Keeping your information safe
Our digital devices have made international travel easier than ever, but how do we keep our information safe when using smartphones, tablets and laptops overseas?
Today you can land almost anywhere in the world and get by with just the help of your smartphone for instant data, maps, a translation app, and services such as Uber and Airbnb.
But our devices contain so much personal information – they're portals to our email, our social networks, our documents and our banking. So how do you protect the data on your phone, tablet and laptop while travelling?
For a start, lock your devices with a password and preferably encrypt the contents to foil thieves. But be prepared to open it up for official inspection.
While rules vary from country to country, when crossing a border it's safest to assume that customs officers have the right to inspect your tech and may do so. In the United States for example, Customs and Border Protection officers have the right to examine all digital devices, including laptops and smartphones.
And while officials can't force you to give them access to a device, according to Daniel Victor of The New York Times, "they can ask you to comply voluntarily and make the experience rather uncomfortable if you resist. Travellers must decide how much trouble they're willing to put up with."
Victor's article notes recent cases where travellers who refused to grant customs officers access to their devices were detained and questioned for hours, had their devices seized, or were refused entry into the US.
Back home, Australia's Border Force has broad powers to search "goods", and the definition of goods includes electronic devices such as computers and smartphones.
According to the Department of Immigration and Border Protection web page on baggage examination and questioning, officers can confiscate electronic devices to perform a forensic search on the device "for up to 14 days", so long as they're "satisfied that the [device] may contain information relevant to prohibited goods, an offence against the Customs Act or a prescribed Act, or to certain security matters".
It's hard to say how often these types of data searches are happening, when only the headline-worthy instances make the news. Chris Christensen hosts the Amateur Traveller podcast, and has been giving advice to frequent flyers since 2005. He points to simple anecdotal evidence to assure travellers that these types of searches are rare.
"If you think people at the border are routinely taking the time to go through people's devices then you have not waited in immigration lines much," he says. "While there have been news stories about this, from what I can tell it is pretty unlikely. It just doesn't scale. They are trying to clear a whole 747 through customs, not just you."
In my own experience, I've taken 16 international trips over the past three years, and have been asked by border officials to power on and sign in to my laptop three times. Each time was at a United States airport – twice in LAX, and once in San Francisco. But in these instances, the border officials didn't care about the data on my devices, they simply wanted me to prove my laptop was not an explosive device designed to look like a laptop.
Traveller tip: Border officials are most concerned with the safety of passengers, so always remain non-confrontational and cooperative to requests.
In this heightened security environment, technology publications such as Wired and The Verge and even The New York Times have published guides to securing your data while crossing borders. The overall advice across most publications is simple – encryption is good, but removing any sensitive data is better.
Security expert Patrick Gray, host of the Risky Business podcast, is blunt with his advice: "Don't take any data across an international border you don't want the governments of either country to see. Most countries can look at your data when you're crossing a border and they don't even need a reason to demand access. Even if your data is encrypted, many countries have legal powers that can compel travellers to decrypt their data so the government can inspect it. There are penalties if you refuse."
Technology journalist Tom Merritt, host of the Daily Tech News Show, agrees. "Move any sensitive data to a cloud service and delete the app that accesses the cloud service before you cross the border. You can reinstall it on the other side if you need to retrieve your data. Do not try to hide data in a hidden volume or some such method, since if this is detected it can raise suspicions. Worry more about what is on the device than how to get into it as most custom agents can compel you to unlock a device."
Merritt adds: "All my advice is aimed towards someone who wants to be extra careful. Generally, most people do not have to worry even when travelling across borders."
Traveller tip: Don't just lock your sensitive data, leave it off the device.
The Australian Government's Smart Traveller website advises Australians to be wary of criminals using sophisticated methods to get at your data, whether here or overseas. Merritt agrees. "Be very careful connecting to Wi-Fi in airports and hotels (and anywhere for that matter). It's quite possible for someone else connected to the same Wi-Fi to take a look at what you're doing. I highly recommend a VPN service to hide your data from prying eyes."
A VPN will send network traffic from your device through a secure, protected 'tunnel' so that no one else on the Wi-Fi network can sniff your traffic, or capture the login details of the websites you visit.
Your best bet is to get a personal VPN account. It's probably a good idea to avoid free VPN services – earlier this year the CSIRO published a study on Android VPN apps and found "that not only did 18% of the apps fail to encrypt users' traffic but 38% injected malware or malvertising – software designed to damage or gain access to the users' information."
With VPNs, as with everything, you get what you pay for. See our reviews of VPN services
Avoid using public USB charging stations – they can be hacked to steal your data or inject malware. If you have to use them, take a special charge-only cable that can't transfer data. Better yet, carry a portable power bank
iPhones and modern Android devices will ask you if you "trust" the USB outlet when you connect. If you say no, the USB port should only act as a charger, with data blocked, but there's no guarantee.
Use cloud services to protect your data from theft and accidental loss. Back up your holiday snaps nightly to a cloud storage service using the hotel Wi-Fi. If that's too slow or expensive, look for fast public Wi-Fi – libraries and Apple stores are great spots for a quick back up. Backing up to a USB or SD card isn't recommended, as these tiny drives are easily lost or broken.
Keep your wits about you in unfamiliar environments, where, as Christensen writes, "you have a higher likelihood of theft and need to be a bit more diligent knowing where your devices are. If you are someplace with more crime then maybe don't stand on the street and use your cell phone, but duck into a shop."
For most travellers, keeping an eye on your device, using a VPN, and backing up regularly are the best steps to protect your data on the road. But there are extra precautions worth considering if travelling to a high-risk area.
For information on what countries should be considered "high risk", visit smartraveller.gov.au
before you go. Smart Traveller is regularly updated with security advice for Australians, and has more general tips on visas, immunisations, and other important travel information.