Laptop prep for international travel

On my last two trips out of the US, airport security at my destination was armed with automatic weapons. There was a permanent military checkpoint on the highway we had to pass through each time we returned from a rural area.

Based on what little I know about some of the regulars here, I suspect we are all blessed to live in our home countries.

Good advice. Some countries do not allow you to bring in encrypted devices, and the U.S. government prohibits taking encrypted devices to some countries. I always check the advisories at travel.state.gov.

IMO the biggest risk is my devices may be lost or stolen. I decided a long time ago if law enforcement or border security, etc. ever “demand” I unlock my phone, etc. I will probably comply. However, if they take it out of my sight I’ll never use it again.

Is this a business trip or leisure travel?

@webwalrus, I know you told us this before, but WHAT BUSINESS ARE YOU IN? :rofl:

P.S. If you had your choice, which actor would you like to portray your character in the Amazon Original film adaptation of your upcoming international travel incident? :sunglasses:

1 Like

Tailscale is a fantastic option for this use case.

I’m a web dev that does server admin. But I do have a rather large number of customer credentials in my password manager, and documents that I would think the customers don’t want handed out.

If they “search” your device and decide to make a copy, that information gets filed away - and the protections on that information are questionable at best.

Courts have actually determined that border agents can compel a fingerprint unlock. The reason it’s okay is due to the “border search exception”: Border search exception - Wikipedia

as noted here: How to Protect Your Phone From Border Searches

The distinction is a subtle but important one: Your PIN or password is information you have memorized in your mind, which courts have repeatedly affirmed you cannot be forced into giving up. Your body, however, is not so free — so federal agents can force you to unlock your phone using your fingerprint. You may want to disable that fingerprint-unlock feature on your phone before you travel.

And regardless, your assumption that they wouldn’t take a phone they couldn’t unlock doesn’t hold. I used to work for a criminal defense attorney. Not complying with law enforcement demands frequently results in law enforcement being jerks - whether or not it makes sense objectively. Losing your phone for a week or more because you won’t unlock it is not a good outcome.

It’s very well-established that a lot of your typical Fourth Amendment rights don’t exist at the border.

1 Like

And if Wikipedia isn’t your cup of tea, here’s a Congressional Research Service report (pdf) on the topic from March 2021: https://crsreports.congress.gov/product/pdf/LSB/LSB10387

2 Likes

Literally every airport I’ve traveled through had security with automatic weapons somewhere. 9/11 changed everything. I haven’t been everywhere but have done a fairly significant amount of international travel.

And where in the US were you that had a “permanent military checkpoint”? I think this is a mischaracterization…

2 Likes

He said “trips out of the US” and “at my destination” so I don’t think he was referring to U.S. airports.

2 Likes

I read this as talking about the foreign country, not about the US. But that said, it wouldn’t surprise me if ports of entry had significant military presence - even in the US.

1 Like

My .02 - don’t encrypt anything, and in the rare instance that they ask, unlock your laptop on request. Unless your clients are involved in drug smuggling or money laundering you’ll get your laptop back in a hopefully reasonable time and you won’t have to do any extremely inconvenient prep. Maybe put all your client-related apps behind passwords too, just for kicks. But really, what border guard is going to log into your client’s servers and root around and steal corporate data?

I want to thank you for feuling my desire to buy an M2 Air for travel :stuck_out_tongue:

2 Likes
  1. The Wikipedia article and the article you cite do NOT state that a border agent may physically force you to use your fingerprint. The only cases where a person was physically forced to provide a fingerprint was in the context of a warrant.
  2. The articles you cite also explicitly state that you cannot be “forced” to provide a password.
  3. There has NEVER been a case where an American entering the USA was required to provide a password or, for that matter, a fingerprint without a warrant.

Therefore, since your computer can be protected by a password, it seems that simply protecting your computer with a password is sufficient. All these other maneuvers are way over the top. I don’t understand this level of paranoia. Why would you be the first person ever subjected to a random, unwarranted, forceful opening of your laptop by a border agent?

I cannot comment about going into countries other than the USA. There are countries that it is dangerous for an American to simply be with or without a laptop.

Believe me if what you suggest occurred to you, it would be front page news in the New York Times.

I think most agree to keep the solution simple and look normal, since customs is friendly. The highest ROI approach comes down to webwalrus’ setup and how quickly he personally can remove the bits that he values protecting or has been asked to protect. The highest ROI approach is doing nothing for many people.

For me, it takes a few minutes to protect private keys and some other passwords and enable travel mode, so I’m willing to do it. That’s in the same league of effort as packing first aid or a flashlight, also arguably paranoid.

I think you’re right. I did it again…

Given what happened to Sidd Bikkannavar, I get why people might take precautions.

I wasn’t referring to the US. Just that with all our problems most of us are far better off than many parts of the world.

1 Like

Does your employer or any of your customers have guidelines/rules for international travel?

I wouldn’t be surprised if you’re not even allowed to take a laptop, with company stuff on it, on (some) international trips (to protect Intellectual Property).

2 Likes

I just want to push back against the idea that only bad guys breaking the law have any interest in privacy or avoiding revealing information to government agencies.

“If you aren’t breaking the law, you have nothing to worry about” is lazy thinking, whether you agree with government policy or not, whoever is running a government, and whether we’re talking about the US, other democratic societies, or authoritarian regimes.

I don’t know if that’s what you meant, but it’s definitely a refrain heard a lot around digital privacy discussions.

4 Likes

Rest assured that any copied content of the hard drive can and will find its way to a competent third person or agency for further analysis, if deemed valuable enough.

Keep your user data or passport database on an external server or storage medium. Encrypted with a password you don’t know (i.e. a password that only a trusted person will tell you after having crossed the border).

1 Like