Traveling internationally, especially to elevated-risk countries, can raise issues related to the protection of electronic devices and data, as well as export control, customs, and visa considerations.
Report travel accommodations or travel expense reimbursements
Financial conflict of interest (fCOI) reporting is required if you apply for external funding through MIT, and certain federal funding agencies require disclosure of travel support. Sponsored travel expenses must be reported by investigators funded by agencies under the U.S. Public Health Service (PHS), including NIH, FDA, CDC and AHRQ.
Federal progress report requirements may require disclosure of international travel related to your project whether reimbursed or not. Review the applicable funding opportunity instructions and agency-specific guidance to determine if your travel expenses or international travel itself must be reported.
If you have specific questions regarding federal funding agency disclosures, please contact Research Compliance to discuss your individual situation.
Protect data and devices while traveling
Follow this guidance to ensure that your data and devices are safe. For guidance on your particular situation, contact Research Security at researchcybersecurity@mit.edu.
-
It is each MIT community member’s obligation to take proper care in protecting MIT data (i.e. data or information a person has access to by virtue of the person’s MIT activities, including, without limitation, research data, pre-publication manuscripts, Institute financial records, employee and student records, etc.).
Protect data you are traveling with based on its risk classification. When traveling, particular care should be taken with respect to “high risk” information, which may be prohibited from being taken outside the country or downloaded from the “cloud” onto local servers outside the U.S.
In addition:
- Discuss your plans, including data protection considerations, with your supervisor and/or the MIT principal investigator for their project, who should consult with IS&T resources as necessary
- Contact MIT Export Control with questions regarding export control restrictions on MIT data
- Comply with any commitments made by MIT to third parties regarding data confidentiality and use, such as through a non-disclosure agreement with a research sponsor covering the sponsor’s proprietary information.
- Delete or remove extraneous MIT data stored in email programs if necessary for compliance. (The email program does not need to be removed from the device.)
It is also prudent to similarly protect personal data and any other data unrelated to MIT activities.
-
Laptops, phones and personal devices
If possible, remove all sensitive data on your device to a secure shared drive or departmental share before traveling. If you can leave your device at home, IS&T also provides secure laptops, tablets, and phones for international travel.
Devices issued by MIT are encrypted and have software installed for additional security. You can follow similar steps for personal devices:
- Encrypt your device
- Back up your device regularly using CrashPlan
- Install Crowdstrike to detect security threats
- Install Sophos to protect against viruses and other malware
- Test Duo authentication
Specialized equipment
When traveling internationally, take with you only what you need. You should not bring MIT research materials or specialized equipment (i.e., other than laptops and personal electronic devices) with you while traveling internationally unless there is no alternative available. Instead, such materials should be shipped through third-party carriers for insurance purposes and to ensure proper compliance with environment, health and safety regulations, export control clearances, and other procedures.
Preparing devices for search
U.S. government officials possess broad discretion to search electronic devices (including any content on them) and other belongings when a traveler is leaving or entering the U.S. International travel guidance prepared by MIT’s Office of the General Counsel provides an example of documentation to procure if it is necessary to travel with MIT data or materials, as well as information on interactions with immigration and law enforcement agents when entering or leaving the U.S.
Physical security
- When not using a device, fully turn it off, instead of putting it into standby mode.
- Lock devices and keep them out of sight, especially in unlocked or unattended areas.
- Be aware of your surroundings at all times.
-
Before connecting:
- Confirm that name of the network and exact login procedures are legitimate and that the wireless networks are encrypted (indicated by the locked padlock icon)
- Use a virtual private network (VPN), such as Global Protect, to create a "virtual fence" between your laptop and the untrusted network
While on public WiFi or public computers:
- Only connect to sites that begin with https://. Sites beginning with http:// are not encrypted and allow everyone to see what you share, including passwords.
- Avoid sharing sensitive information, making online purchases or accessing bank accounts.
Travel security checklists
- Travel and Technology (IS&T)
- Travel Abroad Checklist (Global Support Resources)
International Conferences
MIT Export Control provides guidance on attending international conferences. Contact MIT Export Control with additional questions.
If hosting a web conference or webinar that is open to the international community, follow MIT Export Control guidance on conference presentations abroad. Contact MIT Export Control if you have questions, or if you may have attendees or participants from comprehensively sanctioned countries.
Disclose any compensation for conference presentations in accordance with outside professional activity (OPA), financial conflicts of interest, and federal reporting requirements.
Assess and mitigate risk
Review Assessing and Mitigating Risk to understand whether your travel poses risks to you or your research program.