Over the last decade, tens of thousands of visitors to the US – plus US citizens and residents returning home – have been subjected to warrantless border searches of their electronic devices.
Border officials may seize, search, and copy the contents of any such device. There’s no arrest, warrant, or even probable cause required – just “gimme.” And activists claim that since the inauguration of President Trump, this practice is becoming increasingly common.
While the majority of searches seem to occur when entering the US, border officials also have the authority to search electronic devices before you leave the country. In some cases, you may even be asked to log into your social media and email accounts and allow border officials to peruse their contents.
And that’s not all. In 2008, the Department of Homeland Security (DHS) announced that it would apply these rules not just at the “border,” but also within 100 miles of any border crossing. In other words, many of America’s largest cities, including Chicago, Los Angeles, Miami, New York, and San Francisco are also effectively “constitution-free zones.” So is any city with an international airport.
While I haven’t heard of warrantless electronic device searches outside actual entry points into the US, between October 2008 and June 2010, 6,500 persons had their electronic devices searched along the US border, according to the DHS records.
In most legal challenges to this practice, federal courts have essentially rubber-stamped these policies. Even if you take the precaution of encrypting the contents of your electronic devices (highly recommended), border officials may demand the password.
There’s one minor exception if you enter or leave the US through the states constituting the Ninth Circuit Court of Appeals (Alaska, Arizona, California, Hawaii, Idaho, Montana, Nevada, Oregon, and Washington). Thanks to a 2013 court decision, in these states, border officials must have a “reasonable suspicion” of wrongdoing before searching an electronic device. Moreover, the fact that you protect your data with a password doesn’t constitute reasonable suspicion.
Absent reasonable suspicion, border officials in these states may still undertake a “manual review of files on an electronic device.” However, they cannot conduct a detailed forensic analysis of the entire device for “not-quite deleted” files, browsing records, etc. Nor can they demand that you give them access to email or social media login information.
So… what’s the best way to protect yourself? The best policy is simply not to carry any electronic devices across a US border – especially those containing any data you’d prefer not to be in the hands of Uncle Sam.
If that’s not practical, another strategy is to carry “throwaway” electronic devices you use only when traveling outside the US. For instance, I have an old cellphone I purchased nearly a decade ago in Austria. It doesn’t connect to the Internet – it only sends and receives phone calls and text messages. If I don’t want border officials having a record of who I’ve been talking to or texting with while I’ve been away, I simply throw away the SIM card before I enter the US.
Or you could purchase an inexpensive laptop and use it only for international travel. Keep nothing on it except the operating system and program files. Disable the Wi-Fi card before you cross the border, or better, remove it completely. When you need internet access, replace the card or use an external Wi-Fi modem that plugs into one of your laptop’s USB ports. You can buy one almost anywhere in the world.
Before you cross the border in either direction, “sanitize” your laptop using a program such as Privazer. Encrypt the entire hard drive using a program like Symantec Endpoint Encryption. And create an encrypted archive of the data you’ll need during your trip and upload it to an online backup site such as Tresorit.
With these precautions, your encounter with border officials might go something like this:
You’re asked to give a border official access to your phone and laptop. You hand that person your throwaway phone and throwaway laptop. They ask you to type in the password and passphrase to give them access. When you do so, the official conducts a forensic scan of both devices. In the case of the phone, the official finds nothing, since you’ve thrown away the SIM. In the case of the laptop, the official finds only operating system files.
Next, the official asks you to log into your email and social media accounts. “I can’t,” you respond. “My Wi-Fi card isn’t working.”
More than likely, that’s the end of the interview, and you’ll be allowed to proceed. It’s theoretically possible that the official might lend you an external modem so you can review your email and social media accounts, but I’ve never heard of that being done. It would be considered a security breach if a border official gives a traveler – especially one the official is detaining – access to a government-owned device for this purpose.
What happens if you refuse to cooperate?
If you’re a US citizen, border officials can’t detain you indefinitely. Eventually, they must allow you to leave the country or let you back in. It’s possible they’ll hold on to your (hopefully throwaway) electronic devices, though. (They’ll eventually be returned, but I recommend disposing of them immediately as it’s possible they’ll come back with spyware installed.) And refusing to cooperate also increases the odds you’ll wind up on a terrorist or no-fly watchlist.
If you’re a non-US citizen, border officials have much more leeway. As you’re entering the US, they can refuse to admit you and send you back to your departure point.
Welcome to the USA!
As well, keep in mind that the US isn’t the only nation with this policy. In recent years, Canada, the UK, and many other countries have instituted similar measures.
Just remember – the data not on your laptop, smartphone, or other electronic device can never come back to haunt you at the border.