For whatever reason, people think of my country as progressive. A recent change to customs law might go some way to challenging that. Customs agents in New Zealand now have the power to demand security information including passwords, PIN numbers or biometric access to digital devices. They call it a ‘digital strip search’. If New Zealand has long been thought of as pioneering, I’m embarrassed to list this among our firsts. Assurances from customs that the threshold for search is high make no difference, the fact remains, the law exists. 1 What follows are some suggestions for apps and services that can help protect your digital privacy at the border.
First, note this is not legal advice, neither am I qualified to offer any. I am also basing this upon New Zealand customs law, which only covers the search of physical devices, and does not compel anybody to provide access to cloud services. 2 To state the obvious, you would do well to know the laws the that govern your border crossings, no matter where you travel. For the U.S, you could do worse than familiarise yourself with the recommendations from civil liberties group, the Electronic Frontier Foundation.
Digital Strip Search, an Apt Phrase
Most Academics have cause to travel often, and many carry sensitive information with them of one kind or another. My own work might be considered seditious in some parts of the world, 3 and I know plenty of academics and even grad students working under embargo, simply because that is how universities operate. To say nothing of our actual ‘private’ lives; iPhones with photos of family, personal messages, journal entries, medical information and so on. The phrase ‘digital strip search’ is apt, being submitted to such an invasion of privacy would make anyone would feel naked. If you would rather not put yourself through such an ordeal, 4 there are steps you can take to protect yourself.
Apps and Services to Manage Digital Privacy
This assumes you are traveling with iOS devices and not a Mac. That is not to say this cannot be done with a Mac, just that the entire process is more involved for Mac users. The principles still apply. If you’re travelling with a laptop, you could do worse than follow the advice of Bruce Schneier. Either way, it is getting to the point where traveling with as little tech as possible is the right way to go, even if it is impractical. And what gear you do travel with should be kept as clean as possible. Time willing, I may come back to the idea of travelling with a Mac.
I cannot bang the 1Password drum loud enough. In my experience it is the best password manager available. It actually includes a feature called Travel Mode, designed for this situation. There is a school of thought, however, to suggest it is a nice idea that is a bit misguided in practice. Whether or not you decide to use it, it is a nice option to have. Although it's not obvious that travel vaults are missing, that the feature exists is not a secret, so I do understand the argument.
At the same time, if you have a subscription to 1Password, the cloud vaults provide a better option by making it possible to remove the app entirely and download everything at the other end. This way you are not setting a flag that advertises you are ‘hiding' something. It does mean holding on to an extra piece of information, as you will need the encryption key, as well as your password to set it all up again. See below for places you might put that.
Secure Private Data with DEVONthink’s Strong Encryption
I have written about using DEVONthink for this purpose. DEVONthink goes beyond being outstanding software for managing data by including strong AES 256 bit encryption. Again, you hold the keys, which means anything you put inside a DEVONthink database can be locked behind first class encryption. DEVONthink can store practically any kind of data or document, making it ideal for this scenario. Syncing is easy to setup with your choice of providers, including iCloud Drive.
Among DEVONthink’s strengths is its ability to compartmentalise data in different ways. Whether you do that by group, or you setup a separate database for the documents. It can give you granular control over what you sync and when. It will even let you use multiple cloud services simultaneously as it sync’s each database separately.
You can work out for yourself how best to set this up, but my preference would be to setup a special database and download it to my device when I need it. That way I can be deliberate about what data I need, and organise it accordingly. I can also avoid using excess data.
Boxcryptor and Sync.com
If you have no use for DEVONthink, you might consider using encrypted cloud storage. If you're serious about privacy, using DropBox or iCloud is not enough. In the past I have happily endorsed Sync.com for approximating the convenience of Dropbox while offering much better security with end-to-end encryption. I still hold that service in high regard, especially now the app has better integration with the iOS Files app. They offer 5Gb of storage for free, which should be plenty for this scenario.
If you prefer the flexibility of sticking with your existing cloud storage service, then take a look at Boxcryptor. It is free to use if you only need to secure one service, but you will need a paid account to encrypt file names so bear that in mind when naming your files.
A Method for Digital Privacy at the Border
Once you have handed over your passcode, or consented to unlock your device with TouchID or FaceID, anything on it is fair game. Many apps provide an extra security layer, but the passcode is all that is needed to change either the finger, or face to get beyond most of them. The safest approach is to have nothing on your device. Setup these apps before you leave, and remove everything from your device. Myself, I would even setup a different iCloud account altogether.
Before you leave
Back everything up, obviously. Now do it again. Don't rely on iCloud backup alone. Ideally you will have at least a secondary location. I use iMazing for this, and all my backups are included in my Time Machine Off-site clone, and my Backblaze continuous cloud backup. Incidentally, if you use Backblaze you have another means for client-side encrypted storage. You can retrieve anything you need to on demand from your Backblaze locker. The way I figure, that even leaves me room to make the kind of screw ups that come with having attention madness.
If you're an iOS only user, I would seriously consider investing in some external storage to add a secondary backup. The Sandisk iXpand Drives tend to be the best, not only for the drive quality but they include software to handle the backup.
Once you are backed up, setup a new iCloud account. Note, your devices can be logged into more than one account for different services. For example, you can log into the App Store with one iCloud account, and use a different one for Photos, iCloud Drive and so on.
When you Arrive
This should be obvious. Either download the necessary apps to your alternate iCloud account, or log back into your ordinary account and do the same. This is time consuming and annoying — and it will cost you data — but consider the alternatives. In this part of the world, it now means a choice between being digitally naked or a NZ$5000 on the spot fine for refusing access. Considering how you will maintain your digital privacy at the border is no longer optional.
Photo by Matt Artz on Unsplash