Be prepared to hand over your device passwords or face indefinite detention at the US border

People are being detained at the US border, often without any reasonable cause, until they reveal the passwords and permit access to their phones and other devices.

By Asheeta Regidi

Recently, reports of the US Department of Homeland Security demanding the social media passwords of persons seeking entry into the US came about. Now, reports of increasing searches and seizure of cellphones, laptops and other electronic devices, without a warrant, and often without any grounds of suspicion, have surfaced. This is more so following the US President’s Executive Order banning entry of certain nationals.

People are being detained at the US border, often without any reasonable cause, until they reveal the passwords and permit access to their phones and other devices. The legal options of such persons are, unfortunately, very limited.

Search of devices without warrant and without suspicion

Under US laws, a warrant is required for the search of a person’s personal property as per the Fourth Amendment of the US Constitution. This also applies to searches of electronic devices (See Riley v. California). At the borders however, this amendment, and other rights under privacy laws, cease to apply.

The US Customs and Border Protection (the CBP) is granted the authority to search a person and his personal effects without warrant under 8 U.S. Code § 1357 of the US Immigration and Nationality Act. The Act, however, specifies the need for reasonable suspicion for such a search. The US courts, however, have limited this need to only when a detailed forensic examination of the device is sought (See US v. Cotterman). A search at the borders, therefore, can be done without any grounds of suspicion and even on the basis of random selection.

This process can easily be abused, as evident in the case of Ali Saboonchi – where when officials failed to obtain a warrant to search his devices for an investigation on the mainland, they reportedly used his presence at the border to seize and search them.

CBP can search, copy, share data

The CBP’s self-imposed rules under the Directive for the Border Search of Electronic Devices are, unfortunately, inadequate. The CBP gives itself the authority under the Directive to conduct searches with or without individualised suspicion. Though the person should be present in the same room where his device is being searched, this is at the discretion of the CBP, and he may not be shown the actual search.

The extensive authority of the CBP includes searching the device, copying the data, seeking assistance of other agencies and even getting detailed analysis done.  Any of the data retrieved can be shared with federal, state, local, and foreign law enforcement agencies.

No exceptions for confidential, sensitive or privileged data

The dangers of privacy invasion multiply when the data concerned is confidential. The CBP makes no exception for confidential, sensitive or privileged data. Be it a lawyer's data protected by lawyer-client privilege, a journalist’s highly confidential sources, a doctor’s health information on their patients, or a businessman’s trade secrets, none is outside the purview of the CBP. Only in case of lawyer-client privilege, CBP officials must seek the advice of the CBP Chief Counsel before searching it.

Reports have arisen of such search and copying of data of a NASA scientist Sidd Bikkannavar, and journalist Maria Abi-Habib.

Devices can be detained for even 30 days

In cases where the device itself is detained, the CBP imposed a time frame of 5 days for return. This can be extended, however, for even up to 30 days. In cases where data is retained and found  to be free of suspicion, records must be destroyed within 7 days, but again can be extended up to 21 days. However, no mechanism of verifying such destruction of the data records has been provided.

Very limited options for affected persons

For persons wishing to enter the United States, there is unfortunately very little that they can do. The US is a sovereign nation, and so has full freedom to decide who enters their country. Their only recourse is with the US Courts, and also the DHS Office for Civil Rights and Civil Liberties.

For non-US citizens who enjoy greater protection under their country’s privacy laws, this is of no consequence when seeking entry into another country. No other country, through its laws, can dictate US policy for entry. Unless the US itself imposes privacy obligations, or such obligations are imposed through international or mutual treaties between nations, there can be no other expectation of privacy.

Many institutions, such as the American Civil Liberties Union, are fighting for this at the US borders, particularly for the requirement of reasonable suspicion and a warrant prior to the search of an electronic device. The ACLU and several other organisations have petitioned the UN High Commissioner of Human Rights to investigate the violation of human rights through, often arbitrary and discriminatory, electronic device searches at US borders.

Refusing device access can be risky

A person is not obligated to grant access to his devices, but refusing to do so is risky. Such a person can expect to be detained indefinitely, at the will of the border officials. A non-US citizen can very well expect to be refused entry on these grounds. One Alain Philippon was arrested  for refusing to unlock his phone at the border, on the charges of hindering border agents in the performance of their duties.  Any person detained at the border, or whose phone is detained, must therefore seek access to a lawyer.

Don’t carry data

In the absence of legal rights or any options, the best way to protect your data is perhaps to not carry it. Use of an alternative device while travelling, rented or otherwise, containing the bare minimum data required, will restrict the amount of data border officials will have access to. Encryption of data will also limit such access. The Electronic Frontier Foundation has given detailed recommendations on how to protect your data while travelling.

Persons facing privacy violations at the US borders must come out against it, either in support of organisations like the ACLU or through lawsuits before the US Courts. This alone may enable the imposing of basic privacy rights even at the border, or electronic device searches at the border may soon become the norm.

The author is a lawyer with a specialisation in cyber laws and has co-authored books on the subject.

Tech2 is now on WhatsApp. For all the buzz on the latest tech and science, sign up for our WhatsApp services. Just go to and hit the Subscribe button.

also see