If a government has you in the nebulous situation where you technically aren’t in the country yet and they want your phone, it doesn’t really matter what security system you have on there. You either give them access or go to a black site.
That’s why every company of “moderate” size ends up adopting a policy of “DEVICE for foreign travel”. You don’t take your actual work laptop/phone/whatever. You take a burner (except they hate the term “burner”) that can remote in but stores little to no data locally. And you realize that any good remote access software has logic to detect if you are accessing it from a security checkpoint and flag you…
So what does that mean for you, an individual?
A super locked down device is just gonna get your ass beat… if you are lucky.
A completely clean factory wiped device? That is going to raise a bunch of red flags (kind of rightfully) and more or less equate to the above
Like almost all things privacy/security related: Nothing is easy if you actually need it. A good friend of mine is a journalist and they semi-regularly do the kinds of stories that get a person “investigated”. And the reality is that there is nothing they can do, in software, to protect themselves. So what they instead do is have completely separate devices that are never in the same physical location. So, unless they are communicating with a sensitive contact, they always have a device that “looks real” because… it is. Texts from the partner about a dinner party next week, spam from facebook, etc.
And if they need to access something sensitive while on foreign travel or otherwise unable to get back to their “private” devices? Either buy a cheap laptop at a best buy equivalent or use one of their burner emails/accounts.
If a government has you in the nebulous situation where you technically aren’t in the country yet and they want your phone, it doesn’t really matter what security system you have on there. You either give them access or go to a black site.
That’s why every company of “moderate” size ends up adopting a policy of “DEVICE for foreign travel”. You don’t take your actual work laptop/phone/whatever. You take a burner (except they hate the term “burner”) that can remote in but stores little to no data locally. And you realize that any good remote access software has logic to detect if you are accessing it from a security checkpoint and flag you…
So what does that mean for you, an individual?
Like almost all things privacy/security related: Nothing is easy if you actually need it. A good friend of mine is a journalist and they semi-regularly do the kinds of stories that get a person “investigated”. And the reality is that there is nothing they can do, in software, to protect themselves. So what they instead do is have completely separate devices that are never in the same physical location. So, unless they are communicating with a sensitive contact, they always have a device that “looks real” because… it is. Texts from the partner about a dinner party next week, spam from facebook, etc.
And if they need to access something sensitive while on foreign travel or otherwise unable to get back to their “private” devices? Either buy a cheap laptop at a best buy equivalent or use one of their burner emails/accounts.