On November 12, 2019, a federal judge declared that the U.S. Customs and Border Protection (CBP) and U.S. Immigration and Customs Enforcement (ICE) policies for “basic” and “advanced” searches of international travelers’ electronic devices violate the Fourth Amendment of the U.S. Constitution to the extent that these policies do not require reasonable suspicion that the devices contain contraband.
United States District Court Judge Denise J. Casper, of the District of Massachusetts, issued the declaration but refrained from granting a nationwide injunction against CBP and ICE barring the border search policies. The judge also refused to expunge the information previously collected from Plaintiffs in the illegal searches challenged in the lawsuit before the federal court.
The lawsuit, Alasaad v. McAleenan, was filed by a group of ten U.S. citizens and one U.S. lawful permanent resident, who challenged the “searches and seizures of smartphones, laptops, and other electronic devices at the U.S. border.” Attorneys from the Electronic Frontier Foundation and the American Civil Liberties Union represented the individuals. CBP and ICE policies have allowed for the routine search and seizure of electronic devices in the possession of individuals entering or leaving the United States, even without any reasonable suspicion that an individual is carrying contraband or breaking any laws.
The complaint in the lawsuit explains that CBP border search policy and ICE border search policy allow for both manual searches and forensic searches of electronic devices at airports, border crossings, and other ports of entry to the United States.
Officers, in a “basic” search, manually search through applications, photos, messages, voicemails, emails, and social media accounts of travelers. CBP and ICE officers look for anything that may justify refusing the traveler entry to the United States, including such things as photo evidence of contraband or messages indicating the individual intends to violate visa conditions. In August 2019, a Palestinian student attempting to enter the U.S. to begin studies at Harvard University was found inadmissible to the United States and deported after questioning by CBP officials regarding political social media posts made by the student’s friends that were found after searching his phone and computer.
Officers have taken travelers into secondary inspection and threaten travelers with confiscation of their devices if they refuse to provide passwords for access. In some cases, officers have confiscated devices even when travelers provided them with passwords.
In an “advanced” search, officers use forensic tools to extract data from phones, SIM cards, cameras, and computers, which may include active files, deleted files, metadata, log-in credentials, and keys for cloud accounts. The extracted raw data is then analyzed by experts using special software. The lawsuit challenged the ICE and CBP policies that allow these types of invasive searches of any international traveler without having any reasonable suspicion of illicit activity.
The Fourth Amendment to the U.S. Constitution states:
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
The U.S. Supreme Court has ruled that this constitutional protection against unreasonable searches and seizures applies equally to non-citizens within the United States. Border searches conducted by CBP and ICE of individuals and property entering and leaving the United States, however, have historically been treated differently.
The recent federal court ruling upholds the long-standing principle that travelers have a “reduced expectation of privacy” when entering the United States – particularly when it comes to examining “persons and property crossing into this country” in order to prevent the entry of “unwanted persons and effects.”
However, Judge Casper noted in her ruling that the quantity of data now stored on smartphones, much of it of a private and intimate nature, meant that even just what CBP and ICE call a “basic” search of a phone, by unlocking it and looking through the traveler’s files and applications, can be extremely invasive. Despite the potential benefit in helping the government find evidence of contraband or other violations of immigration and customs laws, the judge found that this type of intrusion was too great to justify without reasonable suspicion.
Privacy advocates have welcomed the federal judge’s declaration. Nevertheless, the ruling was very limited: the judge refused to grant a nationwide injunction against CBP and ICE from carrying out their electronic device search policies, and the ruling does not itself change these policies. Further, the judge refused to grant the request made by the travelers in the lawsuit to have CBP and ICE expunge their illegally collected personal data.
CBP has been rapidly increasing the frequency of border searches of electronic devices, having conducted over 19,000 such searches in Fiscal Year 2016 and over 30,000 in Fiscal Year 2017. Electronic device searches at airports, border crossings, and other ports of entry will remain a contested issue for some time as courts and government agencies adapt to new technology. The issue is far from settled with this federal court decision.
In any case, travelers should take steps to protect their data and mitigate the invasion of privacy when traveling internationally. This is important not just for border searches, but for general safety and security while traveling. Some methods include:
- If you don’t need to bring an electronic device, don’t take it with you. Consider buying a new phone after arrival.
- Remove stored login and password information from any applications on your devices prior to traveling.
- Make sure any devices are secured with passwords and any data is encrypted.
- Consider disabling fingerprint unlocking on electronic devices – it may be easier for someone to place your finger on a sensor to access your device than to obtain your password.
- Back up and remove any communications from electronic devices you travel with, including logs from text messages, voicemails, emails, WhatsApp, Signal, Telegram, Facebook, and other social media applications. Even if the communication is encrypted on the network, anyone with access to your physical device can view everything.
- Consider using data sanitization software to remove data from electronic devices prior to travel, which may mitigate forensic recovery of information from the hardware.
- Consider backing up all electronic device contents to the cloud, securely deleting all device storage and applications prior to traveling, and then restoring any needed device files and applications from the cloud after your arrival.
For further information, travelers may want to review the Electronic Frontier Foundation’s Guide to Digital Privacy at the U.S. Border – Protecting the Data on Your Devices and in the Cloud. This guide was written in 2017 and may be outdated in some aspects, but contains a detailed overview of U.S. border search practices and electronic device security methods.