International Travel and Conferences

It is each MIT community member’s obligation to take proper care in protecting MIT data (i.e. data or information a person has access to by virtue of the person’s MIT activities, including, without limitation, research data, pre-publication manuscripts, Institute financial records, employee and student records, etc.).

Protect data you are traveling with based on its risk classification. When traveling, particular care should be taken with respect to “high risk” information, which may be prohibited from being taken outside the country or downloaded from the “cloud” onto local servers outside the U.S.

In addition:

• Discuss your plans, including data protection considerations, with your supervisor and/or the MIT principal investigator for their project, who should consult with IS&T resources as necessary
• Contact MIT Export Control with questions regarding export control restrictions on MIT data
• Comply with any commitments made by MIT to third parties regarding data confidentiality and use, such as through a non-disclosure agreement with a research sponsor covering the sponsor’s proprietary information.
• Delete or remove extraneous MIT data stored in email programs if necessary for compliance. (The email program does not need to be removed from the device.)

It is also prudent to similarly protect personal data and any other data unrelated to MIT activities.

Laptops, phones and personal devices

If possible, remove all sensitive data on your device to a secure shared drive or departmental share before traveling. If you can leave your device at home, IS&T also provides secure laptops, tablets, and phones for international travel.

Devices issued by MIT are encrypted and have software installed for additional security. You can follow similar steps for personal devices:

• Encrypt your device
• Back up your device regularly using CrashPlan
• Install Crowdstrike to detect security threats
• Install Sophos to protect against viruses and other malware
• Test Duo authentication

Specialized equipment

When traveling internationally, take with you only what you need. You should not bring MIT research materials or specialized equipment (i.e., other than laptops and personal electronic devices) with you while traveling internationally unless there is no alternative available. Instead, such materials should be shipped through third-party carriers for insurance purposes and to ensure proper compliance with environment, health and safety regulations, export control clearances, and other procedures.

Preparing devices for search

U.S. government officials possess broad discretion to search electronic devices (including any content on them) and other belongings when a traveler is leaving or entering the U.S. International travel guidance prepared by MIT’s Office of the General Counsel provides an example of documentation to procure if it is necessary to travel with MIT data or materials, as well as information on interactions with immigration and law enforcement agents when entering or leaving the U.S.

Physical security

• When not using a device, fully turn it off, instead of putting it into standby mode.
• Lock devices and keep them out of sight, especially in unlocked or unattended areas.
• Be aware of your surroundings at all times. 
   

Before connecting: 

• Confirm that name of the network and exact login procedures are legitimate and that the wireless networks are encrypted (indicated by the locked padlock icon)
• Use a virtual private network (VPN), such as Global Protect, to create a "virtual fence" between your laptop and the untrusted network

While on public WiFi or public computers:

• Only connect to sites that begin with https://. Sites beginning with http:// are not encrypted and allow everyone to see what you share, including passwords.
• Avoid sharing sensitive information, making online purchases or accessing bank accounts.