This is a bad idea for so many plain reasons that I'm not even sure how the author could propose this as an approach. What they're doing is functionally no different form saying "I don't know my password", it just includes a lot of extra steps and some fantasy that the border control guard will be interested in reading a blog post about encryption. Needless to say, don't do this, if you don't want to share your data, it's easier to not take it, back it up and/or transfer it later.
The smart move is to use an unsupervised burner iPhone for your travel with a different Apple ID, sign out of iCloud while transiting, don’t have email and text resident on it, and carry a Chromebook if need be.
Use a Yubikey with pin for access to the online accounts.
I advise all of our executives to do this, because you don’t know what’s hiding in your phone that some prick border dude will take issue with. That group text where your buddy talks about how Luigi was right could be interpreted as a threat.
[1] Step 6 will probably never happen if you show a border guard or customs official an article about encryption. You will not get safely through customs, you’ll end up on a secret list and get hassled every single time you travel for the rest of your life. As the database you’re in ages (and people begin to forget how it was created), you might be simply barred entry into places you want to go.
[2] This kind of elaborate setup will make you loose your computer at the customs. They will ask you to boot it up… when you’ll not be able to do that, they’ll will not listen to your story and will just keep the computer.
[3] The solution you propose will just make you look like a dangerous bad guy to the border guards. They want to inspect your laptop, and you propose to tell them that you’re resorting to extreme measures to foil them. Very bad move.
[4] Putting yourself in a situation where local police are holding you while they try to extort something from your family is what most people try to avoid when travelling!
My approach is to have a hidden OS. Either via a hidden bootmenu, or better yet transparently boot into a virtualized guest by default. With secure boot and encryption, things can be made hard for anyone to actually examine the drive out of the limited context provided. Requests for more access can be met with confusion and feigning technical ignorance.
Even US citizens have basically no rights at a border. You can be subjected to any search without warrants. And this applies to within 100 miles of a coast or border, which is pretty much every major city.
The real way to minimize risk is to not carry any sensitive data, as in the first item on that pamphlet, and restore from a backup once you get past the screening. This is a little difficult with mobile phones, however.
> Even US citizens have basically no rights at a border.
They have at least one more right than foreigners. They have to let you in. Foreigners can get turned back for almost anything.
I've always felt pretty secure coming home for that basic reason (plus, it is where I am at least somewhat familiar with the legal system and could actually call a lawyer if I had to, my meds are all from local prescriptions etc etc).
But yeah, they can still search the hell out of you, delay you etc, just like anyone else.
Fun tip: If you have an iPhone, rapidly pressing the power button five times will force your phone to require a password before Face ID will work again. Turning your device off entirely will also necessitate password reentry.
Disabling biometrics the whole time you're in the US is a bit extreme unless you have a target on your back, but most phones have a way to quickly disable biometrics until you next unlock with your PIN. At least learn how to do that just in case the shit unexpectedly hits the fan, on iPhones you press the power button 5 times in a row.
It's a travesty this is allowed. I can hide all data encrypted on the internet and remember a simple passphrase to download it. Searching a phone is nothing more than an opportunistic invasion of privacy without cause.
I'd blow my phone away prior to crossing shady borders, and recover access by memorizing my password safe password and writing several backup 2fa codes.
Is there a list of countries that may do border controls of your devices and what rights you have and don't have in each? Basically a guide like this for more than the US.
This seems like a more effective direction to go in, instead of relying on encryption on your device and who knows what sort of legal BS you'd have to go through in order to get around being compelled to unlock said device.
If you are a citizen, fully power off your device, then power it back on, and try two wrong passwords to erase any possible memory imprint from the last time. If you are asked to unlock, say you need a court order. If they want to seize, get a receipt. Additionally, fully logout of any password manager and other sensitive apps.
Honestly the only thing I can really suggest at this point is have separate devices used when traveling internationally, and be mindful of what you access or put on them. Plausible deniability boot volume works good for laptops. Dunno if any phone supports that.
Readit News
Deleted Comment
Use a Yubikey with pin for access to the online accounts.
I advise all of our executives to do this, because you don’t know what’s hiding in your phone that some prick border dude will take issue with. That group text where your buddy talks about how Luigi was right could be interpreted as a threat.
The police can apparently force you to unlock
E.g., https://proceedings.nyumootcourt.org/2023/11/press-to-unlock...
The real way to minimize risk is to not carry any sensitive data, as in the first item on that pamphlet, and restore from a backup once you get past the screening. This is a little difficult with mobile phones, however.
They have at least one more right than foreigners. They have to let you in. Foreigners can get turned back for almost anything.
I've always felt pretty secure coming home for that basic reason (plus, it is where I am at least somewhat familiar with the legal system and could actually call a lawyer if I had to, my meds are all from local prescriptions etc etc).
But yeah, they can still search the hell out of you, delay you etc, just like anyone else.
How on Earth, in any situation, for any reason, can inputting a PIN instead of using your fingerprint be considered... "extreme"?
If you are in, or on the border of, the United States, it's reasonable to assume you have a target on your back.
Otherwise the courts would not have made such ridiculous rulings.
I'd blow my phone away prior to crossing shady borders, and recover access by memorizing my password safe password and writing several backup 2fa codes.