relatedly - in answering this question could someone clarify (or point to a resource on) how much data is stored on a device itself vs the sim card? Could I take the sim out of my iphone before a trip and swap it for a different one? would someone examining the old phone w new sim be able to see/access things I had done when the old sim was in the phone?
posted by Exceptional_Hubris at 9:33 AM on February 16, 2017 [1 favorite]

Unlocked phone and purchase a local SIM. Could even be your iPhone.

Not if the point is leaving your phone with social media accounts, email, texts, WhatsApp, etc, etc at home.
posted by EndsOfInvention at 9:33 AM on February 16, 2017

Could I take the sim out of my iphone before a trip and swap it for a different one? would someone examining the old phone w new sim be able to see/access things I had done when the old sim was in the phone?

No, you could take the phone even with no SIM and still see all the photos, social media stuff, emails, etc, etc. People often use a SIM-less old iPhone as an iPod kind of thing. It still does everything except make calls.
posted by EndsOfInvention at 9:35 AM on February 16, 2017

relatedly - none of the sensitive data is stored on the SIM, it's all in the phone.
posted by humboldt32 at 9:35 AM on February 16, 2017

As the OP's article points out, one option is to perform a factory reset on your phone right before hitting customs. There will be nothing except the default apps on your phone at that point, and none of your own data (unless they confiscate the phone and do some advanced forensics on the hardware). Once you get past customs, you log back into all your various accounts and re-download everything that makes it your phone.

In a similar article I read recently, the author mentions having an iPhone SE specifically for international travel.

I suspect that the approach of not physically carrying personal data will only work for so long: CBP agents have computers and they have your passport, so they can search Facebook, Twitter, etc to see what you've been saying and doing online anyhow, and may use that as a crowbar for inquiring into why your phone is wiped.
posted by adamrice at 9:53 AM on February 16, 2017 [5 favorites]

would putting ones usual sim into a "clean" phone be just as ineffective as the reverse?
posted by Exceptional_Hubris at 9:56 AM on February 16, 2017

As the OP's article points out, one option is to perform a factory reset on your phone right before hitting customs. There will be nothing except the default apps on your phone at that point, and none of your own data (unless they confiscate the phone and do some advanced forensics on the hardware). Once you get past customs, you log back into all your various accounts and re-download everything that makes it your phone.

Border Control can take an image of the phone's hard drive, so I would be concerned that a factory reset wouldn't properly wipe out the data and it could still be recovered at a later date. Sure, you may not be detained at the airport, but they'll still have your stuff.
Also, if your phone as obviously just been wiped, I bet they hold you anyway because that's "suspicious". You want to have a burner/travel phone that has some "stuff" on it, maybe just innocuous holiday snaps, "fake" but plausible email and Twitter accounts. Enough that they don't think you're hiding something, but not anything actually sensitive.
posted by EndsOfInvention at 10:03 AM on February 16, 2017

Unlocked GSM phones. I'm shopping for a protest burner for similar reasons, and I think I'm going with GSM-compatible on the off chance I'll get to travel internationally for pleasure in the next few years.

I'm actually kinda leaning toward that Blackberry, of all things.
posted by Lyn Never at 10:10 AM on February 16, 2017

Oh, as far as staying connected, the advantage of an unlocked phone is that you just buy a SIM when you land (and often you can find them in a vending machine in the actual airport, but convenience stores have them too). You can get voice/text/data prepaid, usually quite easy to top up (and on the off chance your credit card doesn't play nice with the website, you can generally buy top-ups at the same convenience stores). There are a number of guides online that explain how all that works.
posted by Lyn Never at 10:17 AM on February 16, 2017

For any recent (5s and later, I think) iPhone, the whole phone's storage is encrypted by default. When you reset it, all it does is erase the encryption key (protected by your pin) and throw down a new operating system, essentially. With that key gone, there's no way to get your data back.
posted by Geckwoistmeinauto at 10:24 AM on February 16, 2017

Is this a bad idea? Do as people above have suggested (local SIM card, unlocked phone with ability to encrypt/wipe data) but also maybe- mail yourself your phone from one locale to the next? Also, can VPNs be set on personal phones? Maybe that?
posted by erattacorrige at 10:31 AM on February 16, 2017

Those options don't provide safety from a hostile agent seizing and force-entering or forcing you to unlock the phone so they can see your email and social media, banking apps, work email, Dropbox, dick pics, chat clients, contacts, Fitbit data, menstrual tracker, two-factor auth tokens, etc etc etc. Packages mailed across borders (or, really, anywhere that it leaves your line of sight) are subject to customs inspection, which means you get a box that's been opened and if there's even a phone still in there, you have no idea who's been in it or what they put on it.

A clean phone with a prepaid sim, and not using that phone for any of the above things but just basic navigation and communication, will. Your real phone should get locked in a fireproof safe at home while you're gone.

If necessary, you could use a vpn and browser to access certain sensitive information, but you'd want to do so carefully.
posted by Lyn Never at 11:05 AM on February 16, 2017 [3 favorites]

I'm making a similar choice, but our work VPN is going dual-factor, and it relies on phones for the dual factor. I've had to get a dongle just for that. People talk about private personal data on their phones, but what about professional, employer data?
posted by idb at 11:10 AM on February 16, 2017 [1 favorite]

You're best off not carrying data with you across the border, in either direction, really.

The nice people at the border will not really care too much about the legalities, or appreciate any resistance, or care if it is your work phone. Or laptop. If they want into your device, and you won't let them in, you should expect that there will be some hostility.

That means that a blanked, default device is by far the best choice.

This is incredibly inconvenient for those of us who actually have a fair amount of configuration invested in these devices (as in, it takes me half a day even with a backup of an iOS device to do a device upgrade).

For a laptop, it is best to have an SSD based laptop with an SSD that features a security erase (very quick - it just "loses" the encryption key), and install media for your OS. Before you leave home, make an image of your SSD, ENCRYPT IT, and put it someplace safe but accessible to you over the Internet. Secure erase your SSD, reinstall the OS (to give TSA/etc something to look at), and then go to your destination. Download your image, decrypt, and reinstall it. When you want to return to the US, and if there's anything you need to save, either upload the changes (encrypted) or a new image (encrypted) back, and again wipe and reinstall the OS. This works better if you're not storing tons of crap on your laptop, naturally. You should avoid storing things on portable devices anyways, so spending some time figuring out how to make that work better for you is a good idea.

For an iOS device, make a backup before you leave home, wipe it, and reinstall it without any passwords, etc. Memorize them, or upload an encrypted list someplace safe but accessible to you over the Internet. When coming back, doing a reset to factory is probably sufficient though not maximum paranoia.

In all cases, you need to use the power of the Internet and encryption to allow you to avoid having data in the phone or computer when it is crossing the border. The Internet will be happy to haul that stuff around for you, but it will probably require you to figure out the exact mechanisms that work for you to make this happen safely and securely.

If they actually take your device out of your sight, that's still a significant issue because you can't be too sure what they're doing to it.
posted by jgreco at 3:26 PM on February 16, 2017 [1 favorite]

We had a recent seminar at work on phone disposal. The preferred sequence is to encrypt the phone (if not encrypted already), factory reset, fill with junk data (copy some movies or music to the phone) and factory reset again (rinsing and repeating the last two steps as often as needed to satisfy your paranoia). Recovering data from wiped, encrypted storage after being overwritten by other stuff that's been wiped is still an expensive proposition.

To try to answer the question, the best thing might be to buy or even rent a new phone when you get to your destination. Let your contacts know your new numbers. Dispose of the the phone before leaving for home. You'll no doubt have less capability than what you're used to, and much less convenience, but these are the time we live in.

For those using employer-supplied hardware, this isn't your problem. Your employer should develop a policy for this situation, and you should be keeping your personal activities away from your employer's phone.

As is pointed out in the OP's linked article, you cannot rely on your rights as an American citizen to be observed in the nebulous border zone that is an American international terminal. CBP agents can get away with things that are not (yet) available to American law enforcement.
posted by lhauser at 4:19 PM on February 16, 2017

another option to keep in mind is to delete your social media accounts while crossing borders and reactivate once you're through.
posted by trotzdem_kunst at 3:03 AM on February 17, 2017

Just put your phone in a checked bag before you get to security. Just like the other stuff the TSA doesn't like, like shampoo and nail clippers.
posted by blahtsk at 1:47 PM on February 17, 2017

This thread is closed to new comments.