TSA policy change could compound security concerns for journalists in transit

On Sunday, the U.S. Transportation Security Administration announced a new policy requiring that travelers to the United States turn on their devices at the request of airport security personnel. Devices that cannot be powered on will be barred from the aircraft, and passengers in possession of such devices may also be subjected to additional screening. While a number of commenters have lamented the policy change on the grounds that it is likely to cause confusion and otherwise inconvenience passengers, the move could also aggravate the risks journalists already face when traveling with sensitive materials such as notes, unpublished photographs, or information about sources.

Reuters reported on July 4 that the new TSA policy was prompted by fears among some U.S. government officials that Al-Qaeda-affiliated militant groups may seek to build bombs into electronic devices. The policy does not grant airport screeners the broad authority to search electronic devices frequently exercised by U.S. Customs and Border Protection, a practice under challenge by civil rights groups and that has reportedly been used against journalists. “Journalists should know that their items aren’t going to be searched” under the new policy, a Department of Homeland Security official, who declined to be identified due to the sensitivity of the issue, told CPJ. “Their items aren’t going to be taken from them.” TSA’s interest, the official said, is in whether devices turn on at all.

Because TSA does not have screening operations outside the U.S., however, enforcement of the new policy falls to a variety of public and private actors across a range of countries. As such, it is unclear how the mandate will be implemented. It is also unclear just what counts as a “device”: although smartphones and laptops are obvious examples, cameras and video equipment are also possible targets for inspection, as are hard drives, USB drives, and other storage media that lack an LCD screen or other means of showing that they are “on.”

Given this uncertainty, journalists should think about how to protect their work long before heading to the airport. CPJ’s Journalist Security Guide provides good guidance on information-security best practices. Specifically, journalists should utilize full disk encryption, enable a firmware password for any laptop, and fully shut down all devices prior to entering security to ensure that encryption keys cannot be pulled easily from RAM. Securely wiping all non-laptop mobile devices–which can easily be restored from a copy kept on an encrypted laptop once airborne, then re-wiped prior to landing–may also be prudent.

As the U.S. Supreme Court put it in a landmark case on cell phone privacy just two weeks ago, officials “may examine the phone’s physical aspects to ensure that it will not be used as a weapon, but the data on the phone can endanger no one.” While TSA seems to be taking this admonition into account, at the end of the day it is up to journalists to protect themselves–and their sources.