Media Name: 800px-bordercontrol.jpg

Sen. Ron Wyden (D‑OR) is concerned about Customs and Border Protection’s (CBP) searches of travelers’ electronic devices at the border and ports of entry. CBP’s responses to Wyden’s queries about such searches are illuminating but far from reassuring.

In February, Sen. Wyden sent a letter to Department of Homeland Security (DHS) Secretary John Kelly, asking a range of questions about searches of electronic devices. DHS responded to this letter, but the agency’s response didn’t satisfy Sen. Wyden, who posed some followup questions to CBP acting commissioner, Kevin McAleenan.

McAleenan’s answers to Sen. Wyden’s questions are revealing, in part because of what they don’t discuss.

The answers begin by noting that the Supreme Court recognizes the CBP’s “broad scope” of authority to conduct border searches.

Thanks to Supreme Court doctrine, there is a “border exception” to the Fourth Amendment, which ostensibly protects us and our property against “unreasonable searches and seizures.” As Justice Rehnquist noted in his United States v. Montoya de Hernandez (1985) majority opinion:

Consistently, therefore, with Congress’ power to protect the Nation by stopping and examining persons entering this country, the Fourth Amendment’s balance of reasonableness is qualitatively different at the international border than in the interior. Routine searches of the persons and effects of entrants are not subject to any requirement of reasonable suspicion, probable cause, or warrant, […] and first-class mail may be opened without a warrant on less than probable cause.

As things stand, CBP can conduct “routine” searches at the border absent a warrant or individualized suspicion. In its guide to digital privacy at the border, the Electronic Frontier Foundation note that what constitutes a “routine” search is not comprehensively defined. The Supreme Court found, for instance, that taking a gas tank apart is “routine,” but that detaining someone until they defecate is not “routine.”

The Supreme Court has not ruled on whether CBP examination of travelers’ electronic devices constitute a “routine” search. CBP’s position is, unsurprisingly, that such snooping does not require a warrant. The CBP’s electronic search policy explicitly states:

In the course of a border search, with or without individualized suspicion, an Officer may examine electronic devices and may review and analyze the information encountered at the border,

Many electronic devices are locked with either a passcode or a fingerprint sensor. Sen. Wyden explicitly asked whether CBP officers are obliged to inform travelers that they are not required to disclose social media account passwords or passcodes to unlock electronic devices. As you can see below, McAleenan dodges the question entirely.

Media Name: screen_shot_2017-07-13_at_3.58.47_pm.png

McAleenan asserts that the inspection of a traveler’s electronic device does not require that traveler’s consent. He goes on to say that CBP officers may ask travelers to unlock electronic devices and that the agency can hold on to the device.

The question Sen. Wyden asked goes unanswered.

McAleenan’s does, however, answer Sen. Wyden’s question about whether CBP makes a distinction between accessing data on foreign servers in the course of conducting an electronic search and accessing data on domestic servers. McAleenan responded, saying that CBP officers only access data “physically resident on the device.”

Media Name: screen_shot_2017-07-14_at_12.16.03_pm.png

This policy exempts a lot of sensitive data, but it doesn’t protect videos, photos, text messages and other information housed on phones and other electronic devices.

CBP can cause headaches for American citizens and permanent residents who refuse to disclose passwords for electronic devices, either by seizing the device in question and delaying your exit from the airport or border crossing. The situation is worse if you’re not a citizen or permanent resident as you risk being denied entry.

A CBP officer asking for information that would allow access to your electronic devices is an intimidating prospect, and it’s not surprising that some innocent people feel compelled to cooperate. For example, a NASA engineer who is also a U.S. citizen did disclose the passcode for his phone after being pressured to do so by CBP. If CBP officers were required to inform travelers that they do not have to reveal passcodes or passwords there would be fewer of these incidents which, while still comparatively rare, are occuring more frequently than they were in recent years.