Pre-Travel Device Preparation
Back up everything, then strip down your devices
Before any international trip, create a full encrypted backup of every device you're bringing. Then remove data you don't need for the trip: sensitive work files, personal photos, browser history, saved passwords, and messaging app archives. The less data on your device at the border, the less there is to inspect or compromise. Consider traveling with a clean "burner" laptop or phone if your threat model warrants it.
Enable 1Password Travel Mode
1Password's Travel Mode lets you mark specific vaults as "safe for travel." When you activate Travel Mode before crossing a border, all non-travel vaults are removed from your devices entirely — not just hidden, but actually deleted from local storage. Only vaults you've marked as safe remain accessible. Once you're through the border, deactivate Travel Mode from the web app and your vaults sync back. This means even a full device search won't reveal credentials you've excluded.
Harden your device settings
Disable biometric unlock (Face ID, fingerprint) and use a strong alphanumeric passcode instead — in many jurisdictions, authorities can compel biometric unlock but not passcode disclosure. Turn off Bluetooth and Wi-Fi auto-connect. Enable full-disk encryption (FileVault on Mac, BitLocker on Windows, native encryption on iOS/Android). Disable USB debugging on Android. Set your phone to require a passcode immediately on lock.
Log out of cloud services and clear browser sessions
Sign out of all email, cloud storage, social media, and messaging apps before approaching the border. Clear your browser history and cookies. If an officer gains access to your device, logged-in sessions give them access to your entire digital life — not just what's stored locally. You can re-authenticate once you're safely through customs using your password manager.
At-the-Border Protocols
Power off devices before reaching the inspection point
Shut down your phone and laptop completely — don't just lock them. A powered-off device with full-disk encryption is significantly harder to access than a locked one. On modern iPhones and Android devices, the first unlock after a restart requires the passcode (no biometrics), which provides the strongest legal and technical protection. This state is known as "Before First Unlock" (BFU) and severely limits forensic extraction tools.
If asked to unlock your device: know the decision tree
Stay calm and polite. Ask whether the request is mandatory or voluntary — in some countries (US, UK, Australia), border agents have legal authority to demand device access. In others, you can decline with limited consequences. If you refuse at a US border, CBP can seize the device for up to 5 days. They cannot deny entry to a US citizen, but they can significantly delay you and confiscate equipment. For non-citizens, refusal may result in denied entry. Document the encounter: note officer names, badge numbers, and timestamps.
If you must hand over your device
Watch the inspection if allowed. Note what the officer does with your device and how long they have it. After you get it back, assume it may have been compromised: change your device passcode, rotate passwords for any accounts that were logged in, check for unfamiliar profiles or certificates installed (especially MDM profiles on iOS), and run a malware scan. If you travel frequently to high-risk destinations, consider a full device wipe and restore from your pre-trip backup.
Know Your Legal Rights by Country
United States
CBP claims broad authority to search electronic devices at the border without a warrant or probable cause. A 2021 court ruling requires "reasonable suspicion" for advanced/forensic searches but not for basic manual searches (scrolling through files). US citizens cannot be denied entry for refusing, but devices can be seized. Non-citizens risk denial of entry. Attorney-client privileged material has some protections — assert privilege clearly if applicable.
United Kingdom, Canada, and Australia
The UK's Terrorism Act 2000 allows officers to require device passwords at ports — refusal is a criminal offense punishable by up to 3 months in prison. Canada's CBSA can examine devices at the border under the Customs Act; recent court rulings require officers to have "reasonable grounds to suspect" a customs offense. Australia's Border Force has broad powers to compel access to devices and refusal can result in detention of the device and criminal penalties.
EU, Japan, and other jurisdictions
Most EU member states require judicial authorization or reasonable suspicion for device searches at borders, though enforcement varies. Germany, France, and the Netherlands generally have stronger privacy protections than the US or UK at border crossings. Japan rarely conducts device searches of tourists. Countries like China, Russia, and the UAE have broad surveillance authority and may inspect or clone devices without disclosure. Research your specific destination before traveling — laws change frequently.
Frequently Asked Questions
Can border agents access my cloud data if I hand over my phone?
If you're logged into cloud services (email, Google Drive, iCloud, Dropbox), an officer with access to your unlocked device can view anything those apps can access — which often includes far more data than what's stored locally. This is why logging out of all cloud services before reaching the border is critical. CBP policy states officers should not search cloud-only content, but in practice the boundary between local and cloud data is blurry on modern devices.
Should I use a burner phone when crossing high-risk borders?
If you regularly cross borders where device inspection is common or where state-level surveillance is a concern (China, Russia, UAE, or even frequent US/UK crossings with sensitive data), a dedicated travel device is strongly recommended. Use a clean phone with only the apps and data you need for the trip. Keep your primary device at home or ship it separately. Many journalists, lawyers, and corporate executives traveling to sensitive regions follow this protocol as standard practice.
Does disabling Face ID / fingerprint actually help at the border?
Yes. In the United States, courts have generally held that compelling a passcode may violate the Fifth Amendment protection against self-incrimination, while compelling biometric unlock (fingerprint, face) does not receive the same protection. By disabling biometrics before reaching the border, you ensure that any request to unlock your device requires your passcode — which has stronger legal protection. Simply powering off your device achieves the same effect, since modern phones require a passcode on first boot.
Recommended Products
Products we've tested and recommend for this topic. Affiliate links — disclosure.
1Password
$2.99/mo
Travel Mode hides sensitive vaults at border crossings with one tap.
View on Amazon →Kingston IronKey Locker+ 50
~$45
Hardware-encrypted USB drive for sensitive documents while traveling.
View on Amazon →