Hello,
I am trying to gather some information on steps, procedures, and options for increasing privacy while crossing into the US.
My girlfriend goes to school in Canada and crosses the borders frequently throughout the year for; long weekends, extended holiday breaks, semester breaks, and summer breaks.
She’ll be going back to Canada for this next year and with everything happening she’s asked me to help her find ways to limit her exposure to data being reviewed or stored as she’s studying a more Social/Liberal Arts degree which could flag her as a target because of the current political climate.
I’ve also suggested possibly limiting border crossing instead of coming back as often as she used to.
I’m working through articles and finding things from EFF and ACLU, but would happily taken suggestions, guidance, or any direction from anyone willing to share.
I’ve considered trying to find a way for her to backup her devices, maybe store those backups in the cloud, create “decoy” states of her devices (elaboration below), then restore the original state of the devices once she’s safely past the border.
Devices:
iPhone 11 [18.6]
MacBook Air 13 [Possibly Sequoia 15.5, as stated in her iCloud, she doesn’t have it with her right now]
For “decoy” device states, I mean having some apps and data on the devices, but nothing identifying/or that might otherwise give agencies data to further search (online account names/services, stored passwords, large collections of contacts/message histories, etc.)
I’ve suggested trying to switch to android/PC devices to provide alternative privacy/security options, but her family pays for the devices so it’s just the same brand as whatever they have. So, that’s not an option at this point, but any statements regarding increased effectiveness, or even lack thereof, by switching to different brand devices may help with any future transition considerations.
Thank you very much for taking the time to read through my post and any guidance you might be able to provide is highly appreciated.
Three basic options exist:
Burner: Take a device that isn’t a normally used device for each category. Make sure it has nothing you care about on it, no incriminating web history, no accounts logged in or saved as cookies that are incriminating, etc, etc. This is simplest, most expensive, but also most fool-proof against all possible threats.
Wiped: Wipe the device before travel, possibly backing things up in the cloud to download after arriving. You’ll have to back up again with any changes you make and wipe again before traveling back then at your final destination again restore the device from backups. If you have serious fears of close inspection or forensic analysis then it would behoove you to use a secure erase feature on the drive and reinstall the OS rather than just trying to delete problematic files. For smartphones especially doing this and restoring from a cloud back-up can be pretty easy, for laptops it’s more of a pain.
Mail ahead: Take the devices to a package service, UPS, FedEx, DHL, etc ahead of time, mail them ahead of or just behind you so they arrive just before or slightly after you. For this to work you need a fixed accommodation that can accept packages and which you trust to store them and give them to you. This technically doesn’t prevent mail interception but unless you’re a high value target that’s unlikely at present as its kind of a multi-agency intentional effort thing. Still I’d mail the device in a fully encrypted state.
No other feasible options exist. You can encrypt yes and if you are a US citizen you cannot be denied re-entry (non-citizens can be not only denied entry but barred for years after for refusing to decrypt a device/cooperate) but they can seize your device and hold it for up to a year while trying to crack it and you’ll have to expend effort to get it back at the end of that period. They can also put you in a holding cell for hours or hypothetically up to a couple days if they really want to press it accuse you of something and be unpleasant during that time.