Search-proof your devices when traveling
Over-eager airport security has recently taken to making travelers unlock their phones and tablets for examination. This is both unforgivably invasive and trivially easy to defeat. Here’s how to protect your data1 on your iPhone or iPad2 when traveling.
Simplest: disable Touch ID
- Enable a six-digit passcode on your device.
- Set your device to erase itself after 10 failed passcode attempts. You should do these two steps anyway!
- Before you get to airport security, turn your device off. iOS devices require a passcode to unlock themselves the first time after they’re turned on. For dumb legal reasons, passcodes are generally thought to be protected by the 5th amendment, but fingerprints are not.
Now you have at least the physical ability to refuse to unlock your device. Be prepared for mental or legal pressure to supply your password, though. File this under “better than nothing”.
If you want to keep your current device
- Turn on iCloud backup.
- When it’s finished backing up, reset your device to its factory settings.
- When you get where you’re going, restore your device from backup.
You’re traveling with a device, but one as bare as the day you originally bought it. Be prepared to explain why you’re carrying an empty device.
Keep your device, but less suspicious
- Turn on iCloud backup.
- When it’s finished backing up, reset your device.
- Start using it. Add a few contacts. Set up a (disposable) email account. Add some songs.
Now you have a plausibly used device. When you get to your destination, reset your device again. Restore it from backup. This is more work than the previous instructions, but also less suspicious.
If you’d rather travel bare-handed
- Turn on iCloud backup. Let it finish.
- Leave this device at home.
- When you get where you’re going, buy a replacement device. Restore it from the backup you made earlier. Now you have an exact clone of the original.
This is the most expensive option, but you can’t unlock what you don’t have.
Conclusion
Searching travelers’ devices at airports is security theater. It’s a massive and inconvenient violation of privacy, and only the world’s least prepared criminals would ever get caught this way. I guarantee I’m not the first person to think of backing up a phone and restoring it at my destination. Since it’s ineffective and almost certainly unconstitutional, cooler heads would recommend ending these pointless searches. Don’t wait for that to happen. Protect your data.
-
This isn’t meant as advice for criminals. Lots of people travel with information they’re legally obligated to safeguard, like company plans, legal documents, and other confidential information. ↩︎
-
Similar ideas apply for Android and other devices, but I don’t have one of those to experiment with. ↩︎