Late last week, the US Customs and Border Protection agency released an update to its Directive governing Border Searches of Electronic Devices.
According to the new directive, which supersedes the one from 2009:
- Border searches of electronic devices will be limited to only the information that is resident on the device. Information that is “solely stored remotely” (i.e. only in the cloud) is off limits, and to make sure that this limitation is complied with, officers will disable device connectivity to any network.
- Searches should be conducted in the presence of the individual whose information is being examined (with exceptions), but that doesn’t mean that the individual will always get to observe the search.
- There are two types of searches: basic and advanced. Basic searches are carried out randomly, don’t require reasonable suspicion, and consist of border officials searching the contents of the device without downloading it for later inspection. Advanced searches allow officers to connect external equipment to an electronic device in order to gain access to it, review, copy, and/or analyze its contents. They will be based on reasonable suspicion or a national security concern (e.g., the owner is on a government-vetted terrorist watch list).
- “Travelers are obligated to present electronic devices and the information contained therein in a condition that allows inspection of the device and its contents. If presented with an electronic device containing information that is protected by a passcode or encryption or other security mechanisms, an officer may request the individual’s assistance in presenting the electronic device and the information contained therein in a condition that allows inspection of the device and its contents.” That doesn’t mean that travelers are forced to provide the passcode, but if they don’t, the officer can detain the device for further and more thorough inspection.
- Officers can attempt to bypass the encryption or brute-force a passcode protecting a device seized at the border without reasonable suspicion.
Comments on the new directive
Neema Singh Guliani, legislative counsel at the American Civil Liberties Union (ACLU), noted that it is positive that CBP’s policy would at least require officers to have some level of suspicion before copying and using electronic methods to search a traveler’s electronic device.
“However, this policy still falls far short of what the Constitution requires — a search warrant based on probable cause,” she noted. “Additionally, it fails to make clear that travelers should not be under any obligation to provide passcodes or other assistance to officers seeking to access their private information. Congress should continue to press CBP to improve its policy.”
US Senator Ron Wyden, who last year proposed a bill aimed at protecting Americans from warrantless searches of their digital devices when they cross the US border, said that the new restrictions introduced by the directive “are an improvement, but still allow far too many indiscriminate searches of innocent Americans.”
“Americans’ Constitutional rights shouldn’t disappear at the border,” he pointed out. “Manually examining an individual’s private photos, messages and browsing history is still extremely invasive, and should require a warrant.”
In June last year, Kevin McAleenan, CBP’s acting commissioner, confirmed that US citizens can’t be prevented from re-entering the country even though they decline to unlock the device. Travelers who are not US citizens can expect to be turned back at the border if they do so.