> He said the officer then confiscated his phone and laptop, and told him the items would be sent to a government lab which would try to crack his passwords and search his files.
Hopefully they were powered down and used proper full-disk encryption.
Honestly, that's not something you can expect from regular non-power users. Full-disk encryption isn't enabled by default on most consumer laptops, and few regular users go out of their way to set it up.
You don't need "full" disk encryption on Chromebook devices or Android phones. Both ship with file-based disk encryption for all user data, on-by-default for all recent devices.
When I travel out of the country, I reset my phone and Chromebook to their factory defaults and then provision a decoy account. Once I'm across the border, I provision my primary account.
Even if they image my devices, all they'll get is old encrypted garbage for which the key is unavailable because the key was rendered inaccessible when the device was reset to factory defaults.
They could replace part of the password-checking software with a backdoored version that would send your password off to them. Your data is protected, but the OS can still compromise it and a bad actor can replace parts of the OS (which is open source in both of your cases, making the process even easier).
It's also enabled by default on Surface Book 2 (and possibly other Surface line devices). No idea how well Bitlocker (or Windows Hello for that matter) stand up to border control.
Do you think its better to have an iPhone powered down or on?
I am wondering if it would be possible to leverage remote wipe features, but maybe the border agents power off the device or put it in a bag / container that blocks cellular signals.
Law enforcement has tools like Cellebrite and GrayKey that can unlock or extract data while the phone is powered on but locked.
Apple is making this a bit more difficult by disabling the port if the phone hasn't been unlocked for seven days or more, but if the device is powered on and law enforcement acts fast, it's vulnerable.
Remote wipe might not play very well. If it was detained in relation with a crime, they might go with 'attempting to destroy evidence'.
Look at it this way. Suppose the seizure of the phone was totally reasonable (because that is how they will think about it). Now, that suspected criminal who apparently had something to hide decided to remotely tamper with evidence after we lawfully detained it? That is subversion of justice!
The above is an argument I'd expect to hear from them.
Oh dear no. The U.S. protection against compelled self-incrimination is for testimony, not seizure of papers/effects. Spoliation of evidence is illegal, and in some cases if it's not a crime by itself, it can still even lead to doubt being resolved against you (in other words, if you destroy a key document in a legal proceedings, the court might make a legal judgment that assumes the document's contents were as bad as possible for your case, even if it actually wasn't).
Shouldn’t matter. The key thing is to have a strong password, and disable any biometric authentication beforehand. (You can do this by squeezing the side buttons for a few seconds until the “power off” screen appears. The phone will then require a password before reenabling biometric authentication.)
Good question, I forgot about that. I'd have to read through the security guide again. I wouldn't personally worry about that, as I think the system is sufficiently robust against external attacks, but obviously other people's priorities and levels of paranoia may differ.
Powering down if possible and then initiating a remote wipe for my supporting Apple devices (macbook, iphone) as soon as possible would be my very first move. It's possible they do have procedures in place to block connectivity to any wireless networks, but couldn't hurt to try.
Hopefully they were powered down and used proper full-disk encryption.