Obviously border control would quickly know about this, but there's no way to verify.
The company policy for travel outside the EU was simple... Your own laptop would go into a server room and become a remote desktop host, you'd be given a blank laptop. When you got to your destination safely you'd call up IT who'd tell you where to download the VPN software and provide you login details. If asked why you laptop was blank by border agents you were instructed to give them a copy of the company IT policy.
Which is all well and good border agents demand you go through the above process and log in to the VPN and then remote in to your own laptop. It happened on multiple occasions in several countries and in most cases the employee was deported after refusing to comply.
I think the expensive legal brains the company employs decided it is better to simply admit that they do it this way to stop border inspections. Better a deportation of a single employee rather than risk compromising their IT systems and data.
empty laptop or no, that brings up a general issue - border agent asks you to VPN into your corp network and to give them access into it (which beside a slew of corporate policies may also violate a bunch of laws like GDPR, HIPAA, SOX, EPA Clean Water and PCI compliance, etc - IANAL, so who knows what laws can be violated, all those corporate compliance and business conducts emails are so scary). Me being a little guy doing as i told/ordered to by the ones with authority, I'd just call corp IT security, some bozo high up the chain, and let them do their job - sort it out and make the decision. Sucks though for small companies without that fat and important corp IT security and all those C[compliance|information|customer privacy|security|sustainability|etc.]Os around.
The Irish branch has to comply with EU and Irish law. Think GDPR and various other laws relating to keeping financial data secure. Plus they would also have very strict contracts with their bigger clients guaranteeing the security and privacy of their super sensitive commercial data.
You would be unwise to assume that the data retrieved through a customs search of your laptop or phone wouldn't end up in your rivals possession.
This is the EFF's statement regarding wiped devides:
We don’t recommend disk wiping as a border crossing security measure for most travelers. It’s a less common data protection technique than the other ones highlighted in our guide, which include encryption and minimizing data that you carry. Wiping your computer will make it unusable to you. Also, it may draw the attention of border agents, since it is unusual for travelers to carry blank devices with them. This may be of particular concern to travelers who are not U.S. citizens, who may receive more scrutiny from border agents. Again, you should consider your risks and security needs carefully before deciding how best to secure your data for border crossings as everyone’s individual risk factors and data security needs are different.
You could probably stick a few innocuous photos and messages on it and claim you'd just upgraded or something.
Obscuring in this manner likely counts as lying to a federal officer, particularly if they catch on and ask if this is your main profile.
The only thing they can do is use fear to get you to comply, or make you doubt your deniable encryption scheme is truly secure.
If they really wanted to could they find out? Perhaps. Maybe if they use CCTV footage and extract your phones screen and do comparisons or something. If you are an individual though who has done something to warrant that level of scrutiny, perhaps the additional crime of lying to a Fed isn’t a big deal compared to whatever crime you have done.
It doesn't have to be scalable; border control already isn't scalable and relies on uniformed officers making decisions on the spot. It's not hard to add additional point in training that says, "if a person has suspiciously empty phone and the phone is a model X, ask them to unlock the second account; if they refuse or pretend they don't have one, apply 3-30 hours of pressure". This would probably cover 99% of cases.
No you don't. Not at the border.
Except those searches can be done at the behest of other law enforcement agencies and any information found can be shared with them.
I recommend reading through this document assembled by the EFF about various kinds of border searches and the constitutionality thereof.
Here's what the EFF does say about the CPB doing exactly what I described.
> The evidence includes ICE and CBP policies and practices that authorize border officers to conduct warrantless and suspicionless device searches for purposes beyond the enforcement of immigration and customs laws. Officials can search devices for general law enforcement purposes, such as enforcing bankruptcy, environmental, and consumer protection laws, and for intelligence gathering or to advance pre-existing investigations. Officers also consider requests from other government agencies to search devices. In addition, the agencies assert the authority to search electronic devices when the subject of interest is someone other than the traveler—such as when the traveler is a journalist or scholar with foreign sources who are of interest to the U.S. government, or even when the traveler is the business partner of someone under investigation. Both agencies further allow officers to retain information from travelers’ electronic devices and share it with other government entities, including state, local, and foreign law enforcement agencies.
1) Backup phone then reset to factory before flying
2) Restore once through customs.
Serious question tho, can Authy be used on any website that supports Google Authenticator?
It would be exceptionally hard to make it look like the phone is being used with the 2nd account. For one thing, having current email would be pretty mandatory to pass a sniff test.