Ever since I took my first international trip when I was a teenager, my parents have packed photocopies of their passports in our luggage. In my adulthood, I’ve taken to doing the same thing.
Over the last couple trips, though, I’ve noticed that I’ve stopped doing it as much. What’s the worst that’s going to happen? I can always pull up the necessary information on my cell phone, goes my reasoning.
As someone who is a naturalized US citizen (my parents passed the test when I was young), I’ve never given much thought about documentation outside of making sure to bring my passport when I travel abroad.
But having your passport with you has always been an extra-stressful moment. There is already anxiety when you cross borders, even as a US citizen: Will you be pulled aside? Will you have your face scanned?
Will you get your device searched? There are now, unsurprisingly, whole essays about how to make sure your device, your digital life, is secure at border crossings.
And now there is the additional component of digital anxiety that immigrants in the United States today in particular are exposed to, a fact that I was clued into with this tweet:
Only a few days later, I saw this one:
Then, of course, there was the incident of the NASA employee detained at customs shortly after the enactment (and subsequent withdrawal) of the travel ban:
Bikkannavar says he was detained by US Customs and Border Patrol and pressured to give the CBP agents his phone and access PIN. Since the phone was issued by NASA, it may have contained sensitive material that wasn’t supposed to be shared. Bikkannavar’s phone was returned to him after it was searched by CBP, but he doesn’t know exactly what information officials might have taken from the device.
The JPL scientist returned to the US four days after the signing of a sweeping and controversial executive order on travel into the country. The travel ban caused chaos at airports across the United States, as people with visas and green cards found themselves detained, or facing deportation.
As a result, many people who think they might have problems at the border are organizing their entire life’s worth of documentation in Dropbox.
Immigrants and government employees aren’t the only ones facing this issue; travelers in general are also adopting the methodology (including...professional wrestlers? Anyone at Normocre Wrestling Tech newsletter want to investigate?)
Many “normal” travelers are being urged to do so by companies that are in the travel industry:
And, even outside the travel industry, for emergency/disaster storage:
What’s more, Dropbox isn’t the only cloud storage provider profiting from this. Microsoft is also getting in on the action, by suggesting you keep all your documents in their newly-launched Personal Vault on OneDrive (h/t Jowanza) .
What does it mean for us to keep our lives on Dropbox, or on OneDrive? How do we know they’re going to be secure?
Well, Dropbox reassuringly tells us so with a Security Site. (Side note: If you ever need to convey anything serious in a casual way, blue and white and gray are the way to go - serious, but mellow at the same time. We got this, Dropbox’s security site says, complete with very professional drawings of locked folders.)
They showcase their security architecture in broad terms, just enough to make the average layperson believe They Got This.
There are a couple of interesting things about Dropbox, though.
First, they’ve recently migrated from the AWS cloud back to an on-prem environment (aka they are themselves hosting and running the servers). In some cases, this can be a disaster move. It remains to be seen whether this is the case for Dropbox. Because Dropbox employs so many high-caliber technical experts (including Guido Van Rossum, who created Python), it potentially gives them better fine-grained control over privacy:
Further, I think it becomes clear to certain companies — especially companies storing sensitive or important user data — that blaming their cloud provider for breaches or downtime isn’t going to fly for too long. Debating whether Dropbox can do a better job of these things than AWS or Google can almost misses the point (although it probably has the engineering resources to do a damn fine job). Dropbox needs to be able to act on any issues as quickly as possible without waiting on somebody else (which requires controlling and understanding the infrastructure) and its users need to know the company is willing and able to do so.
However, the downside is that letting someone else handle server security is almost always a better proposition, particularly given Dropbox’s history of password leakage issues. One could argue that all of that stuff happened in the past. But, what’s to say it won’t again?
Second, they’ve made some interesting choices for their board, most notably Condoleezza Rice, who served as Secretary of State during the Bush administration. There was an enormous uproar from users when they found out about the appointment, resulting in the #DropDropbox campaign. Dropbox never backed down and only issued a mumbly statement about how transparency would continue even as she was on the board. (By the way, I can no longer find this statement on their blog.)
Even regardless of her actual political affiliation, the fact that she has government connections can be seen as begging a very important question: what does Dropbox need with government connections? Presumably government contracts. What does it mean for an American organization that stores all your most sensitive information, particularly for citizens of countries that are not the United States that use Dropbox, to have government contracts? I’ll leave that as an exercise for actual journalists to look into.
Third, and most important for anyone relying on the security of Dropbox when they’re standing in front of a customs agent, the company’s stock is going down. Way down. All the important financial leading indicators are negative, and Microsoft’s introduction of Vault doesn’t bode well for the ailing tech darling.
Just as tellingly, Dropbox recently went through a redesign.
My Normcore opinion is that anytime a company decides to do a redesign, it’s out of ideas and in trouble.
Dropbox did a (horrifyingly questionable) redesign in 2017. The clock is ticking.
So, what to do, for the hundreds of thousands of people storing their most important life documents in Dropbox? Follow the rule of old-school operational redundancy: store them in three places. Back them up in a second cloud service (S3? Microsoft’s Vault?) and be ready to have them gone at a moment’s notice, so that you have peace of mind when traveling.
For me personally, I’m going to dust off the photocopies again. It seems safer that way.
What I’m reading lately
This article about raising modern kids on tech (from VC Fred Wilson’s wife) is spot on.
This seems crazy to me, but as long as it gets the kids reading, I guess?
How to have a day job and a newsletter, I mean night job
About the Author and Newsletter
I’m a data scientist in Philadelphia. This newsletter is about tech topics I don’t see covered in the media. Most of my free time is spent kid-wrangling, reading, and writing bad tweets. I also have longer opinions on things. Find out more here or follow me on Twitter.
If you like this newsletter, support it and get friends to subscribe!