Blog › What to do when you risk being arrested

What to do when you risk being arrested

By Security in a Box
Đã đăng 2025.09.10

In some regions, prominent human rights defenders, activists, journalists and lawyers have to choose between going into exile or risking to be arrested and legally prosecuted, often in unfair conditions.

This is a situation that the Front Line Defenders Digital Protection team has been frequently observing especially in Central American countries like Guatemala, El Salvador and Mexico.

To help people at risk protect their activities, information and contact networks, we have developed a series of guidelines and recommendations that can make it harder to extract data from their personal and work devices.

If you are preparing to go into exile or to travel in riskier situations, read our guide on how to protect your information and devices while traveling.

Assess your situation

Talk to a lawyer

  • Assess your legal situation: how likely is it that you will be detained?
    • If you work with a group, the recommendations in this post are not necessary for the whole staff of your organization, but they are essentials for those most at risk.
  • Know your rights. In particular you may want to know if:
    • you can refuse to provide the passwords or codes to unlock your phone and computer;
    • the agents need a warrant from a judge to seize your devices;
    • they need a warrant that specifies which devices (brand and model) they can take;
    • you can refuse to provide the passwords to access your social media accounts and other online services;
    • you can make one or more phone calls after you have been arrested;
    • you can call a lawyer before you provide any information to the authorities.
  • Remember: if violent interrogation or torture are a possible scenario, it is better to have empty devices, so you can provide your passwords without exposing yourself or others to higher risks.

Map your data

As a first step to prepare for a possible detention, take an inventory of the most important information in your devices (phones, computers, external hard drives, USB sticks, SD cards, etc.). Include in your inventory all information you store online (on online storage platforms, mailboxes, etc.)

  • You can find recommendations on how to proceed in the Holistic Security Manual.
  • Don't forget to go through all your devices and make a digital inventory of any sensitive information: pictures, text documents, PDFs, chats, attachments, login credentials, etc.

Prepare for potential detention

When you have a clear vision of what your devices contain, you can proceed to:

  1. deleting what you don't need;
  2. backing up what you want to keep;
  3. deleting what you've backed up from your computer and phone;
  4. disconnecting your devices from online storage platforms and mailboxes where you keep sensitive information;
  5. (if possible) uninstalling any apps that you use to access online services and only accessing them through a browser.

Back up important information

  • Learn how to back up your data more securely.
  • You can choose to back up important information on an encrypted external storage device and/or on a secure online storage platform.
    • When making this choice, consider: could the authorities decide to seize your external storage devices and force you to give them the password to decrypt it, or try to crack the password? If so, consider backing up on a secure online storage platform and access this platform only through a browser so you can better hide that you have account on that platform.
  • If you keep producing content in your devices, repeat the backup process regularly and then delete all information again.

Minimize data in your devices

Try to reduce the data in your phone and computer to a bare minimum: what is not stored on your devices can not be breached by any tool or person.

Store sensitive files in a secure app

  • If you really need to keep some files in your computer, consider storing them in a secure app.
    • Consider storing sensitive information in a hidden Veracrypt volume if you're using a computer.
    • Consider using Tella if you're storing sensitive data in a phone. On Android, you can also camouflage Tella so it looks like a functional calculator.

Protect your devices against malware infections

If you think there might be an ongoing investigation on you, be sure to protect your devices against the risk of surveillance through spyware.

Prepare your phone

For all phones

  • If you can, avoid linking your phone to your personal Google or iCloud account; if you really need Google or iCloud services, create a new account.
  • Avoid biometrics to lock your phone. Instead, use at least a 6-digit PIN, or even better a password with a minimum of 8 characters.
  • Make sure automatic updates are enabled.
  • Remove all the apps that contain private or sensitive information or that connect to online services including personal, sensitive or valuable information and/or your contacts network, as most likely the authorities will be able to access them through forensics tools.
    • If you don't want or cannot delete these apps, consider hiding them.
  • Use your phone only for less sensitive purposes.
  • Read our guides on how to use Android or iOS more securely.
  • On iPhone, enable Lockdown Mode.
  • On Android, enroll in Google's Advanced Protection program.
  • If you can, buy a new or used Google Pixel (ideally an 8a or a more recent model).
  • Get a trusted technologist to remove the default operating system by installing Graphene OS.
  • Create different profiles on the phone (admin, work, bank, social media, etc.).
    • We recommend to create (at least) a second user profile on Graphene OS. Use the first profile (owner profile), the one that you created when installing the operating system, only to install apps and for administration purposes. Use the other profile(s) for communications, data storage, etc. This will ensure even better protection of your data.
  • Use the default browser and PDF reader built into Graphene OS.
    • In Graphene OS, the PDF reader and Vanadium browser are specially hardened to cover several attack vectors.

Prepare your computer

Tails is an operating system that runs on a USB stick or an SD card. Once you turn off your computer, no traces of your work stay in the hard drive or RAM. Also, Tails only connects to the internet through the Tor network, so your online traffic is also anonymized.

By using Tails, you can avoid leaving any traces of your most sensitive activities in your computer, so if your device is seized nobody will be able to find out what you had been doing with it.

If you need, you can also create a persistent storage volume inside your Tails stick and store sensitive information inside this encrypted container.

  • Read more on persistent storage.
    • Note that the persistent storage is not hidden. An attacker in possession of your USB stick can know that there is a persistent storage volume and force you or trick you to give out its passphrase. If you need to hide sensitive data, consider using a VeraCrypt hidden volume in an external storage device instead.

[Optional] Install Qubes OS to protect your data from online attacks

If you need to protect your data from online attacks, consider installing Qubes OS and configuring it based on the SecureDrop guide for journalists and human rights workers.

  • Qubes OS is an operating system developed to increase security by isolating different compartments (called qubes) inside your computer. You can assign some of these compartments to less sensitive purposes while completely isolating from the internet other qubes containing more sensitive information.
  • Qubes OS will not necessarily protect your data from someone who can use forensic tools to search your computer, but it can protect sensitive information from remote attempts at hacking into your computer.

Review your password strategy

The weakest point of any encryption, secure tool or service is the password you use to protect it with - if your passwords are not strong enough, it won't take a lot of effort to crack them and decrypt your sensitive data or access your online platforms and communication tools.

Chat more securely

Protect your connections

If you think there might be an ongoing investigation on you, be sure to protect your connections from online surveillance.

Possibly don't use apps to access online services

  • If you need to access your sensitive emails or online cloud service, use a browser to log in and then log out when you're done. Avoid using apps for your online accounts whenever possible: this will reduce the traces of your activities you leave in your devices.

Choose trusted contacts you can inform in case you are arrested

Set emergency apps to inform your trusted contacts and delete sensitive data

During the detention

  • If possible, keep all your devices off.
  • Only turn on your phone to call your trusted contacts (if you are allowed to do so). After calling them, switch off your phone again and do not unlock it.

Once you are released from detention

  • If the authorities give you back your devices, do not use them until an expert can run a forensics analysis and make sure they're clean from malware.
  • Consider that it might be impossible to confirm your devices have been infected and that you might have to replace them entirely.

Resources

Image: Blockhead, Los Angeles 2017, by Hans-Jörg Aleff, released under the Creative Commons Attribution-NonCommercial-ShareAlike 2.0 Generic license.