TechViews News …..
We’ve written several articles recently about privacy while traveling. Since we published “Traveling with your laptop” and “Protecting your private data while traveling through airports and Customs stations,” we’ve received multiple emails asking the same question – “Are Border Agents or TSA legally allowed to search your personal or business electronic devices?” Unfortunately, the answer isn’t easy or simple.
The government has long claimed that Fourth Amendment protections prohibiting warrantless searches don’t apply at the border, and occasionally at airports that have international flights. Our electronic devices (laptops, smartphones, etc.) store detailed accounts of our conversations, professional lives, whereabouts, and web-browsing habits. They paint a far more detailed picture of our private lives than, say, a piece of luggage.
The Supreme Court recognized this reality when it ruled in 2014 that the Constitution requires the police to obtain a warrant to search the smartphone of someone under arrest. Multiple groups and civil organizations have argued in various court filings, there’s no reason the Constitution’s safeguards against unwarranted searches shouldn’t also apply when we travel internationally given the ubiquity of these devices, and their ever-growing capacity to track the minutiae of our private lives.
Unfortunately, the government doesn’t agree personal rights groups, and the law on the matter is far from settled. Because of the high-stakes implications of these kinds of searches, and amidst evidence suggesting they’re on the rise, it’s important to understand the landscape so that you can make decisions that are right for you ahead of your travels.
What do you do if border agents demand you surrender your device?
The government (via Border Protection & TSA agents) claims the authority to search all electronic devices, no matter your legal status in the country or whether they have any reason to suspect that you’ve committed a crime. You can state that you don’t consent to such a search, but unfortunately this likely won’t prevent authorities from taking possession of your device.
If you’ve given Customs and Border Protection (CBP) agents the password to your device (or if you don’t have one), they might conduct what’s often called a “cursory search” on the spot. They might also download the full contents of your device and save a copy of your data. According to CBP policy from 2009, they are *not* required to return your device before you leave the airport or other port of entry, and they might choose to send it off for a more thorough “forensic” search. They claim the authority to hold onto your device for five days, and this period can be extended by seven-day increments.
As a result of this policy, even the most universally recognized private information — like communications with your lawyers — are insufficiently protected at the border. If you possess information that is protected by attorney-client privilege, you should tell the CBP agent you’re interacting with. Unfortunately, all he or she will need to do under agency policy is “seek advice” from a superior prior to the search.
Journalists carrying sensitive information about their work or sources are also insufficiently protected. The CBP directive states that “work related information carried by journalists shall be handled in accordance with any applicable federal law and CBP policy” — but it’s unclear what this means. Journalists who feel their rights have been violated at the border should immediately report it to their employers and appropriate attorneys.
If you leave the airport or other border checkpoint without your device, make sure you get a receipt, which should include information about your device and contact information allowing you to follow up. If, after the forensic search is conducted, there is no probable cause to believe the device contains evidence of a crime, the government says it will destroy any information it copied within 21 days. Yet there’s a caveat here, too. CBP might retain the notes it took during the search of your device or any questioning while you were at the border or in the airport.
Do I have to give a password to unlock my device?
If you’re a citizen, you can’t be denied entry into the country if you refuse to comply with a request to unlock your device or to provide a password. But you might be detained for longer or have your device seized and not returned to you for weeks or months. The same should be true for those who have previously been admitted to the United States as lawful permanent residents and have maintained their status — their green cards can’t be revoked without a hearing before an immigration judge. If you are not a citizen and are concerned about having your devices searched, you should consult with an immigration lawyer about your particular circumstances before traveling.
Visa holders and tourists from visa waiver countries, however, run the risk of being denied entry if they refuse to provide a password, and they should consider that risk before deciding how to proceed. The Department of Homeland Security is presently considering instituting a policy requiring visitors from certain countries to provide social media passwords in order to secure a visa to travel to the U.S.
Whether you’re a citizen or not, though, it is recommended that you enter the password yourself rather than divulging it to a CBP agent. They still might demand that you share it, but it’s a precaution worth trying to take. If you do hand over your password, it’s likely to end up in a government database, so change it as soon as you have the chance and make sure you no longer use that password for any other account.
What can I do to prepare?
Here are a few precautions you can take in preparation for your trip to ensure things go as smoothly as possible:
- Travel with as little data and as few devices as possible. The less you’re carrying, the less there is to search. Consider using a travel-only smartphone or laptop that doesn’t contain private or sensitive information. You could also ship your devices to yourself in advance. Keep in mind that a forensic search of your device will unearth deleted items, metadata, and other files.
- Encrypt devices with strong and unique passwords and shut them down when crossing the border. Again, there’s no guarantee that this will hamper or slow down airport authorities, but it’s worth a try.
- Store sensitive data in a secure cloud-storage account. Disable or better yet – uninstall any apps that connect to cloud-based accounts where you store sensitive communications or files. That way you can retrieve your information via the web once you reach your destination, rather than rely on an app installed on your phone or laptop. In July 2017, Customs and Border Protection publicly stated it is against policy for border agents to search cloud-stored data on electronic devices. But still, policies are sometimes ignored.
- Delete ‘sensitive’ photos on your camera. Digital cameras don’t offer encrypted storage, so you should consider backing up your sensitive photos and deleting them from your camera and reformatting the camera’s memory card.
Until the Supreme Court weighs in on the constitutional limits of the government’s powers at international airports and at the border, questions about the government’s authority to conduct these kinds of searches aren’t likely to be settled. Lower courts have issued conflicting rulings, usually along political party lines, on whether individualized suspicion should be a condition for such a search. The Ninth Circuit, which covers several western states, for example, requires at least reasonable suspicion for a “forensic” search of a seized device, but has not imposed limits on “cursory” on-the-spot searches.
With border officials increasingly exercising authorities that haven’t been sufficiently considered by the courts, the urgency for clear protections mounts. In the meantime, travelers should take the precautions they feel are right for them.
Be Safe – Backup Your Data Regularly!
And don’t forget to take advantage of our FREE subscription to the TechViews.org Newsletter. A must-read if you are interested in Internet Security.