International Travel Cybersecurity

• While traveling within the United States, TSA agents at the gate are not allowed to confiscate your digital devices or demand your passwords.
• Different rules apply to U.S. border patrol agents and agents in other countries. Federal border patrol agents have broad authority to search everyone entering the U.S. This includes looking through any electronic devices you have with you while you are traveling. They can seize your devices and make a copy for experts to examine offsite.
  • U.S. Customs and Border Protection's Inspection of Electronic Devices fact sheet.
• Encryption: Although encryption is recommended to protect sensitive information in case your device is lost, stolen, inspected or confiscated, some countries restrict the use/importation of encryption software. The U.S. may also restrict its export.
  • Additionally, international travelers can be required to decrypt devices and files at border crossings, including when leaving or re-entering the U.S. The best advice is not to carry information that would be a problem for others to obtain or access.
  • See UC's International Travel webpage for information, including lists of countries with travel restrictions, and links for additional help.
  • If you are not able to use encryption software at your destination, contact your IT support staff for guidance.
• There are special rules for bringing electronic equipment, research, intellectual property, and encryption technology abroad. Traveling outside the U.S. with laptops, tablets, smart phones, or storage devices involves special considerations and may require an export license.
• Other private data. Aside from export control laws, University policies regarding protection of student, financial, and HIPAA-controlled data recommend that such data not be stored on devices taken outside the U.S.
• Consult with experts in Export Control well in advance of your trip if you are planning to take University equipment, data or technology outside of the United States.
  • Export Control Basics
  • Export Control Checklist (PDF)
  • What You Need to Know Before You Travel Outside the U.S. (PDF)

• Travel only with the data and devices that you need. If you don’t have it, it can’t be stolen or confiscated. This may mean leaving some of your devices at home, removing personal or University data from your devices, or shifting your data to a campus-approved secure cloud service. If possible, avoid traveling with any sensitive or confidential information on your laptop, USB drives, mobile devices, etc.
• If you’re traveling on UC business, check with your IT support staff about the possibility of getting a clean, encrypted laptop and/or phone that contains no sensitive data, no local passwords, etc. Also check with your department for specific policies about device use and traveling abroad.
  • If you are in UC San Diego Health, please contact their Service Desk (login required) and request to borrow one of their travel loaner laptops.
  • Campus IT Services is in the process of developing a loaner laptop program as well.
• Encrypt all devices and data that you take with you.
  • Secure Your Mobile Devices
  • Full Disk Encryption (FDE), provides an additional security control at the hardware level. It automatically converts data into a form that cannot be understood by anyone who does not have the key to undo this conversion. FDE is especially useful for laptops and small computing devices that can be lost or stolen.
    
    • If you use your personal laptop to access UC San Diego information, we strongly recommend that you enable native FDE technology. Solutions include:
      • Windows Bitlocker
      • Mac OS X FileVault
    • If you use a UC San Diego-owned laptop, please contact your local IT support staff. If you don't have local IT support staff, contact IT Services Security.
  • You may need to verify whether the location you are traveling to has restrictions on encrypted digital content. If you are not able to use encryption software at your destination, contact your IT support staff for guidance. 
• Password protect all of your devices. Use strong passwords, passcodes, or smart-phone touch/facial ID to lock and protect your devices.
• Change any and all passwords you may use abroad.
• Back up your data.
  • Securing Your Data and Workspace
• Set up multifactor authentication for your personal accounts whenever possible for an additional layer of security.
  • LastPass - Multifactor Authentication
• Update your operating system and apps/ software, including antivirus protection, to make sure you are running the most secure versions available. Contact your IT support staff for guidance if necessary.
• Turn on "Find My [Device Name]" tracking and/or remote wiping options in case of loss or theft. Make sure you know how to use these tools before you go.
  • It is possible to remote wipe your device if your account is in Office 365:
    1. Using the Outlook Web App, click the settings gear, then click Options.
    2. Under General, select Mobile Devices.
    3. Choose the mobile device that needs to be wiped, then click the Wipe device icon.
    4. Click Yes when prompted to confirm.
• Log out of browsers and apps, remove any saved login credentials, and clear your browser history. This will help prevent anyone from accessing your accounts or information without your knowledge. Also delete apps you no longer use.
• Clear your devices of any content that may be considered illegal or questionable in other countries.
• Stay informed of TSA regulations. Check the State Department's website for any travel alerts concerning the specific countries you plan to visit (including any tech restrictions) and guidance on travel to high-risk areas. They also provide information for U.S. students traveling abroad, as does the FBI.

• Power off your devices before you arrive at the border. This will help resist a variety of high-tech attacks.
• Do not put devices into checked baggage. Checked baggage can be lost, stolen, stolen from, or tampered with. If desired, or it is required due to travel from one of the 10 airports noted above, use a TSA-approved lock.
• Always keep your devices with you. Carry them on the plane, train or bus, and keep them nearby, within your sight. Avoid putting devices underneath the seat or in the front pocket of your seat. Devices can easily become lost, stolen, or tampered with. If you become separated from your equipment, there is a possibility that it has been compromised. If your equipment is confiscated or inspected by any foreign authority, then it should be considered compromised.
• Be careful when using public wireless networks or Wi-Fi hotspots; they’re not secure, so anyone could potentially see what you’re doing on your computer or mobile device while you’re connected. If traveling to countries outside the U.S. and Europe, you should presume that the network itself is not secure. If you need Internet access, make sure you know who the reputable carriers are and only connect to them.
• Use the free, campus provided Virtual Private Network (VPN) software to make sure your network connection is secure (encrypted).
  
  

• Connect to the Internet securely. The above advice about avoiding public Wi-Fi, using the campus VPN, and considering networks as unsecure in general also apply after you arrive.
• Physically protect yourself, your devices, and any identification documents. Keep your devices with you at all times during your travels. Do not assume they will be safe in your hotel room or in a hotel safe.
• Do not plug in untrusted accessories. Accessories that come from questionable or unknown sources can be infected with malware intended to steal your information. Avoid plugging in any untrusted accessories (flash drive, charging cable/station/port, SD card, power stick, etc.) to your device. Try to bring all necessary accessories with you, but if you must purchase something abroad, make sure it is from a reputable source.
• Never log into anything when using public computers. They may be loaded with keyloggers and malware. If you use a device belonging to other travelers, colleagues, or friends, do not log in to email or sensitive accounts.
• Disable Wi-Fi and Bluetooth when not in use. This protects you from harmful connections and some types of tracking technology.
• Wait to post about your trip on social media until you return home.

• Change any and all passwords you may have used abroad. Regardless of whether you used them on your device or a public computer, they may be compromised.
• Run full antivirus scans on your devices.
• Check your statements. If you used a credit or debit card while traveling, check your monthly statements for any discrepancies for at least one year after you return.
• Delete unneeded apps. If you downloaded any apps specifically for your trip and no longer need them, be sure to delete them and the associated data.
• If you had a loaner device, don’t connect it to the network when you get home. Return the device immediately to your IT support staff so they can help you access it safely.

Inspection of electronic devices at the US border 

• UC website: Traveling with Electronic Devices: briefly reviews the relevant law permitting border searches, describes key U.S. Customs and Border Patrol (CBP) policies relating to such searches, discusses frequently asked questions that UC faculty may have about their rights in connection with a border search, and general information about protecting sensitive data while traveling overseas on UC business.
• Full CBP “Border Search of Electronic Devices” Directive, Jan 2018 (12 pages)
• Detailed guidance and analysis from eff.org (52 pages): Digital Privacy at the U.S. Border: Protecting the Data On Your Devices 

International Compliance and Export Control 

• UC Ethics, Compliance and Audit Services (ECAS) “International Compliance” site
  • Updated UC guidance in ECAS' April 2018 Compliance Alert newsletter ("International Compliance", pg 3)
  • Webinar: 10 Things You MUST Know before Taking Your Laptop Overseas (Brian Warshawsky. from 2013) Slides only (PDF)

UC Global Operations (UC GO)

Website: https://www.ucgo.org/

A broad range of information for UC faculty, researchers, staff, administration, students, trainees, and international students and scholars traveling internationally. Most content is not technology or privacy related. Information related to cybersecurity includes:

• Laptop and data security 
• Export controls

UC San Diego Risk Management Business Travel Accident Insurance

UC Risk Services Business Travel Information