Protecting your devices
To protect your privacy when travelling, here’s what you can do.
First, use a cloud-based service such as Dropbox, Google Drive, OneDrive or Box.com to backup all of your data. Use another service like Boxcryptor, Cryptomator or Sookasa to protect your data such that neither the storage provider nor government agencies can read it. While these services are not foolproof, they significantly increase the difficulty of accessing your data.
Next, cross the border with no or clean devices. Legally-purchased entertainment should be fine, but do not sync your contacts, calendar, email, social media apps, or anything that requires a password.
If a border agent asks you to unlock your device, simply do so and hand it over. There should be nothing for them to find. You can access your data from the cloud at your destination.
Protecting your cloud data
However, border agents do not need your device to access your online accounts. What happens if they simply demand your login credentials? Protecting your cloud data requires a more sophisticated strategy.
First, add all of your passwords to a password manager such as LastPass, KeePass or Dashlane. While you’re at it, change any passwords that are easy to guess, easy to remember or are duplicates.
Before leaving home, generate a new master password for your password manager that is difficult to guess and difficult to remember. Give the password to a trusted third party such as your spouse or IT manager. Instruct him or her not to provide the password until you call from your destination. (Don’t forget to memorise their phone number!)
If asked, you can now honestly say that you don’t know or have access to any of your passwords. If pressed, you can explain that your passwords are stored in a password vault precisely so that you cannot be compelled to divulge them, if, for example, you were abducted while travelling.
This may sound pretty suspicious, but we’re not done.
Raise the issue at your workplace. Emphasise the risks of leaking trade secrets or sensitive, protected or legally privileged data about customers, employees, strategy or research while travelling.
Encourage your organisation to develop a policy of holding passwords for travelling employees and lending out secure travel-only devices. Make the policy official, print it and bring it with you when you travel.
Now if border agents demand passwords, you don’t know them, and if they demand you explain how you can not know your own passwords, you can show them your organisation’s policy.
This may all seem like an instruction manual for criminals, but actual criminals will likely just create fake accounts. Rather, I believe it’s important to provide this advice to those who have done nothing illegal but who value their privacy in the face of intrusive government security measures.