I just discovered that Australian Border Force agents (I’m Australian) can ask you to unlock your phone and take it away to download files, etc. You can legally refuse but they can take the phone anyway and make life very difficult.
I had no idea although I shouldn’t be surprised given our privacy space. Although I’m highly unlikely to be targeted and have nothing to hide if I was, it’s the principle of the thing. Also, I don’t trust government to keep my data safe once they have it. And don’t see why the NSA should get it just because we’re in the 5 Eyes.
I just bought an iPhone (because of the camera) for my holiday so I don’t want a cheap burner. In any event, this is more an in-principle exercise rather than facing a serious threat.
Also, I can tolerate the inconvenience, but my wife won’t with her phone so I need to manage this with minimal pain for her.
Do you good people decide just to live with this and carry on when you travel, or is there a middle ground between let them have anything and get a burner phone?
My thoughts:
Delete apps I won’t need for the duration.
Before going through customs, do an online back up (this happens anyway). Then log out of iCloud and other online accounts. Delete all local data that I don’t need. (Photos, Contacts, iMessages, etc.)
The big question is other encrypted messaging apps - WhatsApp and Signal. Because they’re privacy forward, it’s harder to get the data back when I log back in. Would they be safe if they’re locked and I had to give up my phone? That’s assuming they’re just sucking data and I’m not forced to unlock the apps. I don’t know if AFB does that.
In the unlikely event they did want to look at my phone, I presume I’d be looking at a complete reset and reinstall. I can’t really afford to replace it.
Anything else?
This is all pretty hypothetical. I’m not in any demographic likely to be targeted and have no criminal record. Just an abundance of caution.
My thought is backup to iCloud and factory reset the phone. Then restore from iCloud backup when you’re past the checkpoint. I’ve never been out of the country though so not sure how well this works. They might be suspicious of a phone with nothing on it.
After the factory reset, you have to at least add some random data : pictures of nature or other things, random texting with some people, etc.
That’s annoying because you should do this a few days before travelling, but it will be less suspicious. If they still ask you why your phone looks so empty you can say that you had to reset it after so issues on the software (a major update went wrong but I’m not sure It’s the best idea because they can check when your last update was, but you can argue that your phone was very glitchy and it was almost impossible to use it so you had to do a reset, etc.).
An easier solution would be to buy a second phone and use it as your travel phone. All important data would be on cloud (but obviously logged out while travelling).
It doesn’t really matter. Shutdown the device so it is in the BFU state and as long as you have a secure password they won’t be able to access your data. My understanding is that as with most countries, a citizen they cannot deny you entry, even if they attempt to make your life unnecessarily difficult.
Being forced to unlock your device is generally not a huge concern when traveling to a country which you are a citizen of for precisely this reason. A non citizen however is likely to be denied entry for this reason alone.
If I understand it correctly, they can detain you and refer you to other relevant authorities. And hold onto your device (which really isn’t worth it, for me.) Australia pretends to value privacy but it really doesn’t.
In that case it’s probably best to travel with a factory reset device and to restore a backup after the fact as others have suggested. Yes it’s potentially suspicious but especially as a citizen it shouldn’t cause you any major problems.
I have passed though Australia before without issue. Windows tablet and android phone.
Essentially, do not keep anything that’s not important. I had Signal on my phone and tablet and basic apps such as plex, spotify ect and not had any issue.
Just don’t do anything stupid, have passport ready, filled out form and that’s it.
Ok this was 2019, so things may have changed since then.
I would try to get a cheap used phone before traveling and leave your actual phone behind.
My concern is the threat of authorities installing a keylogger once they have possession of your phone. Usually once they receive your passcode they will take your phone to another room where they will copy your data and conduct their forensics.
I would say it depends on the country. In Australia they can force you to unlock any device you have the password to and also to restore a backup if they have the warrant that allows them to do this. If it is a electronic device, they can force you to help them to access all data that is on it or saved at any other location you have access to (like a cloud).
"The Cybercrime Act 2001 No. 161, Items 12 and 28 grant police with a magistrate’s order the wide-ranging power to require "a specified person to provide any information or assistance that is reasonable and necessary to allow the officer to “access computer data that is “evidential material”; this is understood to include mandatory decryption. Failing to comply carries a penalty of 6 months’ imprisonment.” (Source)
It is even worse in countries like Singapore for example, where the police has even more power (key disclosure, forced access to data) but you also have to (by law) tell them everything you know about a crime, not matter if you are the one who is being accused of having committed it or not. (Singapore: Freedom on the Net 2024 Country Report | Freedom House)
It might be good, to create a page about Key Disclosure Laws and plausible deniability through encryption.
I think the intention is good but the scope is huge and every character in that page has to be verified by practicing lawyers in all mentioned countries.
Relevant information for a few countries might be already available from some civil rights groups, which might make the work redundant.
Unless PG simply aggregate a list of links, but it is pretty much useless, since whoever reach out to that page would already know about the keyword and result rankings in search engines of those orgs are usually higher than PG.
