 Let's get down to business. This is Kurt Opsal, the general counsel of the EFF on here, the left. There is William Buddington, technologist waving his hand, and the topic is, you all know, but let's say it again, just for principle's sake, protecting your privacy at the border. So let's have a hand for the EFF and Kurt Opsal and William Buddington. Thank you. Thank you very much. Thank you all for coming out here this evening. We are here to talk about protecting your privacy at the border. As you mentioned, we're with the Electronic Frontier Foundation, we're an organization dedicated to defending your rights online. And one of the rights we're concerned about is privacy, and one of the places where your privacy can be very impacted is when you travel across a border, especially with your digital devices. So I think many people probably understand this already, but I want to start out with a discussion. Why is it important? Why do we care about security and privacy in your digital devices? Well, they are a window into your soul. What you can see in a digital device is every aspect of your life, the correspondence, the websites you've been searching, the financial records, your medical records. These are the sorts of things that if you give over control of your device, someone can look into, and they often will have credentials, so someone can look into other aspects of your life that are in the cloud and other servers. So it has a lot of very sensitive information. In addition to the information that you may feel is very private and sensitive for yourself, there's also some information which for a very long time in democratic societies has been recognized as not just sensitive, not just private information, but things that are outside of the scope of what would be properly obtained by the government, things like communications with your attorney, communications between you and your doctor, if you're a reporter or a source, communications between those two. And these are fundamental principles that still have a lot of value at the border, that we don't want to sacrifice these human rights and these values just because you're exercising your rights of travel and going across a border. So for purposes of the discussion, what is a border? So there are many ways of thinking about a border, and we're not just talking about sort of political borders, like when you go from here over to the Netherlands, you probably are not going to pass through a custom search point, and you're not going to be implicated with some of the issues that we're raising here today. So it's not just the political borders, but it's the points of entry into a zone, like the sentient zone. And oftentimes, these things are actually not exactly on the border. For example, an airport can be hundreds of miles from the physical border, but is treated as a border because that's a port of entry. And also in some cases, the border is actually at the departure airport, so that the border can be set up. So you go through that before transferring onto the plane and into the destination countries. So this is what we're talking about in terms of borders. And at these points, the government asserts more power and authority to conduct searches than they do throughout the rest of the country. However, these governmental authorities are not beyond the power of human rights law and policy. Some of these rights I've quoted here, coming from the UN Declaration of Human Rights and from the European Convention on Human Rights, that respecting your privacy, your autonomy, your correspondence, these are things that are widely recognized as fundamental rights. So here in the European Union, they have sort of a two-standard system for EU citizens and others who have a right of travel within the European Union. You go through a minimum check. And then if you're coming from a non-EU country, you're subject to a thorough check. And this is usually done in up to four stages. There will be pre-border checks. So if you are traveling on an airline, the airline will pass through some information about the passengers. In some cases, that information may also lead to a gate check or a check on the airline itself. And then when you get to your destination, there'll be a first-line check. And you probably have all gone through this, where you show your password, have usually a short conversation with the border agent, and then if all goes well, you go on your way. But sometimes it goes to a second-line check, a more thorough check, where they're going to do a little bit further investigation. Some of the triggers that lead to this second-line check, if there are some issues in that short conversation that you've had, if they don't like the way that things were answered, if they had some communication difficulties, if there are any irregularities in your documentation, if your visa doesn't have the right date or maybe there's a different spelling of the name on the visa as the passport. And perhaps most importantly, they will do a database check. They'll put your information into the database and see if it comes back with any signals or if there's any mismatch with the computer's information with the documentation you have with you. And these may lead to a second-line check. And in that second-line check is where you might undergo the more thorough search. So we have the chart up here showing the percentage of people who, once they got to the second-line, had a more thorough search. Now this is not just device searches, this is any kind of the more thorough search. As you can see, there's actually quite a bit of a difference in Charles de Gaulle. This was in 2012. 48% of those who went to the second-line got the additional searching, while at Frankfurt, the low number, only 7% got the more thorough searching. And also just give a sense of how that might go. We have a chart showing also from 2012 how long it might be. So less than five minutes up to one to two hours. And you can see the various percentage there for the airports. A lot of it being centered in the five to 15-minute range. But if they find something interesting, if they want to go through a device search, they're probably looking more at the one to two hour range. Now, once you're at a particular airport, it is national law that is going to define the rules for what kind of search is permitted, whether they're allowed to demand your password. But there are some fundamental principles. The EU agency for fundamental right has put forth the reasons that would justify these additional searches at the border point. One is to verify your identity, where you're coming from, what your nationality is, seeing if you're a proper person to be admitted. And the second reason would be to search for dangerous objects, like drugs or weapons, or to see if there's any evidence of criminal activity. And it's that last one that is the most likely one going to be the basis for a search of a device to look for some sort of evidence to bolster criminal activity, or in some cases terrorism. And which brings us to an example from the European Union, the United Kingdom, well, they're in the European Union for the time being, where they have Schedule 7 of the Terrorism Act. And this is a very broad power that has been granted to the authorities in the United Kingdom. It is limited by having a nexus to terrorism. And it was also the UK Court of Appeal found some limitations under the European Charter Convention for Human Rights. This came out of the case involving David Miranda, who was traveling between meeting Edward Snowden in Moscow and Glenn Greenwald in Brazil, was detained under Section 7 at the Heathrow Airport, and brought a challenge to that. The court ultimately did find that the detention and the interrogation were okay, but said that the Section 7 did not have sufficient protections for the right of free expression. Because it didn't have the appropriate exceptions that would allow for journalists to communicate for sources. So this shows that while it is a powerful act, it can be tempered by the Convention on Human Rights. However, subsequently, the border police in the UK have been asserting the right to demand passwords. And more recently, about a year ago, a man by the name of Mohamed Rabini was asked to provide his password. He refused to provide and was arrested for that. And earlier this year, at September, that conviction was upheld. He plans to appeal. But this will be a very important case in sort of determining whether in the United Kingdom they truly do have the power to invoke this law. And for no other reason than suspecting they want to see if there's any terrorism connections, be able to demand a password and look through all of your devices. So turning our sights a little more broadly around the world, a couple of countries to highlight here. First in the Commonwealth, Canada and Australia are both countries that do claim a right to demand your passwords and go through your devices and laptops at the border. The courts have not yet ruled on whether this is authorized under those countries' laws. So at some point, there may be a challenge to test this case. But in the interim, that's something that you might face when passing over these borders. One thing of note is the Canadian border police, they have a policy to restrict this to information that is on the device and not on the cloud. Now, if somebody violates a policy, usually you don't have much of a remedy about it, but it is sort of nice to know that they do have that policy. And then turning our sights a little bit more further afield to authoritarian regimes. And in this cases, if they want to search your device at a border, they probably can do so with relative impunity. So if you will be traveling to Russia, China, some of the more authoritarian countries in the Middle East, in Turkey, this will be a time to take some of the more maximum precautions if you think they have any reason to go through your devices. And we'll discuss a little bit how it might figure that out later. Because these countries may not be beholden to these international human rights norms, and there might not be very much that you can do to stop it. One of the reasons I wanted to highlight Turkey in here is that they have detained up to 75,000 people for having an encrypted messaging app on their phones, simply for having the app, not because they were accused of doing anything particular with the app. This was by lock, was the name of this messaging app. And so if you were to travel over that border and they looked through your phone and found by lock, that alone could be a reason for further detention. So if you found it and were able to discover it was recently deleted, that also might be considered suspicious. And now let's turn to the United States. In the United States these days, when you come there, the customs agents might ask you some questions like, ask you to unlock your device, to provide a device password, to disclose your social media handles so they can do public searches about them. And how you can react to this depends a little bit on who you are. If you are a US citizen, then they cannot refuse entry into the country. So while they may seize the device, but ultimately you would be able to travel on to your destination. For a permanent resident also would be able to come into the country, but there would be a little bit of after effects because they should raise questions about whether you'd be able to keep that status as a permanent resident. And for everybody else here, perhaps the majority of the room, if you are not one of these two categories, you'll be asked these questions in a situation where if you say no, they can deny entry until you have to turn around and go back to where you came from, which puts a tremendous amount of pressure to provide that access and to give up a little bit of your privacy rights. So how often is this happening? Well, at an increasing rate. Over the last three years, they have gone from under 5,000 electronic media searches to on a pace this year for over 30,000, so a substantial increase. The one thing to keep in mind is this is out of 400 million border crossings. So like at a purely statistical level, the odds are pretty low that a random person will have their device searched, but of course, this is not actually random. So whether your particular odds will vary. In addition, the US has started to undertake a program called Extreme Vetting. For the last several years, they have been collecting social media handles, alias and search results, and then providing that to the Customs and Border Patrol to ask questions about what they find. And Donald Trump has asked the DHS to expand this program just about a month ago, and this will expand to looking at things like your responses in public hearings, speeches you may have given at conferences, academic websites where you may have published a paper, and this stuff is considered sort of fair game to be questioned about as you cross the border. And at one time, this was focused on people who were coming in with immigrant visas, ones who were planning to stay for a period of time, but they have expanded that to more brief travelers. So how does this work within the constitutional and legal framework? Well, constitutional provisions do apply at the US border, but there is what's known as the border search exception, the exception that proves the rule. Routine searches do not require a warrant or individualized suspicion, but non-routine searches do need an additional level of suspicion. So what is a non-routine search? Well, it's defined as something which is highly intrusive, that impacts your dignity and privacy interest, or is conducted in a particularly offensive manner. So how does that break down with device searches, electronic searches? Well, a couple of years ago in 2013, a court of appeal found that a forensic search did require this additional level of legal process, and this is a forensic search is when they take your device, hook it up to a machine, copy the data on it, do some analytics, but a manual search, you know, where they pick it up, flip through it, just with the border agent right there, that did not. So that was the dividing line in 2013, but then in 2014, there was a Supreme Court case, Riley vs. California, where the court was looking at searches of phones, the government there was arguing that warrants were not necessary to search the phones, and the court ruled otherwise. They said that they recognized that there was a lot of sensitive data on the phone, and that it was an intrusive search that required a warrant. And we believe that that precedent should be applied to border searches. We filed a case earlier this year, Al-Assad vs. Duke, along with the ACLU, to challenge the warrantless searches at the border. The Trump administration has filed a motion to dismiss our case, which we are now litigating, so hopefully we'll be able to use that case and establish a precedent that you do need to have additional process to go through your devices at the border. Thank you. One thing where there has been some limited progress is access to the cloud. So in the Riley case, the court recognized, they used a great metaphor. They said the government's argument would be saying that it's like finding a key in a suspect's pocket and then arguing it allowed law enforcement to unlock and search your house. And that's actually a pretty good metaphor for what's on your phone, because you have a lot of credentials, saved passwords, which are essentially keys that allow the phone or your computer to unlock information that you have stored elsewhere on the cloud. And it shouldn't be because you're carrying it in your pocket that this opens up your entire life to the investigatory agent. And the Customs and Border Patrol has said, as a policy is only going to look at information that is physically resident on the device. Keep in mind that they'll still do public searches for information about your social media handles. Again, like with the Canadians, this is a policy, and so it's very important to be established as the law, but at the starting point, at least as good they have the policy. Another important thing to understand about U.S. law, and I think this could be applied elsewhere as well, is the difference between passwords and fingerprints. So many devices these days are using fingerprints as a method of unlocking. It's very convenient, and it does allow you to not have to type in your password every time. It's very convenient. But the law distinguishes between passwords because there's a lot of laws in the United States and actually in many other countries that provide you with a right to remain silent and not answer questions from the law enforcement. They have to do their investigations, but you can't be forced to answer. And those laws are bases for arguments. You don't have to provide your password. But some cases have found that there are less protections for the information that's on your finger. In addition, besides the different legal protections, there's some practical ones. If you're at the border, your device can be unlocked with a finger. The border agent could grab your finger and just shove it down the phone, and then it's unlocked and you'll be arguing later about whether they should have had access and whether, instead of whether, they can have access. And finally, if they're really interested, the government may have access to your fingerprints from other sources and they may be able to try and get into the phone using that information. So, as you're approaching the border, it's going to think, how should I approach this? How should it work for me? And it's going to depend a lot on who you are and how you want to react to the situation. So things about who you are, your citizenship, your residence, your immigration status will affect your thinking and what your chances are of getting searched and how you should react to it. You're more likely to be subjected to the search depending on your travel history if you've been to countries that are associated with terrorism, for example. Your history with law enforcement, if you have an arrest record, if you have convictions, these will increase the likelihood of being subjected to a search. And then, when you're trying to decide how you would deal with a search, you're going to have to weigh some factors about your tolerance for hassle and delay versus your desire to make a statement and stand up for your rights. And these can be very tough personal choices. If you make the decision to push back on a search, you may suffer some consequences that you're going to have to deal with. The second way that you should be looking at it when you're deciding how to react to the border and what to do is think about the information that you're carrying with you. How sensitive is that data? What is the risk that you would face if the data was seized? Both the risk that if the government got access to that data and also your risk of having loss of access to that area. You didn't have a backup, for example, and you didn't get your device back. Do you need the information when you get to the far side of the border? Or if you have the information and you can put it on the cloud, will you be able to get that information through the network that will be available on the far side of the border? The quality, both in terms of how fast they are or whether, like in some cases, there's heavy government surveillance on those networks. So, before you arrive at the border, you've got to think through some of these issues. You might want to talk with your employer about your work devices. They may have policies about whether you should be taking it over a border. May ask for some information to be deleted. They may say you should or shouldn't provide passwords if asked. Anything about protecting what you carry about there? We're going to talk a little bit more of this when we get to bill section, talking about technical protections, but things like backups, encryption, strong passwords. Then think about your online presence for your devices. Log out, remove credentials so that if they don't have a policy about looking in the cloud, they would have to at least require or ask for passwords before they can do it. So, it's tamper evident in that way. Also, put yourself in private browsing mode, so if they're looking through your web history, they won't be there. You also may consider looking at your publicly available information and shifting it to private, making it friends only on Facebook or going to a private account on Twitter. And most importantly, don't bring it. If they don't have it, they can't take it at the border. So consider leaving your devices at home if you're not going to need them. Maybe if you need a computer but you don't need your home computer, consider bringing a temporary device like a Chromebook or a burner phone. If you don't need the data that's on your device, delete it. If you do need the data, consider moving it to the cloud and then picking it up when you get to the far side. Then, as you come to the border, it's important first to plan ahead. Have an idea of what you want to do there, how you would react to various scenarios so you're not making a decision when under this very tough situation where you're under a lot of pressure of making a decision on the fly. But have a good idea of what you want to do. When you're having the interactions, be polite and respectful. Escalating the situation can lead to further problems that aren't necessary. Importantly, don't lie to the border agents. There are a lot of countries, probably almost all, will have separate crimes for giving false information or lying to governmental authorities. And that means that they'll have something over you even if there's nothing else they have for telling something that was untrue while talking to the border agent. Don't physically interfere with the search. It's probably not going to work out. They have a lot of ability to stop physical interference unless perhaps you're Jason Bourne. We'll talk about consent in a second, but if they seize your device physically from you, it's hard to say that you consented to give it to them so you can help preserve your rights. And then if something does happen as it's going down and you want to do something about it later, document it. Get names, badge numbers, agencies, get a receipt for the property. They'll give you the more power to do something about it later. And now I want to turn to the consent. First of all, there's something that often happens when the border agents are talking to you. They'll phrase things in the form of a polite question. You know, would you like to give me your password? Can I see your device? And if you hand it over in response to that, they'll say, oh, it was consent. You have waived your rights. If you want to challenge it later, say, well, you gave it up. So in some cases, you might want to clarify, well, is that an order? Am I required to do this or is that a request? And if they say it's a request, say, no, thank you. If they say it's an order, well, then you're going to get to choose your own adventure. You can choose to comply with the order. And this will mean they'll have access to your device. You have more limited legal options later. We more about trying to get them to delete the data or remove it from their systems as opposed to not get it in the first place. But you'll probably be able to much more quickly go on your way, make your connecting flight, go to that conference that you were going to attend. Or you can refuse to comply, stand up for your rights. And that can provide you greater legal options later because you can challenge their ability to do it. They can challenge their ability to get into your device by not providing the password until it has been adjudicated in the court of law. But this comes with consequences. There's a situation, the device may be seized, you may have future trouble the next time you're going over a border. So these are difficult choices and will depend on your particular circumstance. And then after the border, again, document what has happened. If there's freedom of information laws in your jurisdiction, you might want to use those to get more information about what happened, see what public records could be provided. And another important thing, if you did make that choice to hand over your password, change it. They will keep that password and it will be available to them for future border crossings. And if it's a password to publicly available or websites, they may use it to go on there. So change any passwords that they may have gotten access to as soon as you can. And with that, I'll turn it over to Bill to talk a little bit more about technical measures to protect yourself. Thank you. Thanks very much, Kurt. Yeah, so in addition to the legal protections that you have at the border, there are some technical measures that you can take to protect yourself in general. As Kurt said, the best thing is to not bring your device with you. If you don't have your device with you in the first place, then there's no data that they can get from it. In addition, you'll have the benefit of not being able to be contacted by your boss. You can also use temporary devices, and that might also provide some protection. You don't have legal measures. You don't have your apps that are installed in your device logged into various accounts like Twitter or Facebook. Then they can force your fingerprint onto that device and have your information immediately. But if you do choose to actually bring your device with you, then there are some measures that you can take. If you do them right to protect the data that's on those devices. So just kind of going to some of the capabilities, the technical capabilities that the border agents are able to get from your device. This is a slide from a company's website called Celebrite. Celebrite is a forensic analysis company. What they do is they basically create software for law enforcement to take Android devices and use the JTAG interface to image those devices and get data off of them. Not only do they do this for law enforcement, but they say right on the website that they're operating in 100 countries across the world and working with Border Patrols to do this. So we know that they're doing this at the border as well. And you can see the kind of different categories. This is an actual Celebrite report that they've generated from an image from a cell phone and this is categorized by calendar, call logs, these different things that they can get from your device after imaging it and analyzing it. It's important to kind of look at the right side of the column because you can see that there are numerous categories that have deleted items. So not only can they get the files, the contacts, events that you have currently stored on your device, but they can also get those that you've deleted in the past and we'll go over some protections against that as well. So the most powerful thing that you can do in general to protect your devices when crossing the border is employing full disk encryption. It's an extremely powerful measure to have your devices encrypted as you cross the border in general. And the important part is that this protects your data at rest. It does not protect your data when you're transferring it over a website. That's a different mechanism. So this is encrypting all the files on your device when you're crossing the border, the device's files. And it's only as important and always as secure as the passphrase that you choose to encrypt that device with. In most cases, the screen unlock is a different passphrase from the full disk encryption passphrase. So you need to be aware of that. This is especially true with desktop devices and not so much with mobile devices in general. So certain devices have this separate coprocessor that actually increases the security that you have at boot time when you're entering your disk encryption passphrase. One of the things that it can do is it can basically throttle the number of attempts that a third party can use when they're guessing, when they're actually trying to go through the guesses of your device passphrase. It can lengthen the amount of time that it takes after each subsequent try and slow it down if you have numerous incorrect attempts. And also it can lock the device after a certain number of tries. I think it's with iOS it's about ten tries and make it that device not actually capable of unleashing the contents and unlocking the device. This is due to a piece of a coprocessor that's on every iPhone since the 5S called the Secura Enclave. And what the Secura Enclave does is it takes that pane or passphrase that you have chosen and it entangles it or mixes it with several different things that are stored in the Secura Enclave itself. These are sources. This is key material that is stored in the UID that's burned into the Secura Enclave at manufacturer time as well as a GID which is basically flashed and you can change but you can't read the contents off of the Secura Enclave. And that's where this kind of exfiltration resistance property comes from. So when you want to choose a good passphrase you really want to look for a strong passphrase as that because these are critical for actually securing the device in a proper way. In modern situations with modern hardware trillions and trillions of guesses can be tried in a very, very short period of time. They use huge word lists and complex combinatorics to make it so that they can brute force your passphrase and get at the contents. So what we recommend is using five or six random words in order to choose your passphrase. This is pretty resilient against those brute force attacks. And again, it can kind of be a very memorable passphrase too. If you have five or six different words then you can create a story. A story about how that passphrase works. A great example is XKCD's correct horse battery staple comic that you probably are familiar with. In addition, you can kind of look at our website and get a good list of dice phrase passwords that you can use and look into the methodology of how to generate these passphrases. So with device encryption there's mobile support across the board for device encryption pretty much at this point. Android has implemented partial support since 2013. Android 6.0, you know, implemented. Only if Google apps are enabled. So basically since Android stock is an open source operating system, anyone can take it and implement it. But if you have Google apps installed on that device there's a contractual obligation to actually implement secure and full disk encryption. And iOS has had it for a long time ever since the iPhone 3GS and iPod Touches have it with a third generation later. This is kind of what it looks like on different OEMs. On the left we have an Amazon Fire HD 10 and on the right we have a 5X device and you can kind of see that there are different UX indicators that your phone has full disk encryption. And in general in desktop OS environments you can see that ever since 2013 this has been widely supported by Windows and Mac OS and also Linux has had it for a very long time in most distributions that's been available ever since the mid-2000s. So the important thing to know when you're using disk encryption is not to forget your passphrase because if you forget your passphrase in most cases you actually aren't going to access the data in general that's stored on that device. Some tools like BitLocker on Windows will allow you to kind of transfer your passphrase to Windows and to let Microsoft know what it is. And you know that means of course that if you're letting Microsoft know what it is and they can unlock the contents of your laptop. So you should, if you want to use this keep in mind that you have to be really comfortable with Microsoft being able to access all your data. One thing that you can do is also turn off the fingerprint unlock as Kurt mentioned but one thing that is probably more effective is actually turning your device off and when you turn your device off and then bring it back up you can turn it off before you cross the border bring it back up when you cross the border and it'll prompt you again to your full disk encryption passphrase and it'll bypass the screen unlock that's in your fingerprint. This also means that it's going to prevent DMA attacks, direct memory access attacks or zero days on screen unlock programs but of course this really only works if you have a password set at all and you might remember this. So moving on from full disk encryption passphrases and disk encryption there's also a mechanism called trusted boot and it's a way to ensure that the boot process in general is verified and trusted by the operating system so it goes all the way from the pre-boot sequence to the operating system loading itself and this requires some kind of a hardware trusted platform module or equivalent piece of hardware that's built into the device that's separate from the CPU and this verifies the boot sequence all the way to the OS and it can kind of provide this neat thing called remote attestation that lets you know as a user that the boot process has been secured. One of the most clever implementations of trusted boot was demonstrated by Tremel Hudson last year at CCC and it uses this thing called trusted platform module time-based one-time password and what this does, and this is an example of it you have the seed for the TOTP that's actually encoded in the TPM and then it attests the boot process generates a one-time password which you can verify with an Android app like Google Authenticator I thought that was a really cool implementation there's mobile support for trusted boot as well there's iOS's low-level bootloader which bootstraps iVoot which boots into the operating system itself an Android 4.4 and later it's called verified boot and it uses the trusted execution environment and Android devices in some cases where they're available so you can check if your device has this and is equivalent to trusted boot one thing to keep in mind about that though is that software support for trusted boot is only available in two different Android operating systems one is stock Android and two is Copperhead OS which has a very high level of security if you're using something like Lineage OS you won't get the benefits of trusted boot and on the right here we have a graph which shows what the boot process looks like in these various different configurations and if you've loaded a third-party ROM so you know in trusted boot desktop support for Windows 8 has this thing called secure boot what's important to keep in mind about secure boot is that well it's an UEFI standard that Windows uses and it's not trusted boot it doesn't secure against local attackers trusted boot does Windows 8 and the secure boot mechanism really doesn't and it's not intended to it's good against remote attacks but it's not going to protect you much if you're at the border Linux supports various different distros that have trusted boot available for them you can use self-sign keys in many cases but you should check on your hardware support if it's available for you Chrome OS has had this built-in since the beginning and in the form of a it's called verified boot just like it's available in Android verified boot has gotten better over time against local attacks and Mac OS has secure boot available on an iMac Pro but if you're at the border iMacs aren't really used for travel very much unless you're very audacious so secure deletion you can kind of see the secure deletion method that Elliott on Mr. Robot uses by microwaving his hard drives but if you're not as enterprising as Elliott and you might want to bring those devices over the border then you can use secure deletion and what's important here is that secure deletion is very different from simple deletion if you simply delete a file on your hard drive then that's not going to do much it just erases the lines around saying this is a file all the data in those files are actually still there so border agents have these complicated forensic tools and even simple tools can get those files back but border agents have things like celebrate as I mentioned before and they can recover these deleted files emails contacts etc and so secure deletion should be really be used if you want to remove those files and there are various tools that you can use to do it but there are also some caveats and you know when we're talking about secure deletion you think about things like factory reset or formatting factory reset it depends it may or may not actually remove the data securely from your device it depends on your OS and it depends on if you have full disc encryption enabled in the first place so that's important to keep in mind factory reset often doesn't cover things like if you have for instance a SSD that's entered into your phone and you do a factory reset it's not going to oftentimes delete the data in that phone so that's kind of something that you should keep in mind secure deletion is quite easy on laptops but sometimes it's hard to find tools that work well on mobile platforms or tablets in addition when you're talking about USB flash drives SSDs memory cards and the like they implement something called ware leveling which means that when you're doing writes and reads to those cards they kind of spread them across the solid state and that means that the OS has no way to introspect to learn about where on the SSD those bytes are being actually stored so you can't use programs that do secure deletion on these so that's kind of something that you can't reliably do for SSDs memory cards and the like when we're talking about formatting there's two definitions of formatting, two different things there's something called a high level format which definitely does not delete the data that you want to securely delete and then there's low level formatting which by and large will delete the data that we really want to get rid of and some of the tools in secure deletion there's a distinction between the individual files that you might want to delete and then there's free space that you want to delete Linux has tools like scrub and scrub is good with the dash X argument if you want to delete and override all the free space with zeros and zero out that free space and it can also be used for individual files Wipe is another tool but both Linux and Windows have a utility called Bleach Bit which we can delete not only individual files but also things that you might not even think about like browser history thumbnails, cache of different programs that you have installed so this is kind of a good way to get down to the things that you might forget about but again it might be imperfect too so you should look into how well it works and finally for mobile devices I think the best thing is to actually use disk encryption and this can be used as a kind of way to do secure deletion so if you have your full disk encrypted then you actually make it unreadable unless you have for instance that passphrase often the way that disk encryption works is that you use a passphrase to unlock a short AES key in the beginning of a partition and then like go and it actually uses that then to decrypt the entire drive but if you use, if you wipe that decryption key in the beginning of the drive then this will make the data fully unavailable so that's one way to actually make sure that your files are securely deleted this is kind of built into what's called factory reset in iOS and also power wash on Chromebooks in Linux this can be achieved by formatting your hard drive and just reinstalling it from another copy of it and finally cloud storage, cloud storage is a good way to basically move those vital files off of the device that you want to be somewhere else and often is the case that if you upload it to the cloud and you have less legal protections than having it on your device but when you're crossing the border this actually might be the reverse you might have better protections when you're crossing the border if you have your contents of various files on the cloud instead so this is kind of a process of data minimization and you know you can kind of hide those files from cards and also kind of makes it better for theft when traveling abroad but of course there is no cloud there is just other people's computers and in cloud storage you have risks, you have the risk of a government coming and issuing a subpoena to a third party to your cloud provider and it's them saying fork over the data and that can be very dangerous I can actually get your data to the government, hackers don't need a subpoena to get back into the cloud servers and get that data themselves and also unfortunate fact is that most cloud providers only offer encryption when uploading it in transit to something like Dropbox and it's just sitting there for all to see in the server side when you have it actually on Dropbox itself so there are some services that offer client side encryption and you encrypt the files on your local device before ever sending it up to the cloud and this is often called zero knowledge in the industry it's kind of a weird terminology because it's different from zero knowledge proof that you might know from cryptography it provides protection against again governments and hackers but you should really remember to back up and remember your key material and passphrase if you're using this method so here's a kind of chart of the different services that offer client side encryption and do not offer it you'll notice that the most popular services don't actually offer client side encryption and you have to use some of the lesser known services in order to really get the best protection for your cloud backups and finally you can use a self hosted service like own cloud or next cloud if you're not trusting cloud services in general and just want to host your own way to back up your files and this comes with some advantages and disadvantages one advantage is that I call it subpoena resilience which means that you'll have the subpoena come to you directly so you'll actually know about it whereas your cloud service provider might actually never tell you and the other thing is that with own cloud and next cloud they have a service that allows you to use client side encryption as of next cloud 11 which is coming out in some point next year they're going to offer client side encryption as a default so that's a great way to protect your data by yourself in a way that you control but one really important consideration to keep in mind is that you want HTTPS enabled on your server when you're using these cloud services if you're self hosting so some of the takeaways from this is that best offence is not to bring your device with you you know you might kind of be a little less stressed out if you just don't have that device with you in the first place secondly if you do choose to bring your device with you use full disk encryption use a trusted boot a computer that enables trusted boot has it built in and you employ some data minimization practices that can offer some powerful protections for your data in general so with that thanks very much and I think we're going to turn it over to you questions alright thank you, thank you everybody that was great advice ok we'll have a short Q&A we have about 8 minutes so people queuing up on the mics here, here you are, sorry excuse me so first one number three please one sentence with a question mark at the end right what can you tell us about devices being bugged at the border so spy programs putting on it yeah so if you have some kind of a trusted boot mechanism then if they can't get into the operating system level then you know some spyware that is installed the operating system level they can't actually get to you in the first place so that's a good protection ok, hang on there's a question from the internet yes, thank you I think it's a good idea to have a dummy account or dummy profile on a device one of the challenges with having a dummy account or dummy profile is that in the context of discussing it you may be put in a position where you would be giving false information to the border agent and then if it was discovered that there was a different account then you would have potentially open yourself up to a penalty for giving that false information that then could be used to give tremendous pressure upon you to access the rest of the device as you might be facing some jail time ok, let's try the mic on the left side please you said do not lie to border agents what about claiming I just forgot my password and what about saying it's 200 characters on a random sheet of paper under my bed well, one of the things we do would be to actually not know your password I still stand by, don't lie to the border agents but if you actually don't know your password then you can truthfully say that and then perhaps when you get to the far side you could have some other mechanism of getting that 200 character password to you so you could unlock your device so that may enable you to be truthful about it and not be able to give up the information keep in mind that if you're in a situation where if they don't like your answers they can refuse to have you come into the country they may do so even though you say you don't have they may not care why you can't give it into them but be dissatisfied enough to turn you away ok, thank you over here please on the SSD erasing, I just wanted to comment that if you delete your files and then write a random file over the whole disk you will get most of the solid state data covered and replaced but my actual question is do you know if there are already forensics tools that can retrieve the data that's after I've trimmed my data and it's still on the solid state side on the SSD drive can I read that out by trim do you mean securely delete no no, I mean when I delete my files the trim system will just tell the SSD that these blocks are not used anymore but they are still set on the solid state side so do you know if forensic tools can actually ask the SSD hey, tell me what's hidden there that you marked deleted but what you still have programmed in so that I can retrieve the data if that wouldn't be available then I wouldn't have to do the extra arrays that are just the extra overwrite that I just suggested yeah, so I'm not aware of any tools like that one thing to know about SSDs is that they have embedded firmware in them themselves so you can continually see an SSD card that actually kind of exfiltrates any data that you write to it to some kind of hidden extra partition I think a Bunny Huang actually has done a lot of research on that so if you want to look into that that's a good place to start okay, thank you another question from the internet thank you, first a brief comment where our script has been missed on your list of encryption tools and then the question do you know a zero-knowledge cloud client for a common cloud provider maybe even open source so that we can see that it actually encrypts so for the common cloud provider that uses client-side encryption you know there are the main ones that you might have heard of your whole family might have heard about don't really offer it in general but if you have a semaphore or if you use spider oaks programs and they are kind of a well vetted system for doing client-side encryption back up some of the cloud okay, thank you one more question on the left side here so my question is less technical maybe more legal I was wondering regarding being careful about consent and kind of choosing your own adventure is there a distinction any meaningful distinction between complying with a search and consenting can you say I understand that you're ordering me to submit a password, submit a phone I'm going to comply with that under under duress not consenting to keep your legal options available in the future I think there are important distinctions and I think in the truth is even if somebody gives what appears to be consent under their circumstances there's actually some pretty good arguments that that's not a freely given consent you're under tremendous pressure you're being kept away from other forms of communications it is a situation in which the people have tremendous power over you and so I think even if you said I'm not consenting but here you go you could certainly argue that that wasn't consent and I think there are all circumstances where you're like fine you could say that you weren't really consenting to that but more clearly you say that you're not consenting or the more clearly you clarify whether it is a request or an order that could help your situation later especially if you were able to clarify that it is just a request and thereby say no we'll take one final question just before all the frustration breaks out Kurt and William said they'll be at the EFF stand which is in level plus one on the CCL so if you people have questions we'll take one final question on the right side yes adding on top of the dummy account question I'd like to ask if you can recommend a program that automatically does which these accounts based on which password I enter into my device yeah so plausible liability kind of schema I believe that there are the schemas out there but I think Kurt probably has an opinion about whether you should use them or not as before you're taking a risk by trying to do that if that is discovered that is really suspicious to them and so that highly escalates the matter so you're trading off this possibility that you'll be able to appear to be cooperative and not have them access to the true information against the possibility that they discover that something funny is going on after they put it through the cell bright or not and see there's a lot of data that they're not able to access and then the consequences ratchet up I think that it's a relatively high risk if something goes wrong that you'll be treated as a very suspicious person I know that there is another piece of software that backtrack uses that if you enter a certain like blocks pass raise you'll instead delete the contents of your device you did that at the border they would find that extremely suspicious just saying it's out there okay thank you I'm afraid we'll have to close this now let's give a final big hand for Kurt Obdahl and William Barring