Traveling to a country known for mass surveillance. How can I protect my data/privacy?

Traveling to a country known for mass surveillance. How can I protect my data/privacy? - Digital monitor with World map and COVID 19 statistical data of global confirmed cases

In the next year I will likely go to China, USA and a couple other countries. Both China and the US are known to sometimes take your electronics when arriving and searching them, possibly even installing things on them.

This is a good example of what I'm talking about.

Neither I nor my friends (to my knowledge) do anything shady or have extremist views (those views are luckily a rarity here in central/western european), but it's very possible that my friends or even I have said a (non threatening) thing or two about Hong Kong or Trump. With China there is a real risk that someone said something pro Hong Kong that they're not happy about which could deny me entry, while I would fear for my privacy in both cases.

I don't like to have my devices compromised and while I don't have any sensitive personal data in the traditional sense on them, they can have sensitive company data and are connected to my online presence. That means accounts, passwords, bank accounts, access to company data and accounts, basically everything.

How can I protect my (and my companies) data, information and privacy when I can not guarantee that my devices aren't compromised? I'm thinking burner phone and notebook, but if something is installed (e.g. government malware), that means that every login could be tracked, the account information taken and used against me.

It sounds a bit paranoid but unfortunately, reportedly this is already happening (see news articles in the beginning) and will only get worse.



Best Answer

One option would be to not have any devices with you. Buy a cheap phone when you arrive in the country, use it in the country, and then discard it, sell it, give it away, or whatever before you go back home. That way your primary device with personal and company information is not placed at risk. Alternatively, buy a cheap device in your own country, and put a minimal clean social media profile on it so it won't seem suspicious.




Pictures about "Traveling to a country known for mass surveillance. How can I protect my data/privacy?"

Traveling to a country known for mass surveillance. How can I protect my data/privacy? - Modern equipment for video surveillance on wall
Traveling to a country known for mass surveillance. How can I protect my data/privacy? - Side view of unrecognizable hacker in hoodie sitting at white table and working remotely on netbook in light room near wall
Traveling to a country known for mass surveillance. How can I protect my data/privacy? - Unrecognizable businesswoman with umbrella standing in hilly field





Safe and Sorry – Terrorism \u0026 Mass Surveillance




More answers regarding traveling to a country known for mass surveillance. How can I protect my data/privacy?

Answer 2

For this answer I'm assuming you are a normal traveler, who is concerned about their privacy. This means you'll want to take your own phone and devices, and you won't want to spend a lot of time and hassle on things like throwaway devices.

People who are under a specific threat, such as journalists or human rights activist, will have to take much more stringent measures which aren't covered here.

Also I'm not going to discuss things that you've published on the internet (e.g. tweets or facebook posts), or the case where the government in question can get the information directly from the servers (e.g. if Facebook gave them access). Those are "out there", and most impossible to retractively control.

Why does it concern me?

As noted elsewhere, millions of people visit countries like the US, UK, China or Turkey without a hassle and without being systematically searched. However it does happen.

Furthermore, if it happens to you is outside your control. It is not like "you only get checked if you did something". Reasons for a digital check might include:

  • You have the same name as someone on a watchlist
  • An unfriendly neighbor reported you to the authorities
  • You fit into a "profile" that makes you prone to checks (e.g. you are from a specific country, have a specific gender, age , non-white, you have bee to a "suspicious" country in the past, ...)
  • You are "randomly" selected for screening

When people tell you "it never happens", it means just that it never happens to people like them (e.g. white, well-off tourists).

Also, don't be fooled that those searches are only about "terrorism" or violent crime. A young woman visiting extended family may have her WhatsApp searched just to check if she's taking an illegal Au-Pair job, for example.

Am I fine if my device is "secure"?

Modern phones and computers are often "secure" in the sense that they are almost impossible to access without the proper password; at least not by a border guard.

That makes no difference.

If they want to search your device, the agent will simply ask you to unlock it. They are legally entitled to do so, and they can refuse entry if you don't. For a normal traveler this is actually worse than having someone look at their Facebook.

The only solution is to not have the data on you when you cross the border.

If you do plan to not allow access, though, you should disable all biometric login methods (face, fingerprint) while in transit.

What could happen?

As an average tourist, if you do raise flags the most likely outcome would be that you are held and questioned and possibly refused entry and sent home. The high-profile cases you see on the media will either involve someone who is of particular interest (e.g. because they are activists) or who have ties to the country already, or both.

Of course worse things sometimes happen (and depend on the country in question), but at the border they are generally only interested if letting you in is going to be a problem. Countries don't usually want to cause incidents with random tourists for no particular reason.

At least that is true for most countries - you should still read your government's travel warnings.

General rules would include:

  • Answer questions truthfully, but don't volunteer any information on your own
  • Be friendly and cooperative (you are legit after all)
  • If they ask you to unlock your device, do so (especially if you removed sensitive information beforehand)
  • You can contact your embassy when you are accused of a crime; but they won't help you "get in"

What can I do?

  • Bring only the devices you actually need
  • Delete all apps that have confidental content (e.g. social media apps, email, messaging apps)
  • Remove your email and messages from the built-in apps
  • Log out of all websites that have confidential content, and clear your browser cookies
  • If you use a password manager (which you should), remove it from your device and keep the data in the cloud. 1Password, in particular, has a "travel mode", which wipes passwords from your devices when enabled, and restores them afterwards.

In general, only wipe things that you actually care about. If you show up with a "blank" device, that may also raise a flag.

You can then restore everything after you cleared immigration. If you care about your photos, you could back them up to the cloud before crossing the border, and delete them from the device.

Especially in countries like China you should also consider using a VPN, which decreases the chance that the local ISP can intercept or block your connection.

Also, travel without company data. For company trips, companies often have specific rules on what you can do with their data. You may even be liable if it gets exposed in such a situation and didn't follow company rules.

Will they bug my phone?

For normal people: Most likely not. If you don't unlock it there is a chance that they may take it away to unlock it with specialized equipment.

Bugging your phone is work, and there is a risk that you discover how they did it and go public and figure out a way to prevent them. They won't do that for just the offchance that you might say something midly critical of their leader to your online friends.

Mass surveillance is usually done through other means than bugging people's phones at border posts.

However, if you are separated from your device at the border you can either:

  • Trust that it is fine
  • Factory reset the thing and hope that it is enough
  • Treat it as compromised and throw it away
  • Have it inspected by an expert for backdoors

While the chances are remote, it is ultimately your decision what to do.

Caveat

In the end, you'll have to make up your own mind about what you want to do. The above is my personal understanding and analysis. As those cases are very, very rare it is almost impossible to find enough people with personal experiences to discover a pattern...

Answer 3

If I were sufficiently paranoid, …

I would assume the operating system itself is "safe." For an iPad or IOS, I would backup to my laptop and reset to factory settings. Then re-install only those apps I intend to use while traveling. (If you suspect something unwanted has been installed, reset again.). I presume one can do something similar with Android or Windows Phone.

For the laptop, I would store my entire user account in a cloud account, delete the account, reinstall a clean O.S., and re-install the user account after arrival. If this is not possible in China, it might be worthwhile to pack the account into a compressed and encrypted backup on an SD card, hide that in a digital camera, and hope they don't find it.

Generally, the SD card in a digital camera has a file system with specific directories the camera uses, and using the camera alone will not reveal those files exist. Snoops wanting to check would have to remove the SD card and put it in a computer (or mount the camera via USB as a "disk").

Sources: Stack Exchange - This article follows the attribution requirements of Stack Exchange and is licensed under CC BY-SA 3.0.

Images: Atypeek Dgn, Atypeek Dgn, Nikita Belokhonov, Victoria Art