Introduction
For many of us, having a cell phone or other electronic device is an integral part of daily life, whether at home or on the road. And traveling today is so much easier with technology. You can stay productive, entertained, and in touch. Unfortunately, traveling with devices can mean increased cyber risks for keeping your personal and University information private, as well as increased potential for device theft.
There are extra precautions to secure your devices and data when you travel internationally, whether for personal amusement, university business, or other teaching and research opportunities. Read on for more information to help you before, during, and after your trip, starting with these three tidbits:
- The less you take, the less you can lose. Think about if you really need all those devices (phone, tablet, laptop) or all that data (contacts, passwords, work files, etc.) while traveling.
- Don’t trust anyone or anything. Keep devices with you – not in checked luggage, not in your hotel safe, and not with airline or hotel staff. Be wary of public wireless Internet or Wi-Fi hotspots. Don’t plug in any untrusted attachments, like USB drives or other connectors.
- Know before you go. Read up on specialized laws about the country or region you’re visiting, including export control laws, possible illegal content, or encryption rules.
You should know
- While traveling within the United States, the Transportation Security Administration (TSA) will not confiscate devices or demand usernames or passwords but, with probable cause, may refer to local law enforcement a request to inspect devices, and local law enforcement may seize the device. Law enforcement may only demand usernames or passwords with a court order.
- While traveling internationally, US Customs and Border Patrol (CBP) is authorized under federal law to inspect and detain all items entering the United States through an air, land, or sea port. CBP may detain any item, including an electronic device (such as a laptop or cell phone) in your possession for further inspection. While CBP may detain a device, they may only seize a device with probable cause. If CBP lacks probable cause to seize the device, no copies of data will be made. You can only be compelled to provide usernames or passwords to accounts with a court order. Foreign countries have separate laws and regulations, and you are not entitled to the same rights, you should review the local laws prior to traveling.
- U.S. Customs and Border Protection's Inspection of Electronic Devices fact sheet.
- Encryption: Encryption is strongly recommended to protect sensitive information if your device is lost, stolen, inspected, or confiscated. Contact your local IT support staff for help with encrypting your device.
- Some countries restrict the use of encryption software. International travelers can be required to decrypt devices and files at border crossings. The best advice is not to carry information that would be problematic for others to obtain or access.
- There are specific requirements for bringing electronic equipment, research, intellectual property, and encryption technology abroad. Traveling outside the U.S. with laptops, tablets, smartphones, or storage devices involves special considerations and may require an export license. Review ORSP's export control page for requirements.
- Other private data. Aside from export control laws, University policies regarding the protection of student, financial, and healthcare data require that such data not be stored on devices taken outside the country.
- Travel to High-Risk Destinations. Travel to countries with different laws and expectations is sometimes necessary but presents a unique challenge to the confidentiality of University data.
- High-Risk Destinations refer to countries, regions, provinces, and cities that pose health, safety, and security concerns. The University uses US Department of State risk ratings to determine which areas are considered high-risk.
- The University has developed specific recommendations for travel to high-risk destinations. See recommendations here.
Coming soon: Secured VM Environment for Traveling Staff
Coming at the end of 2023/early 2024 this initiative offers a secure digital workspace tailored for staff traveling to countries prone to high cyber theft activities. Functioning as a robust shield, it safeguards both employees and the company's sensitive data from the prevalent risks in foreign cyber environments. With this secure access Cloud Virtual Machine (VM) setup, employees can perform their tasks with assurance, confident that their digital activities are shielded from potential threats.