Security Experts:

Connect with us

Hi, what are you looking for?


Endpoint Security

Endpoint Security Evolving Against Airport Searches, GDPR

Travel pressure around privacy and compliance is forcing mobile endpoint software to evolve. Media coverage of recent airport phone searches has privacy enthusiasts worried, and Europe’s General Data Protection Regulation (GDPR) has IT security and compliance teams thinking about data-loss policies.

Travel pressure around privacy and compliance is forcing mobile endpoint software to evolve. Media coverage of recent airport phone searches has privacy enthusiasts worried, and Europe’s General Data Protection Regulation (GDPR) has IT security and compliance teams thinking about data-loss policies. The good news is that endpoint software, specifically for mobile devices like laptops, tablets, and smartphones, is improving in these areas.

Travel Privacy 

Chandler Frobin, a tech-solution architect, has an iPhone X but doesn’t enable its nifty face ID because he doesn’t want it used against him when landing in a country that might demand to examine his phone and paw through his luggage.

“And if they ask me for my passcode, I’ll tell them I can’t remember,” Chandler told me over a vanilla porter. “I’d like to see them compel me.” 

Chandler’s fear of nonconsensual search isn’t entirely unfounded; just six months ago, a Southern California traveler was detained and had his phone searched after landing at LAX on his way to the Middle East. He is currently suing the federal government, alleging violations of the first, fourth, and fifth amendments related to when he felt forced to unlock his phone.

Chandler Frobin Suit Against Federal Government

The U.S. Customs and Border Patrol—which recently made the news after a hack exposed license plates and traveler data—keeps statistics on electronic-device searches. In 2017, they searched 0.008% (one in every 12,500) of the electronic devices associated with nearly 200 million travelers. That’s not a lot, but it’s not nothing, either.

It’s not just Chandler who’s concerned; IT departments for both the federal space and the private sector are wondering if there’s a technological solution to the endpoint search problem.

Compliance Pressure

Another externality putting pressure on endpoints is the regulatory burden imposed by data security and privacy requirements like General Data Protection Regulations (GDPR). For endpoints such as phones, laptops, and tablets, the concern is the GDRP’s cross-border data-transfer requirements. How is an IT team supposed to comply with the requirements when everyone has their own endpoints and is always jetting around on Ryanair’s £6 fares?

Imagine this problem: your sales engineer has a gig of customer data on his phone via a Slack message, and a storm reroutes his dinky Embraer to Tripoli, of all places. The local officials demand his phone and slurp up his data, which later escapes to the Internet. Who’s at fault for your customer’s data loss in this situation? You can hear Chandler cackling right now, can’t you?

Architects and IT security teams are looking for technology evolutions to help them manage real problems in endpoint storage and messaging. 

Endpoint Privacy Evolving for Corporate, but Not for Citizens

The good news is that endpoint technology is moving in the right direction with both app improvements and new Unified Endpoint Management (UEM) solutions. Leading UEM solutions offer contextual access and risk-based authentication methods that include criteria for both time and location. In a late 2018 survey Forrester, 63% of respondents said they like how Microsoft is simplifying endpoint management with Windows 10, which may give the Redmond giant the edge in the end.

At least one startup, Hotshot, is betting big on contextual data protection. Their mobile messaging encryption client (Android, iOS) enforces location- and time-based restriction policies so users can access data only when and where they are authorized to do so. Hotshot enforces the restrictions by putting controls around the customer’s end-to-end encryption keys. Data owners can set specific policies to allow data access only from approved locations—whether a specific address, like a business office, or from an entire country or group of countries like the EU. Data owners can also set time restrictions to only allow access to work-related communications during business hours.

“One of the challenging aspects of GDPR is that its cross-border data restrictions run counter to a primary tenet of zero-trust security—allowing for secure access regardless of location,” explained Hotshot CEO Aaron Turner, when asked about the inspiration for his encryption app. As for what happens if an official shows up at Hotshot with a subpoena, Turner said that, like WhatsApp and other peer-encryption messaging clients, “We as a platform operator cannot see the details since we don’t have the keys.” 

So, when the hapless sales engineer unexpectedly lands in Tripoli, he cannot access encrypted customer data, much less be coerced into giving it up to local authorities. 

Traveling in the Right Direction

UEM and endpoint apps like Hotshot help IT teams meet their compliance requirements for GDPR, reduce data leakage, and enable clawback of data when users leave the organization, or no longer have the need for access to it (think controlled chat and collaboration with contractors or third-party project team members). IT buyers should be evaluating these software solutions as part of their data security management strategy.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

CISO Strategy

Varied viewpoints as related security concepts take on similar traits create substantial confusion among security teams trying to evaluate and purchase security technologies.


The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...


Many in the United States see TikTok, the highly popular video-sharing app owned by Beijing-based ByteDance, as a threat to national security.The following is...

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...