Businesses and other organizations with employees and other representatives crossing the border, as well as individuals, should take seriously the recent proposal by U.S. Homeland Security Secretary John Kelly to ask people entering the U.S. for sensitive information such as their Internet browsing history, contacts, and the passwords for their mobile devices and social media accounts.

The freedom of movement of people and goods across the 49th parallel is accepted as a significant driver of North American economic activity, facilitated by such measures as preclearance facilities in which U.S. Customs and Border Protection officers screen Canadian travellers on Canadian soil before they enter U.S. territory.

As the Privacy Commissioner of Canada, Daniel Therrien, recently outlined in his May 2017 letter to the House of Commons public safety committee, individuals crossing the border are at risk of being turned away at the border if they refuse to succumb to these intrusive searches, which essentially can be demanded without any explanation. For example, prospective travellers should take note of reports that NASA employee and natural-born U.S. citizen Sidd Bikkannavar was detained by CBP in early 2017 on his way back into the U.S. Despite being registered under the Global Entry program which should have entitled him to expedited entry, Bikkannavar says the CBP officers demanded the passcode to his NASA-issued phone and implied they would not release him until he provided it. To take another example, it has also been reported that Canadian-born University of Sherbrooke student Yassine Aber had his phone and Facebook account searched on his way to compete in a track meet in Boston, and was ultimately denied entry.

The implications for travellers crossing the US-Canadian border are significant, with potential costs in the form of travel delays and inconvenience, but more importantly, in the form of potential exposure of confidential personal and business information. With that in mind, there are several practical considerations to be aware of when crossing over to the U.S.:

  1. Be aware of your rights. Unfortunately there is very little due process in this regard. Entry by non-citizens is considered a privilege that can be easily denied with minimal safeguards or recourse. Although you are under no legal obligation to provide requested information, non-cooperation can become the basis to deny you entry.
  2. Be aware of the risks. Even if you do not provide any passcodes, if border authorities seize your phone they may have the technological means to unlock it themselves, and can potentially clone your phone before returning it to you. There are also very few limits on what they can ask you, although you are not compelled to provide answers.
  3. Minimize the chance of exposure. Although risk can be minimized by keeping confidential information on data servers instead of on the devices themselves, company-related travel should include "clean" company-issued devices with standard encryption.