Anyone who has traveled internationally knows the drill: body scans, bag searches, and lots of questions. But there’s something else U.S. Customs and Border Protection officers increasingly want to scour: your cell phone.
Custom officials are taking advantage of legal uncertainties that civil liberties advocates say provide limited options for travelers to keep their devices and data private.
That means everything on your phone—from financial info to potentially embarrassing photos—can land in the government’s hands. The policy pre-dates the controversial travel restrictions President Donald Trump ordered Friday, and applies to U.S. citizens and international visitors alike. In fact, the Florida chapter of the Council on Islamic-American Relations filed a complaint the week before Trump’s inauguration after reports of cellphone searches and demands for social media handles. And in July, a reporter for The Wall Street Journal said that federal officials demanded to inspect phones she was carrying into the country, before relenting when she said they belonged to the newspaper.
For travelers looking to keep their personal or business data private, that leaves a few options:
- Travel with “burner” phones and laptops only loaded with files you absolutely need for your trip.
- Keep private data in the cloud, not on your devices.
- Use a secure deletion tool to wipe sensitive data from your phone and laptop before passing through customs.
- Lock and encrypt your phone before crossing the border, though officers may urge you to unlock it or reveal your passwords.
Digital inspections are unlikely to go away any time soon, experts say.
“This issue of device searches at the border and asking for social media information was starting to happen under Obama,” says Sophia Cope, a staff attorney at the Electronic Freedom Foundation. She predicts the searches may intensify under Trump.
Customs officers have long had wide leeway to search people’s possessions after they enter the U.S.; usually in a hunt for contraband, including guns and drugs, says Nathan Wessler, a staff attorney with the American Civil Liberties Union’s Speech, Privacy, and Technology Project. U.S. border officials have generally interpreted those rules to also allow warrantless searches of digital devices.
“Under DHS authorities to conduct border searches, travelers’ electronic devices are as subject to search as any other belongings, because the information contained in them may be relevant to DHS’s customs and immigration inspection processes and decisions,” wrote Department of Homeland Security officials in a 2009 report. And in an email to Fast Company on Wednesday, CBP spokesman Roland Filiault reiterated the agency’s authority to inspect electronics coming into the U.S.
“Keeping America safe and enforcing our nation’s laws in an increasingly digital world depends on our ability to lawfully examine all materials entering the U.S.,” he wrote.
The problem, says Wessler, is that smartphones and laptops now contain huge amounts of private data, from financial and medical records to private conversations and photos—much more than old-fashioned luggage items typically would. It’s the ACLU’s view, however, that the idea of stopping contraband means examing physical packages, not digital data.
“Privacy interests are very high and, at the same time, we’re not now talking about the potential for drugs or agricultural products slipping through,” Wessler says. “These are digital bits, and there’s no reason the government can’t go and get a warrant.”
In 2014, the U.S. Supreme Court ruled unanimously that without a warrant, police generally can’t search a suspect’s cellphone when they’re taken into custody, despite established rules allowing some physical warrantless searches during an arrest.
There’s no similar Supreme Court case ruling one way or another about searching travelers entering the country. A few federal courts have allowed unrestricted manual searches while requiring at least some “reasonable suspicion” before doing more intensive forensic exams of a phone’s memory, but many haven’t addressed the question at all, says Wessler.
“Most federal courts have yet to weigh in on this, so in most parts of the country there’s no binding legal authority on the question,” he says.
In practice, this means people traveling into the country should assume they have limited legal recourse to stop device searches, says Cope. How people handle that will depend on a number of factors. Some travelers without much personal information on their phones may be unconcerned, while others might encrypt their devices and refuse to disclose their passwords. That, though, can be more of a risk for noncitizens, who can be denied entry with a fair degree of latitude, Cope cautions.
“It’s all about the person’s risk tolerances,” she says.
There’s no one-size-fits-all option: Using travel-only phones and laptops, or keeping files in the cloud may work well for some, but those solutions rely on either technical sophistication or disposable funds, and assume travelers don’t actually need to keep private data on their equipment while they travel.
Other travelers might prefer to encrypt and lock their phones or laptops, though it’s not entirely clear which encryption tools authorities can defeat—officials reportedly paid a security company for a tool to break into the San Bernardino shooting suspect’s iPhone, for instance, and it’s possible federal officials have paid for similar keys to other popular phones and computers.
Travelers should also consider that officials may request their pass codes. Refusing can lead to lengthy questioning sessions, seizure of the devices, and for non-citizens it can heighten the risk of being denied entry.
“Folks should not use their thumbprint to unlock their phones—that should be disabled” when traveling she warns, since it can be easier legally and practically to obtain a fingerprint than a password. “If a border agent really wanted to be a jerk, they could grab your hand and place your thumb on your phone.”