Amid the recent news of a U.S. citizen being asked to turn over his phone to authorities at a border crossing, Sophia Cope of the Electronic Frontier Foundation has tips on digital civil liberties.
Related, “Attorney representing a student protester detained by federal immigration agents”
When a man in Michigan was heading home on Sunday from a family vacation in the Caribbean, he was stopped in the Detroit Airport. Federal officers, border agents, detained him, interrogated him and pressured him to hand over his cellphone. The man is a U.S. citizen. He’s a civil rights and criminal defense attorney, and among his clients is an activist who has been charged in connection to a pro-Palestinian protest at the University of Michigan.
Archived at https://web.archive.org/web/20250410185452/https://www.npr.org/transcripts/nx-s1-5357455
Face scan unlock is NOT enough. When crossing the border turn OFF the phone. Don’t just lock it, full off. The security protections from cellibrite attacks are much much much much stronger if it is off
Even so, off is better. Disk is unencrypted when on, leading to potential extraction. When off, there is more protection
It’s important it’s encrypted as well. Disk Encryption isn’t a default on option typically.
If it’s disk encrypted and the device is powered off, only a valid password (not biometric) will unencrypt it from off.
Edit: and a good device would encrypted it using a hardware module that will only work in that device for that hard drive, so they can’t clone the drive out and try a bunch of easier pins as it’d be missing the hardware piece. Easier pins would only work if done on your phones hardware.
How is it possible to setup disk encryption on smartphone?
Btw on Android you can enable an option, that your phone will be erased and restored to fabric settings, if you enter wrong password/pin 20 times. So its useful too
It’d be a device by device thing. Looks like Pixels do it be default, but I wouldn’t assume all do. It’d be a setting if it’s not default.