DHS Issues New Rules for Searching Electronic Devices at the Border
Travelers continue to experience heightened scrutiny at U.S. Ports of Entry. Whether the travel is for business or pleasure, travelers often carry an electronic device such as a cell phone or laptop. The current administration’s focus on border security has made travelers increasingly concerned about how to protect personal and corporate data contained on electronic devices.
On Jan. 4, 2018, U.S. Customs and Border Protection (CBP) issued a new directive titled “Border Search of Electronic Devices.” The directive provides “guidance and standard operating procedures for searching, reviewing, retaining, and sharing information contained in computers, tablets, removable media disks, drives, tapes, mobile phones, cameras, music and other media players, and any other communication, electronic, or digital devices.” The search and occasional seizure of electronic devices is not new — CBP has long engaged in the search of electronic devices. CBP has stated that this practice is “essential” to properly preserving security. This new guidance addresses “the rights of individuals against unreasonable search and seizure and ensure privacy protections” while setting forth specific procedures CBP must follow in carrying out their duties.
One major topic addressed in the Jan. 4 guidance is the type of information CBP officers may access on electronic devices. Specifically, CBP may only access information that is stored directly on the device at the time it is presented for inspection. CBP officers may not access information that is stored remotely. In order to ensure that this procedure is properly carried out, CBP has instructed officers to disable a device’s wireless features that would allow access of remote information.
The directive further addresses how officers should review and handle sensitive material, such as documentation protected by attorney-client privilege, medical records, and work-related information carried by journalists. The guidance does not indicate that this information is off-limits, but instead puts in place limitations on which government agencies may review and share the information in order to ensure proper security protections are in place. Furthermore, the directive affirms that an officer may request passwords to access any password-protected or encrypted information contained on an electronic device.
CBP officers have the discretion to search electronic devices when a traveler makes an application for entry into the United States. If an individual refuses to allow the search of a device, the device can be confiscated. CBP also may refuse to admit a nonimmigrant visa holder who does not comply with search requests. The Jan. 4 directive does not change these historical practices and policies, but does provide some clarification. Electronic devices may continue to be seized if a traveler refuses to present them for inspection, but the guidance provides some specifics as to maintenance of both devices and information obtained from devices, of which detention should be limited to a “reasonable period of time.” CBP states that a device that is seized should generally not be held for more than five days to determine whether there is reasonable cause for continued search and seizure.
Regardless of the limitations that the Jan. 4 CBP directive places on accessing external data, individuals traveling internationally may wish to consider traveling with clean devices in order to avoid circulation of any confidential corporate information. This is an important consideration not only when encountering U.S. immigration authorities, but also when encountering foreign immigration authorities. Each country will have its own rule regarding document confidentiality and companies may not be able to control what is accessed and/or confiscated. If an individual cannot travel with a clean device, then employers should instead consider having the employee travel without any electronic devices at all, especially if the employer can provide the employee with an acceptable device at their final destination. The inability of the employee to use the electronic device during the trip, while not ideal, may be a better outcome than having the data contained on the electronic device disclosed to government authorities.