Is your data safe on US visits?

Over the weekend, I was invited to attend the Office 2.0 conference in San Francisco (Sep 3-5). It would require a degree of diary shuffling and careful planning to justify my attendance. It still gobbles fuel, time and money so I’m still trying to decide what to do for the best.

No doubt the conference presentations will be Twittered and blogged to death, leaving a persistent and searchable record, even if it is pre-filtered by the interests and biases of the writers. But for me at least, the value of such an event is largely in the networking and in getting answers to awkward questions face to face. If I do go, you’ll hear about it here first.

Concurrent with the invite a story was running about US immigration and what it is allowed to do with your digital devices, had they a mind to. The story pops up every few years (see this piece from the Washington Post for some background), but the trigger this time was partly a public declaration by the Department of Homeland Security of its policy and partly the stated intention of Democratic Senator Russell Feingold to introduce legislation to prevent abuse of these powers.

I’m almost scared to write about the subject, in case I’m targeted as a consequence. But the fact is that laptops, iPods, memory sticks, posh phones and all the other clutter of 21st century life can just be taken away for examination ‘without suspicion of wrongdoing.’ Not only that, but data can be shared with other agencies (public and private) and even be destroyed.

I’ve been passing through US airports for 28 years without any serious hiccups, but just the thought that this could happen disturbs me more than somewhat. Quite apart from anything else, my laptop contains a lot of confidential material relating to customers, unpublished writing that technically belongs to publishers and even some highly secret program source code. Most of the rest of it is the usual nonsense that anyone could look at if they were interested.

For me, and anyone else thinking of travelling, the question is “what to do?” One answer is to take no devices, buy a pay-as-you-go mobile phone on arrival and use cyber cafés, other people’s computers or buy yourself a spare machine for web access either to your computer back in Blighty or to somewhere in the ‘cloud’. Such measures seem a bit extreme relative to the risk. According to Jayson Ahern, the Deputy Commissioner of the U.S. Customs and Border Protection, it affects fewer than one percent of the 400M people entering the US. It’s a small percentage but a heck of a lot of people.

If you’ve got nothing at all worth hiding, then backups of your devices before leaving your office should suffice. It would be bad luck if your kit was selected for special treatment. If you have got something worth hiding, you might do better to encrypt it, give it an innocent looking name and put it on a server somewhere for collecting remotely when you arrive at your destination.

In comments to a story in the Register the other day, one reader came up with a couple of interesting suggestions: “encrypt it, put .mp3 on the end and save it on your phone or mp3 player” and “stuff 8gb of information onto a Micro SD card and hide that somewhere.” He suggests that you “tape it behind a rivet in your jeans or something so that the hand scanner has a good reason to beep at it.” His or her name was the unlikely Nexox Enigma. Travelling today, apparently.

See you at Office 2.0 perhaps? It’s giving away an HP sub-notebook to paying attendees. So you wouldn’t even need to bring your computer with you.