Can Border Agents Search Your Electronic Devices? It’s Complicated.

This post was updated on July 19, 2017. 

We’ve been getting a lot of questions about when border agents can legally conduct searches of travelers’ electronic devices at international airports and other ports of entry. Unfortunately, the answer isn’t simple.

Read this post in Spanish or in Arabic.

The government has long claimed that Fourth Amendment protections prohibiting warrantless searches don’t apply at the border. The ACLU takes issue with this position generally, especially when it comes to electronic devices like smartphones and laptops. Our smartphones store detailed accounts of our conversations, professional lives, whereabouts, and web-browsing habits. They paint a far more detailed picture of our private lives than, say, a piece of luggage.

The Supreme Court recognized this reality when it ruled in 2014 that the Constitution requires the police to obtain a warrant to search the smartphone of someone under arrest. As the ACLU has argued in various court filings, there’s no reason the Constitution’s safeguards against unwarranted searches shouldn’t also apply when we travel internationally given the ubiquity of these devices, and their ever-growing capacity to track the minutiae of our private lives.

Unfortunately, the government doesn’t agree, and the law on the matter is far from settled. Because of the high-stakes implications of these kinds of searches, and amidst evidence suggesting they’re on the rise, it’s important to understand the landscape so that you can make decisions that are right for you ahead of your travels.

This resource offers a basic snapshot of possible scenarios relating specifically to electronic device searches. For a fuller picture of the many other civil liberties issues that often arise at the border, click here. And if you think your constitutional rights have been violated, tell us what happened by filling out this form

What happens if border agents demand I turn over my device?

The government claims the authority to search all electronic devices at the border, no matter your legal status in the country or whether they have any reason to suspect that you’ve committed a crime. You can state that you don’t consent to such a search, but unfortunately this likely won’t prevent CBP from taking your phone.

If you’ve given Customs and Border Protection agents the password to your device (or if you don’t have one), they might conduct what’s often called a “cursory search” on the spot. They might also download the full contents of your device and save a copy of your data. According to CBP policy from 2009, they are not required to return your device before you leave the airport or other port of entry, and they might choose to send it off for a more thorough “forensic” search. Barring “extenuating circumstances,” they claim the authority to hold onto your device for five days — though “extenuating circumstances” is an undefined term in this context, and this period can be extended by seven-day increments. We’ve received reports of phones being held for weeks or even months.

As a result of this policy, even the most universally recognized private information — like communications with your lawyers — are insufficiently protected at the border. If you possess information that is protected by attorney-client privilege, you should tell the CBP agent you’re interacting with. Unfortunately, all he or she will need to do under agency policy is “seek advice” from a superior prior to the search.

Journalists carrying sensitive information about their work or sources are also insufficiently protected. The CBP directive states that “work related information carried by journalists shall be handled in accordance with any applicable federal law and CBP policy” — but it’s unclear what this means. Journalists who feel their rights have been violated at the border should let us know, and those who have upcoming travel should consult with their organizations’ general counsel offices or press associations.

If you leave the airport or other border checkpoint without your device, make sure you get a receipt, which should include information about your device and contact information allowing you to follow up. If, after the forensic search is conducted, there is no probable cause to believe the device contains evidence of a crime, the government says it will destroy any information it copied within 21 days. Yet there’s a caveat here, too. CBP might retain the notes it took during the search of your device or any questioning while you were at the border.

Do I have to enter a password to unlock my device?

Your legal status in the country may inform what you decide to do if you’re asked for a password to unlock your device.

If you’re a citizen, you can’t be denied entry into the country if you refuse to comply with a request to unlock your device or to provide a password. But you might be detained for longer or have your device seized and not returned to you for weeks or months. The same should be true for those who have previously been admitted to the United States as lawful permanent residents and have maintained their status — their green cards can’t be revoked without a hearing before an immigration judge. If you are not a citizen and are concerned about having your devices searched, you should consult with an immigration lawyer about your particular circumstances before traveling.

Visa holders and tourists from visa waiver countries, however, run the risk of being denied entry if they refuse to provide a password, and they should consider that risk before deciding how to proceed. The Department of Homeland Security is presently considering instituting a policy requiring visitors from certain countries to provide social media passwords in order to secure a visa to travel to the U.S. (The ACLU opposes the proposal.)

Whether you’re a citizen or not, though, we always recommend that you enter the password yourself rather than divulging it to a CBP agent. They still might demand that you share it, but it’s a precaution worth trying to take. If you do hand over your password, it’s likely to end up in a government database, so change it as soon as you have the chance and make sure you no longer use that password for any other account.

What can I do to prepare?

Here are a few precautions you can take in preparation for your trip to ensure things go as smoothly as possible:

  • Travel with as little data and as few devices as possible. The less you’re carrying, the less there is to search. Consider using a travel-only smartphone or laptop that doesn’t contain private or sensitive information. You could also ship your devices to yourself in advance. (Be aware that CBP claims the authority to search international packages so it is best to encrypt any devices that you ship.) Keep in mind that a forensic search of your device will unearth deleted items, metadata, and other files.
     
  • Encrypt devices with strong and unique passwords and shut them down when crossing the border. A good resource on how to do so can be found here.
     
  • Store sensitive data in a secure cloud-storage account. Disable any apps that connect to cloud-based accounts where you store sensitive communications or files, and don’t keep a copy of cloud-stored data in your physical possession. In July 2017, Customs and Border Protection publicly stated it is against policy for border agents to search cloud-stored data on electronic devices. This means that any search of an electronic device at the border should not extend to data that is only accessible via the internet — such as email or social media messages and posts that are stored on remote servers.
     
  • Upload sensitive photos on your camera to your password-protected laptop or a cloud-storage account. Digital cameras don’t offer encrypted storage, so you should consider backing up your photos and deleting them from your camera and reformatting the camera's memory card.
  • Turn on airplane mode for all of your electronic devices before crossing a border checkpoint. CBP stated in July 2017 that its policy does not permit searches of cloud-stored data that is accessible from electronic devices through the internet. Keeping your devices in airplane mode will help ensure compliance with this policy.  

Until the Supreme Court weighs in on the constitutional limits of the government’s powers at the border, questions about the government’s authority to conduct these kinds of searches aren’t likely to be settled. Lower courts have issued conflicting rulings on whether individualized suspicion should be a condition for such a search. The Ninth Circuit, which covers several western states, for example, requires at least reasonable suspicion for a “forensic” search of a seized device, but has not imposed limits on “cursory” on-the-spot searches.

It is crucial that more courts weigh in, given that device searches at the border seem to be on the rise. News reports indicate that in 2016, almost 24,000 electronic devices were searched, a huge jump from the nearly 5,000 devices that were searched in 2015. The pace of searches continues to accelerate, with the Department of Homeland Security reportedly conducting 5,000 device searches in February 2017 alone.

With border officials increasingly exercising authorities that haven’t been sufficiently considered by the courts, the urgency for clear protections mounts. In the meantime, travelers should take the precautions they feel are right for them.

Add a comment (142)
Read the Terms of Use

Anonymous

Why not just store all of your passwords in a password manager which is located in the cloud? When you reenter just delete that app and say you don't know your passwords which would be true. And the password database would no longer be on the device so they could not steal it.

Anonymous

As someone who majored in International Human Rights Law back at the turn of the century when we still had human rights, let me weight in on this one. The difference between routine and non-routine is, for one, non-routine means it takes more than 6 hours. Although even that's getting fuzzy, courts have ruled that 7-hour detainment and searches and fingerprints and invasive questions of US citizens coming back in from Canada on land at the New York State ports of entry were considered "routine". A strip-search or body-cavity-search would be considered non-routine and reasonable suspicion would be required. Race-based searches are non-routine and reasonable suspicion of actual criminal activity, at the federal level not just "exploratory searching for anything and everything to call a crime" and I mean violations of Customs regulations not just petty little "local" infractions - are still against, apparently, the 4th Amendment. Although a race-based search would be better off quoting the 14th Amendment equal protection violation than the 4th Amendment because privacy rights make no mention of race. Non-routine means anything that an ordinary person would find horribly offensive. For instance, the "terrorist treatment" is non-routine because it is only ever done because of race, because of an Arabic-sounding surname or just brown skin (with an Irish surname or a Spanish one).
Anyway, as "strip search" applies to your electronic devices, the forensic "rape" of your computer when they take it and keep it for months on end off-site, is considered non-routine and reasonable suspicion is required. Suspicion can not be based entirely on factors such as race or gender, although no US government agent will admit that race really was the only reason they were suspicious of you having electronic devices at all.
Source: this happened to me back in January and I'm still working on starting the Bivens Action against US Customs and Border Patrol. I've not seen hide nor hair of my laptop bag or cell phones YET and it's already OCTOBER.

Emperor

With respect to the statement "The Supreme Court recognized this reality when it ruled in 2014 that the Constitution requires the police to obtain a warrant to search the smartphone of someone under arrest," it seems illogical that a citizen would have more protections after an arrest than before an arrest. (CBP has the authority to make arrests.)

Ploof

Exactly. If I'm a citizen, why should the fact that I'm entering the country after spending time elsewhere have any bearing on my rights as a citizen? It's logically inconsistent.

Anonymous

The 4th Ammendment says you have the right to be free from "unreasonable" search and seizure. The courts have already ruled that "routine" searches when entering or exiting the country are "reasonable." The rub is in what "routine search" actually means vis a vis electronic devices.

Anonymous

Would the Fifth Amendment provide a viable excuse not to reveal our passwords?

Anonymous

If you are a U.S. citizen, you have the right to remain silent and refuse to answer any questions, but they might seize your phone and attempt to hack it--not to mention get very prickly about any customs violations you may be unwittingy committing.

Raoul Obsterik

The jury is out on that question {sorry}. There have been different court decisions on whether revealing or entering your password is potentially incrimination. And the separate question of whether you can be compelled to provide or use your fingerprint to unlock your device has also been tested, with different results in different courts, and the question is also open on whether or not providing a fingerprint is different from providing a passcode. Keeping in step with the subject of this blog entry, the rules can be different at the border. And remember the "border" means within 150 miles of any border, not just where you cross the line.

Anonymous

The Fifth Amendment also gives you the right to international travel, keep that in mind. All these detentions of US citizens returning into the United States are a violation of the Fifth Amendment.

Anonymous

What do you recommend for a travel-only smart phone? Can I rent a phone for this purpose?

Pages

Stay Informed