Earlier this month in Australia, a couple (Australian citizens) returning from Fiji were intercepted by the Australia Border Force.
They were taken to a room to surrender their phones and passwords for a “random data security search”; failure to comply would possibly lead to arrest.
Thanks to the new encryption laws introduced in Australia, the penalty for refusing to unlock your phone after a warrant has been granted is now 10 years imprisonment (it used to be 2).
They complied, writing their passwords on paper and giving up their phones. Half an hour later the phones were returned to them and they were allowed to leave.
“Who knows what they’re taking out of it? With your phone and your passcode they have everything, access to your entire email history, saved passwords, banking, Medicare, myGov.”James, “Returning travellers made to hand over phones and passcodes to Australian Border Force”, The Guardian
In 2016 reports surfaced of a man suing the Australia Border Force for an incident in 2014 when his phone was confiscated and used by an ABF official to send and delete text messages. He was also strip searched against his will and missed his flight by the time he was released.
What can I do if it happens to me?
Despite 7news’s claims that there’s “nothing you can do about it”, the following are things you can do:
1. Enabling Multi Factor Authentication
Whenever possible, set up Multi Factor Authentication for important personal accounts: in particular Google, emails, social media, banking apps (and password managers, if you use one).
I recommend using an authenticator app such as Duo or Authy, as SMS authentication is less secure. LastPass also offers an authenticator (as a paid service).
Physical authenticator keys (such as those offered by Yubico) are worth a mention, but they aren’t viable in this scenario as they can be physically taken from you by the ABF (unlike your fingers).
2. Encrypt your phone & SD storage card
Ensure that your iPhone or Android has encryption enabled (same applies to SD cards). Encryption provides an essential layer of security for your data and privacy.
Note: Older phones may experience a drop in performance after enabling encryption.
3. Using “Applock” Applications
(Obligatory caution: such apps require greater system access/permissions to control access to apps.)
3rd party “applock” apps are available on both Android and iOS with many paid and unpaid versions. They allow you to restrict access to any (or all) apps with password, pattern or fingerprint locks.
There’s also a feature that takes a photo each time there’s an unsuccessful access attempt using the front camera. Being able to identify who attempted to access your phone may be useful.
If your fingerprint lock every app on your phone, they should not be able to access them even if they unlock your phone. They’ll also be subject to a barrage of ads if you’re using a free app (definitely a bonus!).
4. System Wipe/Clean Install
And lastly, the nuclear option: a complete system wipe prior to going through customs.
Consider saving yourself the headache of resetting your main device and take that old phone on a holiday instead.