What can you take with you overseas?
Under the license exception for temporary export (TMP) you can take usual and reasonable kinds and quantities of tools of trade (commodities and software) for use your use in a lawful enterprise. The tools of trade must remain under your effective control (you must retain physical possession of the item, lock it in a hotel safe, or have it guarded). Encryption commodities and software may be pre-loaded on a laptop, handheld device or other computer or equipment.
Traveling to Sanctioned Countries
Travel to conduct research or educational activities to embargoed countries without first checking with ORSPA to secure a license from the Department of Treasury, Office of Foreign Assets Control is prohibited. A request to travel in embargoed countries is sometimes granted for educational purposes. Reference OFAC's Sanctions Program and Country Summaries for the most current list.
Travel to China
Many countries regulate the inbound use of encryption software. In China, for example, the State Cryptography Administration (SCA) serves as the national authority for regulating encryption products and has promulgated multiple rules on encryption controls. Although thousands of individuals carry laptops and smartphones with encryption in and out of China daily, it is not risk free. Under SCA policy, standard mass-market products are not subject to the encryption regulations, but the encryption regulations remain incongruent with this policy and provide the latent underpinning for broader enforcement. The policy predates the rise of smartphones and certain advancements in encryption software commonplace on laptops. If traveling to China with encryption software, one should consider checking the encryption regulations and following up with any applicable encryption license applications.
- Use a new temporary device for the trip, such as an inexpensive new laptop or a throw-away prepaid cell phone purchased just for that trip, instead.
- If you are traveling without your own laptop, you may be tempted to use a computer in a cyber cafe or hotel business center; however those systems have a very high probability of being infected with or of being routinely and actively monitored by national authorities.
- Do not use USB-based public battery charging stations; the USB interface to your device may allow the charging station to do more than just provide power.
- Any/all CDs, DVDs, thumb drives, attachments, links and "QR" cell phone bar codes must be considered to be potentially hostile and malware infected.
- If you need to send or receive email while traveling, create a temporary "throw away" account on Gmail or a similar service before you travel. Do not use your regular email account. Do not send any sensitive messages via email.
- Upon return to the U.S., immediately discontinue all use of that temporary system, and have it reviewed for indications that it may have been compromised abroad.
- Change any/all passwords you may have used abroad.
If taking your personal laptop:
- Back up your data and leave a copy of your files in a safe and secure location in the US.
- Password-protect, encrypt, or remove all student, personal, and proprietary information stored on your laptop.
- Have a computer technician physically disconnect any integrated laptop microphones.
- Turn off file-sharing and print-sharing.
- Make sure your system's patches are up to date and your firewall is turned on.
- Ensure that anti-virus, anti-spyware, and personal firewall software is installed on your laptop.
- Disable all unnecessary network protocols (such as WiFi, Bluetooth or infrared).
Remember - If you don't need it, don't take it with you!