Preparing your devices for Airport Security

Raisely is an online fundraising platform for ambitious charities across the world. We empower thousands of charities across the world to take control of their revenue and improve the wellbeing of people and our planet.

Don’t let a trip through Airport Security become a privacy incident at your organisation

There have been reports for some time now in Australia, Canada & the US of border authorities taking devices that contained sensitive client or business related information out of sight of the owner for extended periods.

This means all the data stored on those devices (or accessible using passwords on those devices) must be considered compromised. In theory, encryption helps, but there are vendors selling tools to law enforcement that claim to hack even the most recent iPhone models. (Not to mention you can be compelled to unlock your device).

At Raisely we’re entrusted with data by hundreds of charities, and I’m sure the thought of that data falling into government hands would give some of them the chills. So we take this pretty seriously, and we have a checklist for our staff when they take devices travelling. Here’s a generic version of the checklist to help you think about how you can prepare your devices for going through airport security.

This is by no means exhaustive, and you should work with the IT folk at your organisation to come up with a best practice before traveling.

Should you do this?

Even if your clients aren’t charities that the government is openly hostile towards, and you’re not concerned with the government seeing your data, if your device is taken for inspection and out of your sight, there’s still the reputational risk of having to issue a breech notice to your clients. On top of that, the record of Government agencies on data security is not very reassuring, so the risk that the information on your device could fall into non-government hands is, sadly, far from zero.

Before you read on, you should make sure you’re aware of the risks of doing this. How will you answer questions about your device and why you’ve deleted files from it if questioned? How much do you want to get into your destination country?

By following the steps below, it could be fairly easy for border agents to realise that you have deleted data from your phone or laptop. Their reaction to that could be anything from shrugging and moving on, or giving you a lot of hassle about it.

Whatever you do, don’t lie. Lying to border agents is a serious offence in some places and being caught in a lie could be enough on its own to get you deported or locked up.

Also, this guide is about deleting things from your devices, and if you don’t back them up correctly, they will be gone forever. So make sure you’re comfortable with backing up your data or are aware of what you’re going to delete and are ok with that.

Being Travel Ready

Long before you travel, a little bit of preparation and good practices can make travel preparation less painful.

1. Make sure you use a password manager like 1password or lastpass. We really like the travel mode in 1password which means you flick a switch and certain groups of passwords are removed without a trace from devices.
2. Keep as much as you can in the cloud. This obviously comes with its own set of privacy concerns and you might want to think about which cloud you trust, but it means that you can feel comfortable wiping your device.
   Apps like WhatsApp can be backed up to the cloud automatically.
3. Avoid sharing passwords outside of 1password or lastpass. If you do, be sure to delete the message (though this won’t guarantee it’s completely gone from your or your colleagues device).
4. Get comfortable with the processes to backup, and restore important apps.

When You Travel

1. Run any backups (eg WhatsApp) on your apps.
2. Login to 1password on the web and switch on travel mode before disconnecting your devices from the internet. This will remove all copies of your passwords from the devices.

On all devices

1. Log out of Slack or any other messaging tools, particularly ones you share sensitive information over.
2. Clear browser cookies & storage
   Or at least clear it for websites that contain private information for your workplace or supporters
   (eg slack.com, google.com, microsoft.com, live.com, facebook.com, instagram.com, twitter.com, Action Network, Raisely.com, any SMS messaging tools you might use, etc)

On your laptop

1. Clear out your Downloads folder (it probably contains one or more downloaded CSV reports of your donors, right?)
2. If you use file, calendar or email sync, make sure you’re logged out. On Mac the easiest way to do this is to delete company calendars that are synced with Google or Microsoft from iCal and re-add them once you land.
   (If you know how to delete credentials from the keychain, you can do that).
3. If you have WhatsApp, Telegram, etc installed on your laptop, be sure to logout from those apps.

On your phone

1. Consider uninstalling Slack, WhatsApp, Telegram, Messenger and similar apps.
   Yes, it’s a huge pain, but if you’ve used these to contact supporters, you need to consider how much you would enjoy writing to them to inform them that the government may have seen those conversations.
   If possible, backup your conversations to the cloud first.
2. Logout of your Google or Microsoft accounts.
3. Uninstall dropbox or similar apps you use to share files.

That’s a non-exhaustive list. I’d suggest having a quick scroll through your app list on your phone & laptop to see what else you wouldn’t want copied to a leaky government server.