The following information is from the Rory Peck website and provides advice for those travelling across borders with information that you may not want to be passed on.
"Freelance journalists and NGOs travel frequently and often carry devices which hold both personal and work information. This can make you vulnerable at border crossings and at checkpoints where devices can be inspected, tampered with or sometimes confiscated. If border staff get access to a device they may be able to quickly copy any data stored on it, even if it’s locked. Border staff could also request that you turn on your devices and log in, including entering encryption passwords. There are several important steps that you can take to secure your devices and minimise these risks before you travel."
"Before you travel to the border
- It is good practice to travel with clean devices. These include a computer and/or phone that are used only for travel. These devices should not contain any personal documentation or data from other stories and journalists should carry out a factory reset on devices after each trip.
- If you do not have separate devices for trips and you are travelling with your personal computer and/or phone, you should ensure you backup your data on an external hard drive, and carry out a factory reset of your devices.
- Know what information is stored on your devices and understand how it could put you or others at risk.
- If you’re leaving a country and don’t want to carry your sensitive information with you through the border, use a secured internet access to upload it to a locked-down cloud storage environment and unlink your device from that account. You will normally need a strong Internet connection to be able to do this.
- Turn on full-disk encryption for your devices. This is a standard option on most all modern devices and fairly simple to do. It will ensure that border security will not be able to copy your information without your knowledge. They may, however, ask you to decrypt the information. Make sure that you know the laws around encryption in the country you’re going to, before travelling.
- Maintain active backups of all your information on all your devices.
- Log out of all accounts before approaching any border control area. Clear your browser history on all search engines you have used.
In Firefox you can sign out everywhere by clicking Edit > Preferences > Privacy & Security > Cookies and Site Data > Clear Data.
In Chrome: Edit > Preferences > Advanced > Clear browsing data, then setting Time Range to “All time” and selecting “Cookies and other site data”.
- Log out of and/or remove apps from your phone that if left open could give border guards access to your personal accounts.
- Make sure all your devices are secured with pin lock codes or passwords.
- Set up your devices to remote wipe. This will allow you to remove content from your devices if they are taken from you. See the section on Remote Wiping below.
- Research your rights, and make a plan of what to do if you are detained at a border. Make sure you know the laws governing encryption, use of VPNs, and laws around pirated software both for the country you are leaving and the country that you are entering.
At the border
- Power off (not sleep or hibernate) all your devices before entering the border control area. This ensures the disk encryption is active.
- Try not to let your devices out of your sight and keep an eye on your equipment as it passes through security.
- Do not turn on your mobile until you are well away from the border control area. Do not make calls or send SMS messages until you are away as this data can sometimes be captured locally.
At a checkpoint
- Put your devices away and keep them out of sight, if possible.
- Power off (not sleep or hibernate) your devices if it is safe to do so.
- Follow best practice around physical security at a checkpoint.
Setting up your device to remote wipe
You can set up your devices to remote wipe if they are taken from you. You will need to have set up this feature before you travel. Remote wiping will remove all data on the device and this content will be lost unless you have made a backup. Remote wipe will only work if the device is connected to the Internet. If you believe you are likely to be detained on a trip by the authorities or other adversaries you may wish to give someone you trust access to remote wipe your devices."
If you are interested in coming on one of our courses, please do get in touch and have a chat about your requirements. In the first instance pls email us on [email protected]
Photo: RPS Partnership