This happened to me in 2016 crossing into Canada. Borders agents took my phone for no reason, demand I give them the password to unlock it (otherwise they would seize the phone), took it in the back for 45 min before returning it and letting me enter. I think it’s obvious they took all my data.
So now when I travel I just bring my “travel” phone with no sensitive data on it.
> I give them the password to unlock it (otherwise they would seize the phone)
IIRC, I've read they can only hold your phone for 30 days or something like that, then they have to return it to you. They can delay an American citizen, but they can't deny entry.
Ever since then, I travel with a travel phone, make sure my photos are backed up when I cross a border, and shut it down before I go through border control. If they demand a password, I'll put up a little fuss and then let them take it.
I had this basic thing happen in 2014 -- I refused to give access. I was detained for a while, part of it in a cell, and Canada did explicitly deny me entry. They never gave back my phone or laptop, though I didn't fight too hard for the hardware.
I like to share an anecdote that at a professional conference, some agents from the ATF came to give a presentation regarding updated regulations and found that their laptop couldn't connect to the projector.
No biggie, I had just finished my presentation and offered to let them use my laptop. The moment they plugged in the thumb drive with their presentation, my virus scanner went apeshit about something on that drive.
I kept that laptop disconnected for the rest of that trip, and nuked it once I was back home.
They took my laptop in the back for just 30 minutes or so, after which I refused to accept it back from them or even touch it, which took another 2 hours or so. Eventually they agreed to dispose of it themselves.
What harm would happen if you touched it long enough to put it in a trash can? You were concerned they may have poisoned it or something? I completely understand not wanting to operate it since they could have backdoored it or put tracking devices in it, etc.
Another reason right to repair is so damn important. If all of a device's memory were thoroughly documented, then this type of attack would require hardware modification, making it more expensive and easier to detect. And if hardware revisions were documented, the community could do things like document visual changes to circuit boards for automated visual comparison. Whereas with the current state of hostile code like ME/PSP, I can imagine a (larger) backdoor being created merely as a side effect of a "search".
Buy a 2nd-hand $40 scrap phone, erase it, save a few panorama pictures and a couple of selfies on it and put your SIM card in it every time you are about to cross a border. Then put the card back in your regular phone after that.
It is less "sim card is tied to this phone and can't be moved" and more "sim card exists logically and doesn't require a physical presence in the phone it wants to be used in"
Which really sucks for travellers. High roaming costs? Just go to a gasstation and buy a travel sim card, put it inside, use it, put it in the walled when you leave, and if you still have any data left, use it the next time you come there.
Just go to a carrier website, buy an esim, download to the phone, use it, switch it off when you leave, use it next time you come there.
It is literally the same except you don't even need to go to a gas station. My Pixel can hold as many esims as I want standing by until they are needed to be used.
If any company you depend on uses your phone number for 2FA, then SIMless is useful. A SIM can be removed and put into another phone to receive authentication txts.
Mostly relevant if your phone is lost or stolen, or perhaps even if criminals are directly threatening you. For example, I worry about bank accounts when I travel to some countries because criminals would be highly motivated to steal from me - the only thing protecting me is their ignorance. In some countries a few thousand dollars is a lot of motivation. Unfortunately my primary bank does not provide secure 2FA but only provides phone auth, and I am locked into my bank because of my mortgage (I have a mortgage, and conditions have changed which prevent me from getting a different mortgage from another bank). I could cancel revolving credit (the main financial risk) but that has other opportunity costs for me.
Also SIMless helps prevent unwanted telephone charges - important if roaming in other countries on account. Phone companies do not make it easy to limit your liability, so if you are unlucky you could end up owing many thousands.
This is why you should enable the PIN code feature for your SIM. It will be disabled after a few incorrect attempts. It protects you from the scenarios you describe.
One approach would be to upload everything, wipe the phone, then log back in but not connect to iCloud (or Google).
Once you've cleared the border, go to a coffee shop and download over their WiFi. Or not, if you're on a unlimited data plan.
That has the advantage of requiring only one phone but would definitely look like you were hiding something. So your approach of a travel phone is better.
Unless they have some reason to fear you, they'll just take it if they feel like it. Worse, if you're not Canadian they might send you back where you came from. And when they do it, they won't even tell you their names. What are you gonna do about it?
So now when I travel I just bring my “travel” phone with no sensitive data on it.