A good primer on basic steps to take:
When Ryan Lackey travels to a country like Russia or China, he takes certain precautions: Instead of his usual gear, the Seattle-based security researcher and founder of a stealth security startup brings a locked-down Chromebook and an iPhone SE that’s set up to sync with a separate, non-sensitive Apple account. He wipes both before every trip, and loads only the minimum data he’ll need. Lackey goes so far as to keep separate travel sets for each country, so that he can forensically analyze the devices when he gets home to check for signs of each country’s tampering.
Now, Lackey says, the countries that warrant that paranoid approach to travel might include not just Russia and China, but the United States, too—if not for Americans like him, than for anyone with a foreign passport who might come under the increasingly draconian and unpredictable scrutiny of the US Customs and Border Protection agency. “All of this applies to America more than it has in the past,” says Lackey. “If I thought I were likely to be a targeted person, I would go through this same level of protection…”
In fact, US Customs and Border Protection has long considered US borders and airports a kind of loophole in the Constitution’s Fourth Amendment protections, one that allows them wide latitude to detain travelers and search their devices. For years, they’ve used that opportunity to hold border-crossers on the slightest suspicion, and demand access to their computers and phones with little formal cause or oversight.
Even citizens are far from immune. CBP detainees from journalists to filmmakers to security researchers have all had their devices taken out of their hands by agents.
… WIRED has assembled the following advice from legal and security experts to preserve your digital privacy while crossing American borders. But take all of these strategies with caution: Given CBP’s unpredictable and in many areas undocumented practices, none of the experts WIRED spoke to claimed to have a privacy panacea for the American border.
In the end, I am not sure you can embrace technology without having to assume that whatever you use is compromised. You can try to stay ahead of whoever you think might target you, but you need to master an entire field better than the cutting edge of the shadowy professionals who have access to backdoors even private sector pros don’t know about.
If you are crossing a border, and in the alt-right, I would assume they are going to demand access to your systems. Don’t have anything on it you don’t want anybody seeing, and be ready to have to either grant access (and the ability to take it in another room and install spyware on it), or be ready to sacrifice the machine. Afterwards, the machine might as well be a public machine.
Privacy is not an issue now, in part because amygdalae are atrophied and in part because nobody understands to what degree their privacy has disappeared – and not just at the border. At some point amygdalae are going to come back online, people will realize what is going on, and I expect at that point all of that will change, bigly.
[…] Wired On Securing Hardware At The Border […]
Plan to wipe it on both sides.
Encrypt everything.
This is the big part — assume that they will make a copy of every encrypted file, research how long your key should last against brute force attacks, and then half that time. Once that date has passed, assume that they have read everything.
Remember — if your private key is on the device, they aren’t brute-forcing your public key — they are brute forcing the password on your private key. There is a huge distinction there. An AES-256 public key may be thousands of years long, but if you are John Podesta and your password is passw0rd, your private key is about two minutes long.