Clean devices and selective sync

Part 14 of 18, second of three travel posts. The clean travel laptop and phone, what to put on them, what to leave at home, and how to remain effective without exposing the whole work footprint.

_Part 14 of 18 in the Digital privacy for board directors series._

The previous post set out when clean device travel makes sense — broadly, for tier-three jurisdictions, for specific operational risk, sometimes for tier-two trips with particular sensitivity. This post is about the mechanics. What goes on a clean device, what does not, how it gets prepared, and how it gets brought home without contaminating the rest of your environment.

I will write this for the typical case: a UK board director making a trip to a tier-three country for a board meeting, a client visit, or a conference. The principles scale up and down.

The clean device concept, in a paragraph

A clean device is a laptop and a phone that have been prepared specifically for the trip, contain only what the trip needs, and are decommissioned (or wiped to factory state) on return. They are not your normal devices. They do not have your normal email account as the primary account, they do not have your normal photos, they do not have a copy of your full document library. They have what the trip needs and nothing else.

The point is twofold. First, if the device is examined or compromised at the destination, the blast radius is limited to what was on it for the trip. Second, the device's compromise does not propagate back to your home environment when you return.

The clean laptop, configured

For most directors, a clean travel laptop is a chromebook or a fresh Windows / macOS install on a low-cost machine kept specifically for travel. Three options, roughly in order of cost and effectiveness.

A second-hand ChromeBook. £150–250. Boots quickly. Most documents and applications come through the web, which means the local footprint is minimal. The Google account used on the ChromeBook is a travel-specific account, not your main work or personal Google account. Set it up the week before the trip; wipe it the week after. The simplest path for most directors.

A fresh macOS or Windows install on a known good laptop. A second laptop you keep for travel, wiped and re-imaged before each trip. More effort than a ChromeBook, more configurable, more familiar. The work to set up is roughly two evenings.

**A dedicated travel kit the firm provides.** Larger organisations with mature travel security programmes maintain a stock of pre-configured travel laptops that are issued for specific trips and returned afterwards. If your firm has one of these, use it. If your firm does not and you travel frequently to tier-three destinations, suggesting the firm establishes one is reasonable.

The clean phone follows the same pattern. Either a separate phone kept for travel (a second-hand iPhone is fine), or a fresh sign-in on a known device with the home account left at home.

What goes on the device

For the trip itself, the device needs the minimum to be effective.

A travel-specific email account that forwards to your main account but does not download history. You read mail through the web client; nothing is downloaded.
The specific documents required for the trip, downloaded to local storage, in encrypted form. The specific documents, not the document library.
The travel-specific messaging accounts — a WhatsApp number registered to the travel phone, a Signal account if needed. These do not have your contact list, your message history, or your group memberships.
The minimum browser bookmarks needed for the trip's agenda.
A VPN client.
The board portal app, if needed for board papers on the trip, signed in with MFA and the offline-cache settings off.

That is the configuration. Approximately ten applications. No backlog of email, no cached personal photographs, no calendar history beyond the trip's window, no contact list beyond what is needed.

What does not go on the device

By implication, but worth stating.

Your main work email account in full-download mode.
Your normal phone's contact list.
Your normal phone's photo library.
Cached copies of your last six months of board papers.
Your password manager (use a per-trip password manager export instead, or sign in fresh).
Family photos, children's school events, anything personal that you would not want examined.
Hardware MFA keys associated with high-sensitivity accounts you will not be using on this trip (leave at home).

Selective sync, for those who do not want a separate device

A middle path for directors whose travel does not warrant a fully separate device but who still want to limit exposure on a tier-two trip. The principle is selective sync: configure your existing devices to not download or cache the most sensitive material for the duration of the trip.

In practice:

Mail. Configure the laptop and phone to fetch mail headers only, downloading message bodies on demand. Most mail clients support this.
Cloud storage. Pause OneDrive, Google Drive, Dropbox local sync before the trip. Resume on return.
Messaging. WhatsApp's Chat Lock lets you require Face ID or fingerprint for sensitive chats. Use it for the trip.
Board portal. Set the app to no offline caching for the duration.
Photos. Pause iCloud Photo sync before the trip. Family photos do not need to be on a phone in Beijing.

These are reversible, take fifteen minutes to set up, and reduce the exposure substantially for tier-two trips. They do not match the clean-device approach for tier-three trips, but they are better than nothing.

The customs question, practically

If you are stopped at customs and asked to unlock a device, you have decided your answer in advance (per the previous post). Two practical tips on the moment itself.

If you comply: the device is now considered compromised. The credentials on it must be rotated immediately on return. The device should be wiped to factory state and rebuilt before being trusted again.

If you decline: be polite, be clear, and accept that you may be denied entry. I cannot unlock this device, it contains confidential business information is a reasonable framing. Most border officers, in most countries, will then either escalate or release you. Refuse with hostility is the only version that goes badly. Refuse with politeness is the version that works.

The return procedure

The clean travel laptop and phone do not come home and rejoin the normal environment. They go into a specific post-trip workflow.

Power up the device on a guest network at home, not the main network.
Move any documents you brought back through a scanning pipeline — at minimum, an antivirus scan, ideally an air-gapped review.
Wipe the device to factory state.
For the phone: factory reset, with the travel-specific accounts deleted.
Note any anomalies — anything that behaved oddly during the trip, anything that was on the device at examination time, anything you saw that was unexpected.

The procedure takes a couple of hours. For directors who travel monthly to tier-three jurisdictions, it becomes routine.

A small note on encrypted backups

A clean device that is wiped between trips means you cannot rely on the device's local storage for trip-specific notes. Use a single, well-protected, end-to-end encrypted notebook — Standard Notes, Bear with iCloud Advanced Data Protection, or a private repository — for notes that need to persist beyond the trip. The notes go to that channel; the device returns home empty.

What this month looks like

Two pieces of work.

One: identify the next trip that warrants a clean-device approach. Acquire or prepare the clean device. The cost is £150–500 one-off plus a couple of evenings; the value persists for years.

Two: for trips that do not warrant the full clean-device approach, set up the selective sync procedure. Pause syncs, set the mail client to header-only, pause photo sync. Document the steps so they are repeatable for the next trip.

In nine weeks: the third travel post — hotels, conferences, public Wi-Fi, and the small kit that makes a difference.