0

I am travelling soon, and my country has passed tyrannical laws that allow them to demand passcodes to devices, and I believe that they are increasingly beginning to violate privacy rights.

I would like to protect my privacy. Currently I use iPhone and MacOS devices.

  • I have enabled FileVault on MacOS. I will update my password to a sufficiently long password to make it impractical to break through
  • I also currently use iCloud, can governments (outside of US) request data such as photos? If so, I will need to export this data and store it inside of encrypted zip files
  • I believe my iPhone's data is encrypted by default, and a passcode is required to unlock it, with physical access, could a brute force attack bypass this?

Is there anything else I can/should do to protect my devices from physical-access attacks?

schroeder
  • 125,553
  • 55
  • 289
  • 326
  • 1
    Do you mean at the border? – schroeder Jul 13 '22 at 07:14
  • Related: https://security.stackexchange.com/questions/88947/prevention-measures-against-laptop-seizure-at-us-borders and https://security.stackexchange.com/questions/152612/visiting-the-u-s-for-a-security-conference?noredirect=1&lq=1 – schroeder Jul 13 '22 at 07:16
  • Since you accepted the answer below, I'll assume you meant border inspection. – schroeder Jul 13 '22 at 07:28
  • OP should read the two links given by @schroeder. The second has a further link to an article in *Medium* that suggests a completely clean device is also suspicious at a border inspection. "Salting" a new OS disk or phone with a few innocuous files is likely to be obvious. – Bob Brown Jul 13 '22 at 07:33

1 Answers1

-1

Although it isn't clear in your question, your mention of traveling suggests that you're worrying about your own country's customs inspections. You will need to worry about those of your destination countries, too.

Sadly, the presence of encrypted data has been construed as evidence of wrongdoing. In the United States, on March 8, 2013 the 9th Federal Circuit Court of Appeals upheld the conviction of Howard Cotterman for possession of child pornography. The Court ruled that the presence of encrypted files on Cotterman's devices when he passed through customs, with his previous conviction crimes against children, provided probable cause for a forensic search of his devices.

From that and numerous other cases you must conclude that is is unsafe to take devices containing encrypted files through customs. In your own country, you write that officials can demand passcodes. Presumably, they can also demand the passcodes to unlock any encryption.

Merely encrypting data will not help you, even though modern encryption is strong enough to resist government intrusion on its own. Not only will encryption not help you, it may cast suspicion on you.

The only safe thing to do when traveling internationally is to take only absolutely clean devices through customs. If you can afford it, buy an inexpensive new phone to be used for travel. Otherwise, remove everything sensitive from your phone to local storage that will stay in your country when you travel.

Buy a new disk for your laptop and install a clean copy of MacOS on it. The old disk should stay in your country for re-installation when you return. Take few or no data files with you when you travel. Nothing should be encrypted.

If you need access to sensitive data while traveling, it should stay on a server accessible by VPN and never travel through customs. I suspect that server should not be iCloud; those familiar with the Apple ecosystem know about iCloud and might very well demand your iCloud access credentials if not already stored in your device. You probably need to clean your iCould files as well.

Be sure to clean your devices as necessary before the return trip, too.

Bob Brown
  • 5,293
  • 1
  • 19
  • 28
  • *"Sadly, the presence of encrypted data has been construed as evidence of wrongdoing."* This sounds misleading. IANAL, but I absolutely fail to see how that ruling implies the mere possession of encrypted data is evidence of wrongdoing. If that were the case, no forensic search would have been required. As you yourself say, the ruling was only that in combination with the previous criminal record, it provided probable cause for a forensic analysis/search. – nobody Jul 13 '22 at 07:15
  • @nobody Here's one from a court in Minnesota: "We find that evidence of appellant's Internet use and the existence of an encryption program on his computer was at least somewhat relevant to the state's case against him," Judge R.A. Randall wrote in an opinion dated May 3 [2005]. Check also "In Re Boucher" or the cases of Ramona Fricosu or Jeffrey Feldman. There was almost always "something else" in the suspicion, but the cold, hard fact is that encryption will not protect one going through customs and is sure to draw suspicion. – Bob Brown Jul 13 '22 at 07:22
  • You have completely misrepresented the findings and the judgement in the 2007 case. It's not "suspicion" but "routine inspection". That's the whole point of the ruling. There was no "evidence of wrongdoing" simply by having encrypted files. Please do not try to interpret legal rulings. – schroeder Jul 13 '22 at 07:26
  • There *have* been cases where the US Government has argued that merely having a large encrypted storage was enough for suspicion (it was never tested in appeal), but US vs Cotterman isn't it... – schroeder Jul 13 '22 at 07:38
  • @schroeder I think you're referring to the Cotterman case. The holding of the 9th Circuit was that, to proceed from routine border inspection to forensic examination required a “particularized and objective basis for suspecting the person stopped of criminal activity.” The routine inspection showed encrypted files, and the computer provided the alert to the prior conviction. It was the forensic inspection that sunk Cotterman, and that was the evidence he tried to have suppressed. – Bob Brown Jul 13 '22 at 07:40
  • Please provide some sort of evidence for your claim that "the presence of encrypted data has been construed as evidence of wrongdoing" is in any way related to Cotterman. Or that the presence of encrypted files was "probable cause" as you claim. – schroeder Jul 13 '22 at 07:43