During the past two years, U.S. Customs and Border Patrol has targeted ever larger numbers of travelers’ smartphones and laptops for searches as they cross the border into the country.
U.S. courts have generally upheld a so-called border search exception to the Constitution’s Fourth Amendment, allowing CBP to search electronic devices without a court-ordered warrant. In April, a group of lawmakers introduced legislation to require warrants to search devices owned by U.S. citizens and other legal residents, but for now, the law allows for warrantless device searches.
[ Safeguard your data! The tools you need to encrypt your communications and web data. • Maximum-security essential tools for everyday encryption. • InfoWorld’s encryption Deep Dive how-to report. | Discover how to secure your systems with InfoWorld’s Security Report newsletter. ]
It’s worth noting, however, that the odds of CBP searching any single traveler’s device are tiny, although they may increase if the traveler fits certain profiles. Even with increased device searches during the past two years, CBP still only checks the devices of a fraction of 1 percent of all people crossing the U.S. border.
Still, travelers concerned about their privacy can take steps to protect their data as they cross the U.S. border. They should remember the old Boy Scout motto: Be prepared.
The best way to avoid sharing personal or confidential information with CBP agents as you cross the border is to scrub your devices before you travel, some privacy experts say.
While it’s difficult to fight a CBP search when you’re being questioned, there’s no requirement that your smartphone or laptop be loaded up with your data. Consider removing sensitive data from your devices by storing it in the cloud or on another device that stays home.
“People should never lie to a CBP agent,” said Esha Bhandari, a staff attorney with the American Civil Liberties Union’s Speech, Privacy, and Technology Project “If they’re asked a question, they should answer truthfully. But there’s no requirement you carry your data with you when you cross the border.”
If you don’t want CBP searching your work email, consider temporarily removing your email app from your smartphone. A cursory CBP search of your phone isn’t likely to discover what apps you’ve recently removed.
Also, consider keeping your devices off as you’re going through customs. If your smartphone is powered up, log out of apps that contain personal data.
If a CBP agent asks you to unlock your smartphone or laptop, you can refuse, but there are consequences. If you’re not a U.S. resident, CBP could prevent you from entering the country.
If you’re a U.S. resident, CBP could hold you for several hours, and they could seize your device. A seizure could lead to a forensic search of your device, and CBP may not return it for months, the Electronic Frontier Foundation noted in a recent advice document for travelers.
CBP can detain you for refusing to allow a search but “we’re talking a matter of hours, certainly not an overnight detention,” Bhandari said. “There doesn’t seem to be a bright-line rule, but we’re talking hours, not days.”
Ultimately, if you’re a legal U.S. resident, CBP shouldn’t prevent you from entering the country, even if you refuse to allow the device search, Bhandari said.
Still, expect to have your device seized if you refuse to unlock it. Travelers will often have to choose, she said. “Would they rather turn over their password and have a quick search vs. refusing and having their device seized?” she added.
Finally, there’s been some discussion among technologies about using a separate encryption scheme for sensitive files on laptops or smartphones. While there’s no real consensus, some privacy experts suggest that having a separate encrypted section of your hard drive may raise a red flag for CBP agents. It may be safer to store those files on another device or in the cloud.