Can Border Agents Search Your Electronic Devices? It’s Complicated.

This post was updated on July 19, 2017. 

We’ve been getting a lot of questions about when border agents can legally conduct searches of travelers’ electronic devices at international airports and other ports of entry. Unfortunately, the answer isn’t simple.

Read this post in Spanish or in Arabic.

The government has long claimed that Fourth Amendment protections prohibiting warrantless searches don’t apply at the border. The ACLU takes issue with this position generally, especially when it comes to electronic devices like smartphones and laptops. Our smartphones store detailed accounts of our conversations, professional lives, whereabouts, and web-browsing habits. They paint a far more detailed picture of our private lives than, say, a piece of luggage.

The Supreme Court recognized this reality when it ruled in 2014 that the Constitution requires the police to obtain a warrant to search the smartphone of someone under arrest. As the ACLU has argued in various court filings, there’s no reason the Constitution’s safeguards against unwarranted searches shouldn’t also apply when we travel internationally given the ubiquity of these devices, and their ever-growing capacity to track the minutiae of our private lives.

Unfortunately, the government doesn’t agree, and the law on the matter is far from settled. Because of the high-stakes implications of these kinds of searches, and amidst evidence suggesting they’re on the rise, it’s important to understand the landscape so that you can make decisions that are right for you ahead of your travels.

This resource offers a basic snapshot of possible scenarios relating specifically to electronic device searches. For a fuller picture of the many other civil liberties issues that often arise at the border, click here. And if you think your constitutional rights have been violated, tell us what happened by filling out this form

What happens if border agents demand I turn over my device?

The government claims the authority to search all electronic devices at the border, no matter your legal status in the country or whether they have any reason to suspect that you’ve committed a crime. You can state that you don’t consent to such a search, but unfortunately this likely won’t prevent CBP from taking your phone.

If you’ve given Customs and Border Protection agents the password to your device (or if you don’t have one), they might conduct what’s often called a “cursory search” on the spot. They might also download the full contents of your device and save a copy of your data. According to CBP policy from 2009, they are not required to return your device before you leave the airport or other port of entry, and they might choose to send it off for a more thorough “forensic” search. Barring “extenuating circumstances,” they claim the authority to hold onto your device for five days — though “extenuating circumstances” is an undefined term in this context, and this period can be extended by seven-day increments. We’ve received reports of phones being held for weeks or even months.

As a result of this policy, even the most universally recognized private information — like communications with your lawyers — are insufficiently protected at the border. If you possess information that is protected by attorney-client privilege, you should tell the CBP agent you’re interacting with. Unfortunately, all he or she will need to do under agency policy is “seek advice” from a superior prior to the search.

Journalists carrying sensitive information about their work or sources are also insufficiently protected. The CBP directive states that “work related information carried by journalists shall be handled in accordance with any applicable federal law and CBP policy” — but it’s unclear what this means. Journalists who feel their rights have been violated at the border should let us know, and those who have upcoming travel should consult with their organizations’ general counsel offices or press associations.

If you leave the airport or other border checkpoint without your device, make sure you get a receipt, which should include information about your device and contact information allowing you to follow up. If, after the forensic search is conducted, there is no probable cause to believe the device contains evidence of a crime, the government says it will destroy any information it copied within 21 days. Yet there’s a caveat here, too. CBP might retain the notes it took during the search of your device or any questioning while you were at the border.

Do I have to enter a password to unlock my device?

Your legal status in the country may inform what you decide to do if you’re asked for a password to unlock your device.

If you’re a citizen, you can’t be denied entry into the country if you refuse to comply with a request to unlock your device or to provide a password. But you might be detained for longer or have your device seized and not returned to you for weeks or months. The same should be true for those who have previously been admitted to the United States as lawful permanent residents and have maintained their status — their green cards can’t be revoked without a hearing before an immigration judge. If you are not a citizen and are concerned about having your devices searched, you should consult with an immigration lawyer about your particular circumstances before traveling.

Visa holders and tourists from visa waiver countries, however, run the risk of being denied entry if they refuse to provide a password, and they should consider that risk before deciding how to proceed. The Department of Homeland Security is presently considering instituting a policy requiring visitors from certain countries to provide social media passwords in order to secure a visa to travel to the U.S. (The ACLU opposes the proposal.)

Whether you’re a citizen or not, though, we always recommend that you enter the password yourself rather than divulging it to a CBP agent. They still might demand that you share it, but it’s a precaution worth trying to take. If you do hand over your password, it’s likely to end up in a government database, so change it as soon as you have the chance and make sure you no longer use that password for any other account.

What can I do to prepare?

Here are a few precautions you can take in preparation for your trip to ensure things go as smoothly as possible:

  • Travel with as little data and as few devices as possible. The less you’re carrying, the less there is to search. Consider using a travel-only smartphone or laptop that doesn’t contain private or sensitive information. You could also ship your devices to yourself in advance. (Be aware that CBP claims the authority to search international packages so it is best to encrypt any devices that you ship.) Keep in mind that a forensic search of your device will unearth deleted items, metadata, and other files.
     
  • Encrypt devices with strong and unique passwords and shut them down when crossing the border. A good resource on how to do so can be found here.
     
  • Store sensitive data in a secure cloud-storage account. Disable any apps that connect to cloud-based accounts where you store sensitive communications or files, and don’t keep a copy of cloud-stored data in your physical possession. In July 2017, Customs and Border Protection publicly stated it is against policy for border agents to search cloud-stored data on electronic devices. This means that any search of an electronic device at the border should not extend to data that is only accessible via the internet — such as email or social media messages and posts that are stored on remote servers.
     
  • Upload sensitive photos on your camera to your password-protected laptop or a cloud-storage account. Digital cameras don’t offer encrypted storage, so you should consider backing up your photos and deleting them from your camera and reformatting the camera's memory card.
  • Turn on airplane mode for all of your electronic devices before crossing a border checkpoint. CBP stated in July 2017 that its policy does not permit searches of cloud-stored data that is accessible from electronic devices through the internet. Keeping your devices in airplane mode will help ensure compliance with this policy.  

Until the Supreme Court weighs in on the constitutional limits of the government’s powers at the border, questions about the government’s authority to conduct these kinds of searches aren’t likely to be settled. Lower courts have issued conflicting rulings on whether individualized suspicion should be a condition for such a search. The Ninth Circuit, which covers several western states, for example, requires at least reasonable suspicion for a “forensic” search of a seized device, but has not imposed limits on “cursory” on-the-spot searches.

It is crucial that more courts weigh in, given that device searches at the border seem to be on the rise. News reports indicate that in 2016, almost 24,000 electronic devices were searched, a huge jump from the nearly 5,000 devices that were searched in 2015. The pace of searches continues to accelerate, with the Department of Homeland Security reportedly conducting 5,000 device searches in February 2017 alone.

With border officials increasingly exercising authorities that haven’t been sufficiently considered by the courts, the urgency for clear protections mounts. In the meantime, travelers should take the precautions they feel are right for them.

Add a comment (123)
Read the Terms of Use

Anonymous

It would be very suspicious as "destruction of evidence." While they can't prove you had evidence on there, it is going to cause a huge hassle. However, if they do have ANYTHING on you, they can easily pin deleting evidence and as many extra charges as they can on top.
It's better to upload things securly to the cloud and do a full cleaning during travel.

Anonymous

Apple technically has this. If your not phone is lost or stolen you can remote wipe it. It's called "find my iPhone"

Anonymous

My concern is now every country in the world will do this,simply because they can.I fear American tourists will be targeted and travel will become a nightmare in both directions. Since TSA is supposed to get "massive" budget cuts,is his plan to replace them with Border Patrol staff?

In Canada

Perhaps, but other countries haven't followed the US on forcing airline passengers to take off their shoes (except when traveling to the US), because it's time-consuming and unproductive.

Anonymous

I've been planning an international trip and in researching destinations I've noticed a trend of increasing scrutiny towards American citizens from countries with little reason for suspicion. I can't help but feel it's retaliatory.

Anonymous

It already is. Flights to the US from Europe put you through double security. But within Europe, such does not happen. What used to be a layover is now another security check. It has happened to me many times, particularly in Germany.

CYoung

Derek R: that is my plan. I am a US-born citizen and also have Global Entry. My husband is a naturalized US citizen with Global Entry - Chinese and not Muslim. It does seem to be Muslims who are stopped/searched/ detained most often (e.g., Mohammed Ali Jr!), regardless of citizenship status. But I plan to wipe my phone and iPad before re-entering the US after international travel in August.

Anonymous

ACLU, are you aware that Global Entry is being denied to non-US citizens at US airports. A canadian relative with Global Entry (used previously several times) was told "it's only for US citizens" in mid February (during travel ban version 1). How's that entry supposed to be global?

Anonymous

I am not clear on the entire "The 4th Ammendment doesn't apply at the border" idea. Doesn't the 4th Ammendment stll apply-its just that the courts have said that a "routine search" when exiting or entering the country is inherently reasonable? But is examining the contents of a smart phone or other electronic device or demanding passwords, etc. "routine"? What makes a search routine or non-routine?

Anonymous

Why not just store all of your passwords in a password manager which is located in the cloud? When you reenter just delete that app and say you don't know your passwords which would be true. And the password database would no longer be on the device so they could not steal it.

Pages

Sign Up for Breaking News