Posted by Michael Titens
International travelers are considering how to respond to the US government’s broad powers to search laptops, phones, and other devices at border and airport checkpoints. According to news reports, an increasing number of travelers (including US citizens enrolled in the Global Entry program) are being asked to turn over electronic devices, together with device and social media passwords, when re-entering the country. Customs and Border Protection (CBP) agents can then search the devices and apps before admitting the traveler back home. CBP recently added a page to its website (www.cbp.gov/travel/cbp-search-authority) explaining the scope of this search authority.
While US citizens probably have the right to refuse to disclose passwords, and lawyers can insist on additional safeguards for attorney-client privileged information, few travelers want to risk being delayed for hours, or giving up their electronics for multiple days. The pragmatic response of those few selected for search may well be to accede to the CBP agents’ search requests.
This CBP activity raises an important issue: Are indiscriminate laptop and device searches at the border constitutional? For now, the answer is yes. CBP agents do have the right to conduct searches on returning travelers without obtaining a warrant. However, a 2014 Supreme Court case held that in another context where warrantless searches are permitted – in that case a search incident to an arrest – the right to conduct a warrantless search does not extend to smart phones and other electronic equipment. Chief Justice Roberts acknowledged that today’s smart phones hold vast quantities of mail and text correspondence, photos, social media interactions, location tracking, and other data that are fundamentally different from the non-digital information a person might be carrying in his pockets or briefcase. Whether the courts would uphold today’s border searches is not clear.
Some lawmakers aren’t waiting for a court ruling. On April 4, two Republicans and two Democrats introduced a bill in the House and the Senate intended to stop these searches. If adopted, the Protecting Data at the Border Act would require CBP agents to get a warrant before searching a US citizen’s device and would prohibit officials from delaying or denying entry to a person who refuses to disclose passwords and other account information.
What should travelers be doing to protect their data and their privacy? Some commentators have suggested carrying alternate devices when traveling abroad, deleting social media apps, or even moving everything off of your device to the cloud when you cross the border, then reloading when you are safely home. While potentially helpful, these strategies may not be practical for most travelers. However, most travelers should be able to completely power down devices (this encrypts the data on most devices, at least until the next login), and US citizens should be aware that they are not required by law to disclose passwords (though refusing could result in additional delay). Of course, any passwords that are disclosed should be changed promptly afterwards. In addition, travelers may wish to ensure that unlocking the device does not automatically unlock all applications – such as bank and credit card apps. Finally, if sensitive, work-related information may have been accessed during a border search, the company IT department should be notified so that appropriate remedial action can be taken.
The border has become the latest example of the struggle to balance national security interests, privacy concerns, and the simple desire to just get home.