Since 2009, U.S. Customs and Border Protection (CBP) agents have been allowed to search electronic devices carried by citizens or noncitizens as they cross the border into the United States from other countries. More recently, Homeland Security Secretary John Kelly suggested this digital vetting should also include harvesting social media passwords. Kelly’s proposal prompted legal and technology experts to respond with an open letter expressing deep concern about any policy that demands that individuals violate the “first rule of online security”: Do not share your passwords.
Travelers themselves responded, too, looking for ways to avoid surrendering their device passwords to federal agents. One approach — what we might call the “Nothing To See Here” method — tries to make a device unsearchable by erasing the hard drive before travel, uninstalling social media apps, letting the device’s battery charge run out or even wiping the device if an emergency or “duress” password was entered.
The “I’d Love To Comply, But I Can’t” approach involves exotic solutions like installing two-factor authentication on the device or social media account, and then making the second factor (such as a passcode or digital key) available only in a remote location.
Continue reading →