Can They Really Do That?
Best Practices for Managing U.S. Border Searches of Electronic Devices
Effective October 18, 2017, the U.S. Department of Homeland Security (DHS), U.S. Citizenship & Immigration Services (USCIS), Immigration & Customs Enforcement (ICE), Customs & Border Protection (CBP), Index, and National File Tracking System of Records, implemented new or modified uses of information maintained on individuals as they pass through the immigration process.
The new regulation updates the categories of individuals covered, to include: individuals acting as legal guardians or designated representatives in immigration proceedings involving an individual who is physically or developmentally disabled or severely mentally impaired (when authorized); Civil Surgeons who conduct and certify medical examinations for immigration benefits; law enforcement officers who certify a benefit requestor's cooperation in the investigation or prosecution of a criminal activity; and interpreters.
It also expands the categories of records to include: country of nationality; country of residence; the USCIS Online Account Number; social media handles, aliases, associated identifiable information, and search results; and EOIR and BIA proceedings information.
The new regulation also includes updated record source categories to include: publicly available information obtained from the internet; public records; public institutions; interviewees; commercial data providers; and information With this latest expansion of data allowed to be collected, it begs the question: How does one protect sensitive data housed on electronic devices? In addition to inspecting all persons, baggage and merchandise at a port-of-entry, CBP does indeed have the authority to search electronic devices too. CBP’s stance is that consent is not required for such a search. This position is supported by the U.S. Supreme Court, which has determined that such border searches constitute reasonable searches; and therefore, do not run afoul of the Fourth Amendment.
Despite this broad license afforded CBP at the port-of-entry, CBP’s authority is checked somewhat in that such searches do not include information located solely in the cloud. Information subject to search must be physically stored on the device in order to be accessible at the port-of-entry. Additionally, examination of attorney-client privileged communications contained on electronic devices first requires CBP’s consultation with Associate/Assistant Chief Counsel of the U.S. Attorney’s Office.
So what may one do to prevent seizure of an electronic device or avoid disclosure of confidential data to CBP during a border search? The New York and Canadian Bar Associations have compiled the following recommendations:
Consider carrying a temporary or travel laptop cleansed of sensitive local documents and information. Access data through a VPN connection or cloud-based warehousing.
Consider carrying temporary mobile devices stripped of contacts and other confidential information. Have calls forwarded from your office number to the unpublished mobile number when traveling.
Back up data and shut down your electronic device well before reaching the inspection area to eliminate access to Random Access Memory.
Use an alternate account to hold sensitive information. Apply strong encryption and complex passwords.
Partition and encrypt the hard drive.
Protect the data port.
Clean your electronic device(s) following return.
Wipe smartphones remotely.