Senator Ron Wyden (Raw Democrat) wrote a letter on September 15 asking the Commissioner of Customs and Border Protection to stop allowing “indiscriminate theft in the private records of Americans without suspicion of a crime.”
It’s unclear to what extent federal agents can use the copied data because there are few meaningful safeguards, said Saira Hussain, a staff attorney at the privacy rights nonprofit Electronic Frontier Foundation.
Hussein has argue in court CBP’s current data collection practices violate Americans’ constitutional protections. Based on her interviews with research subjects, agents often profile people from Muslim or neighboring Muslim communities, she said, but these searches affect people from “all walks of American life.”
“You don’t have to have committed a felony to keep some parts of your life private from interference by government agents,” said Nathan Fred Whistler, deputy director of the Speech, Privacy and Technology Project at the American Civil Liberties Union. . “This could be a medical diagnosis, mental health struggles, romantic associations, information about our children, you name it.”
A CBP spokesperson said in a statement that the agency searches the devices “in accordance with legal and regulatory authorities” and that its guidelines ensure that each search is “exercised wisely, responsibly, and consistent with the public’s trust.”
Aren’t you eager to open your contacts, call logs and messages to thousands of stranger government employees? Here’s what you can do before getting to customs:
Unlike other law enforcement, border authorities do not need a search warrant to search your device. They might do a basic search — scrolling through your device to check for text, images, or anything else they can easily access — even if they don’t suspect you’ve done something wrong. But if an agent suspects you pose a “national security concern,” they can perform an advanced search with a digital forensics tool to copy the data from your device.
How you are prepared to cross the border with your devices depends on the risks you are willing to take, said Nathan Fred Whistler, deputy director of the Speech, Privacy and Technology Project at the American Civil Liberties Union.
If you’re more concerned about clients scrolling through your messages and photos in a basic search, removing files from your device will do the trick. If you are a political dissident, human rights activist, journalist, or anyone else looking to avoid or bypass government surveillance, your focus will likely be on preventing agents from accessing your device at all.
If you are a US citizen, you can refuse to unlock your devices to CBP agents while still entering the country. (This may not be evident from the information sheet the agents are supposed to give you during the search, which says the process is “mandatory”.)
If you refuse to cooperate, CBP can keep your device. she says Detention generally shouldn’t last more than five days, but Hussain said she’s spoken to people who haven’t recovered their devices in months.
Meanwhile, entry for non-nationals cannot be guaranteed if they refuse to unlock their devices.
Travel with few devices and turn them off beforehand
Whistler said that the fewer devices you travel with, the fewer opportunities for research. Consider adopting a separate phone Or a laptop for travel without saving sensitive data.
Turn off appliances before going through customs. This protects against advanced search tools that may bypass the screen lock on devices that are left turned on, According to EFF.
The encrypted data is collected in a format that is unreadable for people who don’t have the code – in this case, a password. iOS, Android, Windows, and macOS come with full device encryption options.
The quickest ways to unlock your device – like a face ID or a weak passcode – are also the least secure. If you refuse to unlock your device for a search, Whistler said, CBP may try to unlock it itself. Having a strong password of letters and numbers, or a passcode of at least six digits will make this more difficult.
CBP guidelines direct agents to only review data stored on your device itself — not all information apps like Facebook and Gmail that send to the cloud. If you agree to perform a search, flipping your device in Airplane mode will limit the scan to what has been saved or cached.
You can choose to transfer your data to a file cloud storage provider – Like iCloud, Google, or Microsoft OneDrive – then wipe your device or do a factory reset. This will protect your data from basic visual search. But be aware: most file deletion methods leave behind traces that forensic investigation may reveal. Moreover, walking through customs with an empty device could raise suspicion and increase the likelihood of you becoming a target, Hussein said.
If you have photos, messages, or other sensitive data that can be easily seen on your device, move them to a private location, such as a hidden or password-protected folder. (I beg you not to accidentally appear naked to a customs officer – or anyone else. Here’s how to hide it.)
Consider where you enter the country
Different states have different laws governing what CBP can check at points of entry into the United States. In Arizona, for example, CBP can search for devices without a warrant unless they are looking for a specific digital contraband. If you want to protect your privacy, it may be worth traveling to a country with stricter CBP limits.