The Government’s New Policy on Device Searches at the Border: What You Need to Know

The government last week issued new rules governing its searches of electronic devices at the border on the same day that it revealed that such searches skyrocketed in 2017.

Until now, Customs and Border Protection claimed the authority to demand travelers turn over their phones, laptops, and other devices to be searched at border crossings, including airports, without any suspicion of wrongdoing. The new directive released Friday will require a heightened level of suspicion for certain searches, but it reasserts CBP’s authority to conduct other searches without any level of individualized suspicion whatsoever.

According to data released by the Department of Homeland Security, searches of electronic devices rose by about 60 percent in 2017 relative to 2016. A lawsuit we filed last year along with the Electronic Frontier Foundation challenges these warrantless searches as unconstitutional on behalf of 11 travelers who were subjected to them. (Their stories can be read here.)

The new CBP policy indicates that officers at the border should have reasonable suspicion of unlawful activity or a “national security concern” before they can conduct an “advanced” search of the contents of an electronic device. An advanced search — sometimes called a forensic search — is any search involving external equipment connected to an electronic device to scan, analyze, or download the data on the device. The CBP directive also reaffirms that officers cannot search information located remotely — in the cloud, for example — and that they should place devices in airplane mode to avoid seeing such material. However, “basic searches” conducted on the spot — which can expose travelers’ photographs, contact lists, text messages, emails, and documents — can continue without individualized suspicion under the new directive.

This directive is a welcome development because it at least acknowledges the severe privacy invasions that occur when the government can search your device without any suspicion. Indeed, recently published accounts of complaints filed with the federal government powerfully illustrate the humiliation individuals have experienced when forced to surrender their personal devices to the scrutiny of border officers.

That said, the directive doesn’t go nearly far enough.

We have long argued that the Constitution requires the government to get a warrant before searching electronic devices at the border, and we support bipartisan legislation that would make that requirement law. The CBP directive only requires reasonable suspicion, a lower legal standard than the probable cause standard needed for a warrant, and it doesn’t require agents to make a case before a judge.

The new directive still requires no suspicion at all when an advanced search implicates a “national security concern” — which is not clearly defined in the policy and is potentially vague enough to cover a wide array of scenarios — or when a search is not considered advanced. But even so-called “basic” searches can be incredibly invasive, exposing the intimate details of a person’s life to government agents who never have to make a case for why they need to conduct the search.

Additionally, the directive does not apply to agencies outside of CBP that might conduct searches of devices taken at the border, and does not make clear that travelers should not be under an obligation to provide border officers with a password or other information to enable them to search their device.

Given this new policy, what do travelers need to know to protect their privacy at the border?

First, because the new policy confirms that border officers should not be searching information that is stored in the cloud, you should place your devices in airplane mode when arriving at the border for a customs inspection. Be aware, however, that even if you move content from your device to a cloud account, an advanced search of your device could still reveal deleted files and metadata.

Learn more: Can Border Agents Search Your Electronic Devices?

Second, consider your options when deciding whether to provide a password to unlock your device. CBP’s directive asserts that travelers are “obligated” to present electronic devices in a condition that allows inspection of the device and its contents, and notes that an officer may “request” assistance from the traveler in accessing the device’s contents.

If you are asked to provide a password, and you do so, you may wish to make clear that you are doing so without consenting to the search. We believe the government does not have the authority to prevent U.S. citizens and lawful permanent residents from entering the country solely for refusing to provide a device password, but be aware that if you refuse, you may be detained longer and your device may be confiscated and retained for days or weeks. Travelers who are not U.S. citizens or lawful permanent residents may risk being denied entry.

Finally, if you are an attorney or carrying information protected by the attorney-client or attorney work product privileges, make sure to let the officer know. The CBP directive provides for certain procedures that must be followed before a search of such material can take place.

These measures are not constitutionally adequate because they still allow the government to search material without suspicion or a warrant. But until the courts settle the matter, it is nonetheless important for travelers to do what they can to trigger the procedures that do exist.

View comments (11)
Read the Terms of Use

Dr. Timothy Leary

If you as an American citizen are concerned about these device searches at our borders than don't go anywhere you don't need to.
Be American, buy American. See the U.S.A. in your Chevrolet.


"Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety."


So we're not supposed to visit family abroad? Take business trips?

Dr. Timothy Leary

"Those who use quotes without without referencing their source are doomed to failure.": Albert Einstein circa 1950.




Can I be required to provide other passwords (like Facebook?


What you need to know - clean up your social media accounts before you come to the USA. Its also a good idea to clean up your social media accounts before applying for jobs because HR departments will actually search for, and look at, job applicants accounts.


What about teachers, professors, grad students, and employees who have digital access to sensitive and confidential information?


That information should be under a separate password with the shortcut marked HIPAA, If it contains medical records or confidential


The ACLU needs to address corporate and agency "mission-creep" by contractors and bureaucrats.

Ronald Reagan once famously pointed out that the federal agency regulating farmers had more government employees than there were actual farmers to oversee.

His point was that government agencies are only designed to "grow" - not shrink - not indexed to it's actual mission or customers.

Today what we are seeing is a nearly non-existent threat but these new agencies have to justify their existence - so they merely add more "suspects" to investigate or search. By subjecting more innocent people to searches and investigations, the American people grow cynical of these agencies and elect leaders that promise to cut or abolish entire agencies.

Almost alone in their courage, the ACLU predicted in October 2001 - just one month after 9/11 - that these policies would create Cointelpro style blacklisting used to defame "suspects" like the Christian minister Martin Luther King, Jr. The FBI has still never officially admitted their mission-creep and fraud in the MLK case (although James Comey came close).

If we declared Victory on this "War-on-a-Tactic" after 9/11 - would these agencies shrink or close down? Would state Fusion Centers close down and stop blacklisting and defaming innocent Americans? The ACLU should focus on solving "mission-creep".


Stay Informed