There are many considerations when securing technology while traveling, but when traveling abroad, faculty, staff and students need to be aware of export control regulations and computer safety. Export control regulations affect technology items (laptops, encryption items, smart phones), data or information, and traveling to sanctioned or embargoed countries. In the United States, there are laws and rights regarding privacy. Foreign countries have different laws and practices regarding technology than the U.S. and travelers should not expect the same security and privacy rights in those other countries. The best advice is to research the country you are traveling to and understand what to expect. The US government has many resources to help international travelers get prepared for their travel. Some of these resources include:
FBI Safety and Security for the Business Traveler https://www.fbi.gov/file-repository/business-travel-508.pdf/view
FBI Safety and Security for the Student Traveling Abroad https://www.fbi.gov/file-repository/student-safety-trifold.pdf/view
US Department of State International Travel Advisories https://travel.state.gov/content/travel/en/traveladvisories/traveladvisories.html/
Best Practice: If you do not need to use the device, leave it at home.
In some countries, your computing devices may be confiscated and out of your sight and control. There have been instances where software was installed or enabled on devices in foreign countries without the need of the owner's permission or knowledge. If you do not need the device, leave it at home. In some countries, encrypted devices are not allowed into the country and will be confiscated. If possible, consider purchasing a temporary cell phone or tablet in the foreign country to use while you are abroad.
Best Practice: Backup your data to leave at home.
Certain countries may inspect laptops and data upon entry, so you should not store any sensitive (work or personal) data on the device you will be taking on the trip. Backup all of your laptop files and leave the backup at home. Remove any sensitive data from the device. If you take data or files with you on your trip, be prepared that you may be compelled to share any data brought with you.
Best Practice: Know the laws of the country you will be visiting.
Certain countries may have laws regarding arriving or leaving with technology, or the use of technology while in the country. Make sure you understand the laws in the country you are visiting. Contact your export controls office or resources from the U.S. government.
Best Practice: Refrain from accessing sensitive sites on unencrypted Internet services provided.
Whether traveling abroad or in the United States, you should never access a web site or system that stores sensitive information without the use of encryption. In foreign countries, travelers should expect their Internet activity is being actively watched. If you need to access a system in the U.S. that is storing sensitive information (e.g., your institution's business systems), utilize an encrypted network such as an institution provided Virtual Private Network (VPN) if not unlawful in the foreign country and access the server via https instead of http.
Best Practice: Upon return from a foreign country, do not use the device until it is securely scanned and properly reviewed by necessary technical support personnel.
Due to the likelihood the computing device being infected with unwanted software or malware, the device should be scanned for viruses, malware, and any unexpected software before being used after returning home. In some instances (e.g., after connecting to insecure networks, after visiting certain countries deemed sensitive) it may be necessary to wipe and reinstall the operating system as a precautionary countermeasure against unseen tampering or infection. Work with technical support at your institution for explicit instructions. If a temporary device was utilized in the foreign country and brought back to the U.S., either destroy the device or have the device securely wiped before use. Do not use any USB drives given to you in a different country on your clean devices until the USB drive can be scanned for malware.
Some helpful links:
- Customs & Border Patrol – Inspection of electronic devices
- Pocket guide for travelers
- Digital Privacy at the border
UNL Guidance on International Travel
If you are traveling for the university, make sure you understand your responsibilities in knowing UNL policies regarding international travel. See the Office of Research Responsibility tips and policies at http://research.unl.edu/researchresponsibility/export-control/ to find helpful information. Also see University of Nebraska's Executive Memorandum No. 25 at the University of Nebraska policy page.
The UNL VPN is available for faculty, staff, and students to securely access UNL systems. Faculty and staff expecting to share data with foreign nationals should first contact the UNL Export Control Office.
Upon return to UNL, faculty and staff should work with their technical contact staff, or UNL Information Security staff or Help Center to ensure their technology is safe to use. The technical support personnel will scan and verify the system or device is cleaned from any malware or unwanted software. In some instances, the recommendation might be to wipe the drive. If the faculty or staff member accessed their accounts while in the foreign country, they should change their passwords to all systems accessed.