TSA Searches Phones and Laptops
Headlines: DIGITAL INTERROGATION? TRAVELERS' PHONES, SOCIALS SCANNED AT AIRPORTS...
Takeaway:
Personal electronic devices are subject to searches by the TSA and CBP agents -travelers beware. U.S. Agents may request full access to smart phones, tablets and laptops. Special emphasis is placed on search history, text history, and social media (e.g., Facebook). TSA/ CBP may temporarily confiscate the device, up to thirty days, or copy the contents of the entire disk for further investigation.
News about digital frisking is en vogue because of recent political events. However, this specific policy has been in effect before 2011 -during both Bush and Obama administrations. (Schneier, 2008). The less told story, however, is that data is at greatest risk when traveling to other countries.
Problem:
It may come as a surprise to learn that most Western governments do not respect individual privacy rights -digital or otherwise. For example, authorities at Paris Charles de Gaulle Airport are known to scan laptops (BBC, 1998). Devices are also subject to search when traveling through Canada, Australia, or the U.K -no warrants needed. (Hughes, 2014).Encryption to the rescue? Encryption may protect your data but it's not fail-proof. For starters, there are different types of encryption. Some types of encryption are considered strong and nearly impossible to break. However, encryption uses cryptographic algorithms that become obsolete within months or years. Implementing secure encryption can be a complicated process.
What's more, encryption may protect your data, but it will not stop a frustrated border patrol agent from taking your device or arresting you. (Hughes, 2014).
Why the Fuss?
There are two sides to every coin. Governments have legitimate national security issues to contend with. Digital search and seizure policies are a simple means to identify terrorists, child pornographers, and other criminal activity.On the other hand, the majority of international travelers are not criminals. At least in the U.S., and with exceptions, the right to privacy is a constitutional civil right. There are legitimate reasons to keep trade secrets, health records, or financial information secret.
Data at Risk
Not all inspections are invasive. Some agents may simply ask you to turn the device on. Others may causally browse its contents. However, there are situations that compromise data integrity:- If you provide a key code or password.
- If the device is removed from your line of sight.
- If the device is physically connected to another machine (e.g., scanned).
- If the device connects to an agent's network (Ethernet or WiFi).
If a device is compromised it can no longer be trusted:
- Your data is no longer confidential (e.g., pictures, credit cards, etc.)
- Your data may have been altered or deleted.
- The device may contain a viruses or malware.
- All of your passwords may be compromised.
- Your network accounts may be vulnerable (e.g., Exchange, VPN, RDP)
Conclusion:
In most situations, digital searches by the TSA/ CBP are probably harmless. However, it's prudent to take extra precautions when traveling outside the United States.Links:
http://www.vocativ.com/397897/travelers-affected-by-trump-ban-forced-to-unlock-phones-computers/https://www.eff.org/wp/defending-privacy-us-border-guide-travelers-carrying-digital-devices
http://www.stevenjordan.net/2014/08/network-security-international-and.html
http://www.stevenjordan.net/2016/09/ipsec-security-levels.html
http://www.stevenjordan.net/2016/09/secure-ikev2-win-10.html
https://www.theguardian.com/profile/bruceschneier
http://news.bbc.co.uk/2/hi/science/nature/150465.stm
https://www.theguardian.com/technology/2008/may/15/computing.securityFYI, data snooping occurs at most other international airports (e.g., British Russian , & Chinese).https://t.co/lfOjvbCS6W— Steven Jordan (@stevenuwm) January 31, 2017