Every year, tens of thousands of American travelers passing through international airports in the United States hit an unexpected snag that can end up potentially exposing their most private information to thousands of government employees—without a warrant, and often without cause.
By exploiting the border search exception to the Fourth Amendment’s protection against unreasonable searches and seizures, which allows for warrantless searches at border crossings seeking evidence of contraband and other illegal activity, U.S. Customs and Border Protection (CBP) officers have been demanding the electronic devices of thousands of travelers, reviewing the content, and in some cases, downloading it. For electronic devices, including phones, laptops, tablets, or hard drives that are locked with pin numbers or passwords, border officials often demand the information they need to gain access to the devices.
This practice has been going on for years, as outlined in a 2009 CBP privacy impact assessment and a 2018 directive, and while officials downplay the scope of these warrantless searches, civil liberties groups, journalist protection advocates, lawyers, and lawmakers have all denounced this invasive behavior and demanded that the border exception for electronic devices be significantly narrowed nationwide, as it has been in some states by court rulings.
“The reason we have the Fourth Amendment requirement of a warrant is so that the government has to justify its intrusion into people’s privacy,” Hannah Zhao, an attorney at the Electronic Frontier Foundation, a digital rights group, tells The Progressive. “But if they can just use international border crossings as a pretext to search anyone, without any restrictions, then they basically have free rein to search anyone’s electronic devices who is traveling internationally.”
It may not seem like a big deal to let CBP officers rifle through your phone or laptop, but we store everything on our electronic devices—private conversations, photos and videos, contacts, passwords, tax and other financial information, and more. “Potentially more private information can be held on your phone, iPad, or laptop that you bring with you through the airport than in your entire house,” says Jake Laperruque, deputy director of the Center for Democracy and Technology’s Security and Surveillance Project. “So a search of an electronic device like that is very significant.”
“No one is smuggling in a kilo of cocaine inside their iPhone.”
In the landmark case Riley v. California in 2014, the U.S. Supreme Court ruled that warrantless searches of electronic devices by law enforcement officers during arrests violate Fourth Amendment protections. In a unanimous opinion, Chief Justice John Roberts wrote, “Modern cellphones are not just another technological convenience. With all they contain and all they may reveal, they hold for many Americans ‘the privacies of life’ . . . . The fact that technology now allows an individual to carry such information in his hand does not make the information any less worthy of the protection for which the Founders fought. Our answer to the question of what police must do before searching a cellphone seized incident to an arrest is accordingly simple—get a warrant.”
Before this ruling, authorities were routinely engaging in warrantless searches of people’s electronic devices, particularly their phones, during arrests. Riley v. California nipped that in the bud. But the one area it didn’t affect was U.S. border crossings.
The number of warrantless searches of travelers’ electronic devices by CBP officers began to spike in 2016, increasing from 8,500 travelers in 2015 to more than 19,000 the following year, according to the CBP. By 2021, that number had increased to 37,450. In its 2018 directive, CBP said the practice is “essential to enforcing the law at the U.S. border and to protecting border security.” The agency claimed the searches “help detect evidence relating to terrorism and other national security matters, human and bulk cash smuggling, contraband, and child pornography.” But civil liberties and digital rights groups argue that in practice, the motives for these searches extend well beyond this narrow scope of suspected crimes. “No one is smuggling in a kilo of cocaine inside their iPhone,” Laperruque says.
Senator Ron Wyden, Democrat of Oregon, has long been a relentless advocate for ending the border exception for electronic devices. He has repeatedly introduced legislation to end the policy and establish privacy guarantees for travelers that are in line with court rulings governing searches in the rest of the country. As chair of the Senate Finance Committee, which provides oversight of CBP, Wyden has sought answers to many of the lingering questions about the policy.
Some of the answers he has received are shocking. In a letter to CBP Commissioner Chris Magnus last September, Wyden said he had been briefed on the fact that CBP conducts forensic searches—referred to internally as “advanced searches”—of about 10,000 phones per year at U.S. border entries and exits. This includes examining, and then, following approval by a CBP supervisor, downloading and copying travelers’ data with mobile extraction software from firms like Cellebrite, Grayshift, PenLink, and Magnet Forensics, according to the Electronic Privacy Information Center.
“The only limits on use seem to be the government’s own policies, which are not the law, and for which there are no consequences if they are ignored.”
In the letter, Wyden explains what happens next: CBP then “stores this deeply personal data taken, without a warrant signed by a judge, from Americans’ phones for fifteen years and permits approximately 2,700 [Department of Homeland Security] personnel to search the data at any time, for any reason” (emphasis added). DHS employees—who work for the largest law enforcement agency in the country—are not required to document the purpose of the search, “even though auditable records of this sort are an important safeguard against abuse.”
According to both the 2009 assessment and the 2018 directive, CBP can also share the data with other federal agencies.
CBP is “the only federal agency that routinely searches Americans’ phones without a warrant, due to the border search exception to the Fourth Amendment,” Wyden tells The Progressive in an email. “This means that the normal checks and balances required by the Fourth Amendment, including having an independent judge make the call, do not apply. Americans have a right to know how all of their data is being used after it has been copied from their phones.”
“This is not actually about protecting the border from contraband and smuggling, this is about generalized mass surveillance,” Laperruque says. “And it also just shows how badly this system—I would call it a loophole—can be abused.”
Also noteworthy is that CBP seems to have created this digital surveillance program on its own, without Congress having passed legislation telling it to do so.
The Progressive sent a detailed list of questions about this issue to CBP Commissioner Magnus. A CBP spokesperson responded by email, saying only, “We do not comment on Congressional correspondence. CBP responds directly to Senators.”
Events over the past few years have brought into focus the potential for abuse of this policy, particularly when it involves journalists, lawyers, human rights workers, and other advocates.
The practice by federal authorities of targeting journalists, for example, is not a new phenomenon. In 1985, journalist Edward Haase was returning from a trip to Nicaragua when he was stopped at customs at the Miami International Airport. An FBI agent named Joe Miranda began questioning him about his travels and contacts in Nicaragua, and then confiscated and made copies of Haase’s address book and diary, among other items, which contained “names, addresses, and phone numbers of social friends, political activists, and other associates, political organizations, and journalistic contacts,” according to a report at the time by The Washington Post. Haase and the Center for Constitutional Rights sued the FBI over the incident.
Three decades later, similar tactics are being used by CBP, with much more efficient—and potentially more damaging—technology being employed. In 2018, the Committee to Protect Journalists (CPJ) and Reporters Without Borders conducted a survey of journalists who had been stopped at a U.S. border entry or exit. Of thirty-seven journalists who had been subjected to secondary screening by CBP officers, twenty said the officers had conducted warrantless searches of their electronic devices. “Journalists told us that these searches and agents’ questions about their current and past reporting are affecting their ability to protect sources and have impacted the way they plan reporting trips and travel,” CPJ noted.
In 2019, NBC News published a report revealing that the U.S. government had created a secret database of journalists, activists, and social media influencers reporting on or working with members of a migrant caravan that had attempted to cross the U.S.-Mexico border in late 2018. Alerts were placed on their passports, and they were continually harassed at border crossings in the United States and Mexico.
That same year, Reporters Without Borders called on border officials to “stop harassing journalists,” citing several cases, including Ben Watson, a news editor who was stopped at Washington Dulles International Airport and forced by a CBP officer to say he writes “propaganda” before he was allowed to reenter the country.
At Los Angeles International Airport, a CBP officer accused reporter James Dyer of being “fake news,” and at John F. Kennedy International Airport in New York, another reporter, David Mack, was questioned about an investigation he had published about Donald Trump.
A stranger—and more disturbing—example of CBP abuse, code-named Operation Whistle Pig, occurred in 2017. In that case, national security journalist Ali Watkins was targeted by an agent named Jeffrey Rambo, who worked at a secretive CBP division that still operates today. According to Yahoo News investigative reporter Jana Winter, Rambo “routinely used the country’s most sensitive databases to obtain the travel records and financial and personal information of journalists, government officials, Congressional members and their staff, NGO workers, and others.”
Under the guise of a Trump White House initiative to “combat forced labor,” Rambo pulled reams of sensitive personal information on Watkins and other journalists—some of which he used during a bizarre, four-hour meeting with Watkins at an upscale Washington, D.C., speakeasy, in which he revealed that he knew personal details about Watkins’s travels and personal life, and attempted to extract information about her confidential sources.
An internal investigation of Rambo’s actions led to referrals for criminal prosecution, but neither Rambo nor his co-workers were ever charged.
Asked by The Progressive what governs the use of data seized during warrantless searches at the border and stored in a government database, Wyden spokesperson Keith Chu said, “The only limits on use seem to be the government’s own policies, which are not the law, and for which there are no consequences if they are ignored.”
While legislation to close the Fourth Amendment’s border exception for electronic devices languishes in Congress, legal efforts have fared slightly better in court. In U.S. v. Cano, the U.S. Court of Appeals for the Ninth Circuit ruled in 2019 that warrantless, suspicionless searches of electronic devices at the border are only permissible to determine if the device contains digital contraband, such as child pornography. In other words, border officers must have reasonable suspicion that the targeted device has digital contraband on it before searching it.
Unfortunately, the ruling applies only to the states and territories within the Ninth Circuit’s jurisdiction, which includes Alaska, Arizona, California, Hawaii, Idaho, Montana, Nevada, Oregon, Washington, Guam, and the Northern Mariana Islands. So, depending on which airport travelers pass through, the ruling may or may not apply.
In his letter, Wyden urged the commissioner to revise CBP policy to abide by the Ninth Circuit Court’s ruling for all travelers in all states. “Modernized search guidelines must end CBP’s existing practice of searching Americans’ electronic devices without warrants based on probable cause of a crime,” he wrote.
In the meantime, travelers should understand their rights. CBP officers can search any device that is not locked or protected with a pin number, password, or passphrase. If a CBP officer demands your pin numbers, password, or passphrase (passwords and passphrases are safer than pin numbers), you do not have to give it to them. Your devices may be seized for a few days, weeks, or even months, but they cannot prevent American citizens or permanent residents from entering the country.
If you’re debating whether to endure the hassle of losing access to your devices for several days, the alternative may be giving up your most personal data to the government for the next fifteen years.