Many people crossing the U.S. border are concerned about the amount of power that the government has asserted to search and examine travelers’ possessions, including searching through or copying contents of digital devices, like photos, emails, and browsing history. The frequency of these intrusive practices has been increasing over time.
Some travelers might choose to delete everything on a particular device or disk to ensure that border agents can’t access its contents, no matter what. Our 2017 guide for travelers addressed this option, but did not give detailed advice on how to do it, because we think most travelers won’t consider it their best option. Before embarking on wiping your computers, please read our guide to understand your legal rights at the U.S. border.
We don’t recommend disk wiping as a border crossing security measure for most travelers. It’s a less common data protection technique than the other ones highlighted in our guide, which include encryption and minimizing data that you carry. Wiping your computer will make it unusable to you. Also, it may draw the attention of border agents, since it is unusual for travelers to carry blank devices with them. This may be of particular concern to travelers who are not U.S. citizens, who may receive more scrutiny from border agents. Again, you should consider your risks and security needs carefully before deciding how best to secure your data for border crossings as everyone’s individual risk factors and data security needs are different.
Now that you’ve been sufficiently cautioned, let’s look closely at wiping your computers.
Why might you want to want to wipe a disk instead of just deleting individual files, messages, and so on? The main reason is what can happen if a device is seized. Forensic inspection of a seized device with special software tools can recover significant amounts of deleted information and references to individual files and software that have previously been removed. Wiping your disk entirely is a valuable means of protecting data against such a forensic examination, and also not having to make individual decisions about whether to erase particular things.
It’s also important if you want to make sure photos or videos are truly deleted from a camera or phone’s SD card, since these devices rarely delete media securely.
A laptop can wipe its own hard drive, or removable storage media like USB drives or SD cards, by overwriting the contents. One method of doing this is formatting the storage medium, but note that this term is applied to two very different processes. Only full formatting with overwriting (also called “secure formatting”) actually erases the hard drive by overwriting data. “Quick format” does not do so, and is thus less secure. Formatting tools let you choose between a quick format and a secure overwriting format. For data destruction, always choose a secure overwriting format.1
You should already have built-in tools that can perform a full overwriting format or wipe a hard drive, or you may download third-party tools to do this. Below are some steps you can take with major computer operating systems to wipe your devices or removable media. Keep in mind that after wiping a hard drive, you may need to reinstall the operating system before you can use the device again.
One consideration when wiping computer media is the limited ability to delete data on solid-state drives (SSDs) ubiquitous in modern computers, including flash-based removable media as well as internal SSD hard drives. Because of a technology called wear leveling, overwriting may not reliably delete these kinds of storage media in full. This technology tries to spread out where things are stored to prevent any one part of the storage medium from being used more than another part. Researchers have shown that overwriting a single file on an SSD often doesn’t destroy that file’s contents; even after the entire device has been overwritten, wear leveling may leave a small random portion of the data on these media in a recoverable form. There are software vendors that promise to securely delete SSDs, but it is still not clear to us whether this can be done reliably to make the information completely unrecoverable. Encrypting your SSD may be the best way to prevent access to the information on the drive, though of course you have to do that ahead of crossing the border.
The built-in Disk Management tool can format removable media (be sure to uncheck the “Perform a quick format” option). It will not format the built-in hard drive if the computer was started from it. Formatting the built-in hard drive requires starting the computer from a bootable CD or USB drive, such as DBAN, described briefly below.
The built-in Disk Utility tool can format external storage media (be sure to click “Security options” and select “Most secure”) and the built-in hard drive. Like its Windows equivalent, it will not format the built-in hard drive if the computer was started from it. To erase the built-in hard drive, access recovery utilities, which includes the Disk Utility, by pressing ⌘R while the system is starting up. Unlike opening Disk Utility on an already-running computer, this approach will permit erasing the built-in hard drive.
Most Linux distributions have a built-in disk utility that can format either removable media or the built-in hard drive. For GNOME environments, open GNOME disk utility (or “Disks”), select a particular partition, then click the gear icon and then “Format partition…” Remember to select “Overwrite existing data with zeroes.” Note that formatting a hard drive partition that’s used to boot your operating system will make your computer unbootable until an operating system is reinstalled.
To restore your ChromeOS machine to its factory state, you can make use of the “Powerwash” feature. Powerwash deletes all the locally stored user data on the device, but not things that have been backed up to Google’s cloud.
A More Complex Method
If you want to completely erase the contents of your built-in hard drive by overwriting, the most reliable option may be to download a bootable data erasure tool like DBAN. The DBAN image file needs to be downloaded and written onto a USB drive or CD-ROM; then the computer is booted from the medium containing DBAN, which gives an option to overwrite the hard drives. DBAN works independently of the operating system installed on the device, but you should exercise caution as using DBAN correctly requires following directions precisely.
Want to learn more about how to protect your digital data when you cross the U.S. border? See EFF’s full guide. You can also download and print our pocket guide for defending privacy at the U.S. border and our one-page overview of the law at the border.
It’s sad that travelers have to worry about elaborate defensive measures to prevent border agents from snooping through their devices for no particular reason at all. Concerned about border agents running roughshod over our rights? There’s a bill in Congress that aims to fix this. Tell your elected representatives to rein in CBP.
- 1. Some tools and sources refer to this distinction as “high-level formatting” (less secure) and “low-level formatting” (more secure). We’ve updated this post not to use these terms because a reader correctly pointed out that they also have an older technical meaning which is different. However, if a modern tool offers this choice, it is likely using “low-level formatting” to refer to the more secure option.