The U.S. Customs and Border Patrol announced new restrictions on when agents can copy data from digital devices at border crossing points.
Agents now need “reasonable suspicion” in advance of searches of phones, computers, tablets, cameras or any other digital device belonging to people entering or leaving the United States. Border agents will also be restricted from accessing data stored remotely in the cloud.
The new guidance published (PDF) on Friday update existing rules introduced in 2009 regarding “advanced” searches that can be conducted at random and without warrant.
Under the new rules, border agents would still be able to conduct “basic” searches “with or without suspicion,” which entails physical examination of digital devices, such as sorting through photos and examining messages. “Advanced” searches based on “reasonable suspicion” will still be permitted and agents can still review, copy, and analyze a digital device’s contents.
The directive states travelers may be asked to provide passcodes to unlock a device. If the border agent is unable to inspect the device because it is passcode or encryption-protected, the agent may detain the device for up to five days.
“Travelers are obligated to present electronic devices and the information contained therein in a condition that allows inspection of the device and its contents. If presented with an electronic device containing information that is protected by a passcode or encryption or other security mechanisms, an officer may request the individual’s assistance in presenting the electronic device and the information contained therein in a condition that allows inspection of the device and its contents,” according to the new directive.
Critics of the Department of Homeland Security policy say the new directive is a tiny step in the right direction, but doesn’t go far enough. Neema Singh Guliani, legislative counsel at the American Civil Liberties Union (ACLU), said on Friday in a blog post the move is “positive” but “far short of what the Constitution requires — a search warrant based on probable cause.”
“The policy would still enable officers at the border to manually sift through a traveler’s photos, emails, documents, and other information stored on a device without individualized suspicion of any kind,” Guliani said.
In Sept. 2017, the ACLU and Electronic Frontier Foundation helped a group of 11 plaintiffs sue the U.S. Customs and Border Protection (CBP) over warrantless border searches.
Customs agents conducted 60 percent more searches of travelers’ cellphones, laptops and other devices in 2017, according to U.S. Customs and Border Protection (CBP) statistics also released last week. In total, 30,200 devices were searched, representing .007 percent of the 397 million travelers in that same timeframe.
“In this digital age, border searches of electronic devices are essential to enforcing the law at the U.S. border and to protecting the American people,” wrote the U.S. Customs and Border Protection. “CBP’s authority for the border search of electronic devices is and will continue to be exercised judiciously, responsibly, and consistent with the public trust.”
Sen. Ron Wyden (D-OR) said the new policy will “still allow far too many indiscriminate searches of innocent Americans.” In a statement he said:
“CBP agents will continue to be able to manually examine an individual’s device, including looking through their browsing history, photos and messages stored on the device, without reasonable suspicion.”
Wyden and other critics argue the new rules still allow the CBP to attempt to bypass device encryption and passwords using brute-force techniques at the border without reasonable suspicion.
The ACLU’s Guliani said the directive is misleading in that it “fails to make clear that travelers should not be under any obligation to provide passcodes or other assistance to officers seeking to access their private information.”