I’ve become a modern day weapons dealer. When I travel across borders, even that of my own country, I have to consider that any number of people may request, or try to steal, copies of my data. This state is true for data on laptops, portable drives, phones, and crossing sovereign borders. I could encrypt my data on all of these devices (well, some at least) but then I have to add on worries about encryption laws at the border. All of this sounds like some paranoid fantasy or for people with jobs in the secrecy industry. I am not paranoid nor do I work in the secrecy industry. I just want to be left alone and not have to have some targeted expedition cast my vacation pictures in a suspicious light.
I see two main options for myself. Travel with nothing or opening everything.
Travel with nothing
This means wiping everything on devices and putting them back to bare-minimum condition, sort of like how you bought them off the shelf. You then need to plan to upload your data somewhere you trust. Once in country, you simply download the data and use the device (laptop, phone, tablet, etc) as you would normally. The challenge here is that my data is in virtual machine images of 10-50GB in size. Only in Sweden have I found sufficient bandwidth at hotels, conferences, or coffee shops capable of downloading this much data in a convenient amount of time. And by convenient, I mean downloading the data overnight. There are some concerns about downloading this much data, about carrying it around in country (possibly illegally), and then uploading everything before wiping the devices so you can travel again. Rather than going through all of the details, the EFF has a fine Surveillance Self-Defense site about things to do if this option appeals to you.
This sounds plausible. Try it with your family first and see how easy it is.
Living a fully transparent life is already possible. Many people do it already under the title of lifestreaming. Just post everything you do in full detail on the Internet for all to see. Many law enforcement agencies are already doing this collation without telling you. Your life is probably far more public and collated than you want to believe. Girls around me is just the start of what’s available. See what your phone company records about you in realtime.
Since the pink elephant in the room here is that governments have access to all of this data, why not remove the control bit and share everything? Facebook is working towards this reality for every member (well, every member except some elite people at Facebook like Mark Zuckerberg). If what you share is public all of the time, in a fully transparent bubble, then it should be pretty easy to explain what’s going on, what you’ve done, and why. What about emails, tweets, and other few to few messaging mediums? Do you make this public too? How will this affect relationships when others aren’t as accepting of your new found transparency. Why not share your genetic information too?
Based on the differences in these two options, you can already tell where my preferences lie.
How I travel internationally
I don’t have answers, I do what I do because it feels right to me. I don’t really have much to hide, at least that I know about. I’m sure someone could find I’m any one of the four horsemen of the infocalypse pretty easily by taking things out of context. I’ve been doxed, had my legal identity exposed by third party companies twice, and been the subject of a corrupt database where my legal identity was crossed with a convicted criminal. It’s not like I have control over any of this, situations keep trying to expose my life for me. Enough lead-in, here are my steps:
- Backup everything to an external truecrypt volume.
- Have a dedicated travel laptop and phone.
- Install a fresh operating system on the laptop before every trip with fully-encrypted drive. Sometimes I use freebsd, other times, debian. No real preference, just what I have available.
- Have a GSM phone just for travel. I reset it to stock environment before each trip. I buy a SIM card in country and use it for that one trip.
- Upload a copy of the encrypted, minimum dataset I’ll need when traveling to a server I trust on the Internet. I do not use third party services (like dropbox, gmail, etc) because then I have to trust them too.
- Depending upon the destination, I load a portable USB drive with a copy of the encrypted, minimum dataset. My decision to take the drive with me is basically around the encryption laws at the destination. Traveling to, or through, the UK means nothing is encrypted. Falling afoul of the RIPA law and spending an extra 3-5 years there (on the slim chance I’m questioned, arrested, and asked to divulge my keys) is just not worth it. This sounds crazy, but maybe not that crazy.
- Travel and don’t worry about anything. If the laptop or phone gets stolen, I can buy a new one. If the laptop or phone is taken by border control agents, copied, and handed back to me, I can buy a new one or be assured they got nothing.
All of this takes about 2 hours of time to do. Most of the time is installing the operating system and applications. I can pack my suitcase during this time as well.
I travel light anyway. I’ve just extended it to my data practices too.