Minimise risks before you travel.
Freelance journalists travel frequently and often carry devices that hold both personal and work information.
This can make you vulnerable at border crossings and checkpoints where devices can be inspected, tampered with or sometimes confiscated. If border staff get access to a device, they may be able to quickly copy any data stored on it, even if it’s locked. Border staff could also demand that you turn on your device and log in, including entering encryption passwords. There are several important steps that you can take to secure your devices and minimise these risks before you travel.
Top tips: Before you travel
- It is good practice to travel with devices that you only use for travel, including a laptop and/or phone that are used only while away. These devices should not contain any personal details or data from other stories and you should carry out a factory reset on devices after each trip.
- If you do not have separate devices for trips and you are travelling with your personal laptop and/or phone, ensure you backup your data on an external hard drive and carry out a factory reset of your devices.
- Know what information is stored on your devices and understand how it could put you or others at risk.
- If you’re leaving a country and don’t want to carry sensitive information with you through the border, use a secure internet network to upload it to a locked-down cloud storage and unlink your device from that account. You will normally need a strong internet connection to be able to do this.
- Turn on full-disk encryption for your devices. This is a standard option on most modern devices and fairly simple to do. It will ensure that border security will not be able to copy your information without your knowledge. They may, however, ask you to decrypt the information. Make sure that you know the laws around encryption in the country you’re going to before travelling.
- Maintain active backups of all information on all devices.
- Log out of all accounts before approaching any border control area. Clear your browser history on all search engines you have used.
In Firefox: you can sign out of all accounts by clicking Edit > Preferences > Privacy & Security > Cookies and Site Data > Clear Data.
In Chrome: Edit > Preferences > Advanced > Clear browsing data, then setting Time Range to “All time” and selecting “Cookies and other site data”.
- Log out of and/or remove apps from your phone that if left open could give border guards access to your personal accounts.
- Make sure all your devices are secured with pin codes or passwords.
- Set up your devices to remote wipe. This will allow you to remove content from your devices if they are taken from you. See the section on remote wiping below.
- Research your rights and make a plan of what to do if you are detained at a border. Make sure you know the laws governing encryption and use of VPNs, and laws around pirated software both for the country you are leaving and the country you are entering.
At the border
- Power off (not sleep or hibernate) all your devices before entering the border control area. This ensures the disk encryption is active.
- Try not to let your devices out of your sight and keep an eye on your equipment as it passes through security.
- Do not turn on your phone until you are well away from the border control area. Avoid making calls or sending SMS messages until you are further away as this data can sometimes be captured locally.
At a checkpoint
- Put your devices away and keep them out of sight, if possible.
- Power off (not sleep or hibernate) your devices if it is safe to do so.
- Follow best practice around physical security at a checkpoint.
Setting up your device to remote wipe
You can set up your devices to remote wipe if they are taken from you, but need to do this before you travel. Remote wiping will remove all data on the device – this content will be lost unless you have made a backup. Remote wipe will only work if the device is connected to the internet.
If you believe you are likely to be detained on a trip by the authorities or other adversaries, you may wish to give someone you trust access to remote wipe your devices.