Tech Travel Tip: Assume Your Devices Will Be Compromised
It's a picture of a passport and a keyboard.
The international reach of the Internet may have distributed cyber threats to every corner of the world, but some countries remain more dangerous than others. Whether traveling abroad for business or pleasure, a few simple steps can help prevent your information from being stolen and your devices from being confiscated.
Not every trip requires total protection. If you are just a regular citizen traveling to Canada, Western Europe, Japan or South Korea, you don't need to take any security steps you wouldn't take at home. However, if you are traveling to countries that monitor Internet use (such as China), or to countries with large cybercrime industries (such as Russia ), or if you work for the government, a technology or defense company or a politically controversial outfit, some caution is needed.
Digital complications during travel generally come in three varieties: information theft, government confiscation of secure devices and accessing or possessing information legal in the U.S., but illegal elsewhere.
If you must bring a machine, ensuring that there's nothing on your computer or mobile device that you wouldn't mind appearing with your name on it in a public place is the first place to start.
"You should assume a machine you carry, a laptop or a phone, will be compromised. So you should have nothing on it that you don't want leaked out," said Scott Borg, director and chief economist of the U.S. Cyber Consequences Unit, a nonprofit founded by the U.S. government that now independently consults with the government and businesses.
Aside from leaving information thieves nothing to steal, having a computer loaded with only the bare minimum removes the need for encryption, which many governments object to, and guarantees that censors won't find anything incriminating during a hard drive search.
To fully segregate potentially sensitive information from the prying eyes of foreign governments and commercial hackers, Borg recommends buying a clean laptop specifically for travel, creating a temporary e-mail address solely for the trip and bringing disposable flash drives or CDs for use on public computers, rather than your machine.
Simply piling on the encryption and hoping to stop hackers is naive, since the hackers can probably beat the encryption, and because many countries will confiscate laptops or phones they can't inspect and monitor, said Patricia Titus, vice president and chief information security officer at Unisys, an information technology company.
"When you travel to some countries, you're not allowed to import certain cryptography . So check the laws. Let's not make it easy to arrest you," Titus told SecurityNewsDaily.
For instance, Saudi Arabia, the UAE and Lebanon have all raised issue with the encryption of e-mails from BlackBerry devices, and the U.S. Department of Homeland security has confiscated overly protected electronics.
And just as the laws for encryption differ around the world, so do the laws for content. Web pages considered legal in the United States may be viewed as illegal pornography or outlawed political speech in other parts of the globe, so check the laws of a country before indiscriminately browsing.
Ultimately, unless traveling on business that absolutely requires a laptop or mobile, your best bet to ensure digital safety is not bringing any digital devices at all.
"If you're on vacation, actually take a vacation," Titus said. "Leave the e-mail at home."