The government last week issued new rules governing its searches of electronic devices at the border on the same day that it revealed that such searches skyrocketed in 2017.
Until now, Customs and Border Protection claimed the authority to demand travelers turn over their phones, laptops, and other devices to be searched at border crossings, including airports, without any suspicion of wrongdoing. The new directive released Friday will require a heightened level of suspicion for certain searches, but it reasserts CBP’s authority to conduct other searches without any level of individualized suspicion whatsoever.
According to data released by the Department of Homeland Security, searches of electronic devices rose by about 60 percent in 2017 relative to 2016. A lawsuit we filed last year along with the Electronic Frontier Foundation challenges these warrantless searches as unconstitutional on behalf of 11 travelers who were subjected to them. (Their stories can be read here.)
The new CBP policy indicates that officers at the border should have reasonable suspicion of unlawful activity or a “national security concern” before they can conduct an “advanced” search of the contents of an electronic device. An advanced search — sometimes called a forensic search — is any search involving external equipment connected to an electronic device to scan, analyze, or download the data on the device. The CBP directive also reaffirms that officers cannot search information located remotely — in the cloud, for example — and that they should place devices in airplane mode to avoid seeing such material. However, “basic searches” conducted on the spot — which can expose travelers’ photographs, contact lists, text messages, emails, and documents — can continue without individualized suspicion under the new directive.
This directive is a welcome development because it at least acknowledges the severe privacy invasions that occur when the government can search your device without any suspicion. Indeed, recently published accounts of complaints filed with the federal government powerfully illustrate the humiliation individuals have experienced when forced to surrender their personal devices to the scrutiny of border officers.
That said, the directive doesn’t go nearly far enough.
We have long argued that the Constitution requires the government to get a warrant before searching electronic devices at the border, and we support bipartisan legislation that would make that requirement law. The CBP directive only requires reasonable suspicion, a lower legal standard than the probable cause standard needed for a warrant, and it doesn’t require agents to make a case before a judge.
The new directive still requires no suspicion at all when an advanced search implicates a “national security concern” — which is not clearly defined in the policy and is potentially vague enough to cover a wide array of scenarios — or when a search is not considered advanced. But even so-called “basic” searches can be incredibly invasive, exposing the intimate details of a person’s life to government agents who never have to make a case for why they need to conduct the search.
Additionally, the directive does not apply to agencies outside of CBP that might conduct searches of devices taken at the border, and does not make clear that travelers should not be under an obligation to provide border officers with a password or other information to enable them to search their device.
Given this new policy, what do travelers need to know to protect their privacy at the border?
First, because the new policy confirms that border officers should not be searching information that is stored in the cloud, you should place your devices in airplane mode when arriving at the border for a customs inspection. Be aware, however, that even if you move content from your device to a cloud account, an advanced search of your device could still reveal deleted files and metadata.
Second, consider your options when deciding whether to provide a password to unlock your device. CBP’s directive asserts that travelers are “obligated” to present electronic devices in a condition that allows inspection of the device and its contents, and notes that an officer may “request” assistance from the traveler in accessing the device’s contents.
If you are asked to provide a password, and you do so, you may wish to make clear that you are doing so without consenting to the search. We believe the government does not have the authority to prevent U.S. citizens and lawful permanent residents from entering the country solely for refusing to provide a device password, but be aware that if you refuse, you may be detained longer and your device may be confiscated and retained for days or weeks. Travelers who are not U.S. citizens or lawful permanent residents may risk being denied entry.
Finally, if you are an attorney or carrying information protected by the attorney-client or attorney work product privileges, make sure to let the officer know. The CBP directive provides for certain procedures that must be followed before a search of such material can take place.
These measures are not constitutionally adequate because they still allow the government to search material without suspicion or a warrant. But until the courts settle the matter, it is nonetheless important for travelers to do what they can to trigger the procedures that do exist.