U.S. Customs and Border Protection (CBP) has long been authorized to conduct searches of persons and property at all border crossings. Recently, however, CBP’s searches have become more invasive, searching, and in some cases, seizing laptops, cell phones, BlackBerrys, PDAs, and other electronic devices of international travelers both entering and exiting the United States. CBP has occasionally requested that travelers input passwords so that CBP can review protected or encrypted files. The agency claims that terrorism, IP rights violations, child pornography, and enforcement of U.S. trade laws support this increase in searches and seizures of electronic devices at U.S. borders and international airports.
Professionals are rightfully alarmed by the increasing intensity of these searches. In addition to an increase in the number of searches, new search technology can allow CBP to decrypt passwords, analyze a computer’s Internet activity, copy stored data, and gather information from cellular devices such SMS messages, contacts, call logs, and multimedia messages. Customs officers and agents could potentially gain access to proprietary data, confidential information, privileged documents, trade secrets, Internet searches, and passwords during routine customs inspections.
CBP issued a Policy Statement on July 16, 2008, regarding its searches and, in certain instances, seizures of electronic data and devices in which CBP reiterated its authority concerning such searches and laid out certain guidelines for their conduct. Among other issues, the statement details the manner in which the searching officials are to treat business and commercial information, as well as attorney-client privileged information, that may be uncovered during the course of such searches. This statement is available here:
Current State of the Law
According to federal regulations, persons traveling to the United States from abroad are subject to inspection by a CBP officer upon entry into the country, as is their property and merchandise. The Supreme Court has established certain limitations on the permissible acts of CBP agents. The Court has ruled that border agents have the authority to conduct routine searches without suspicion or a warrant, but that intrusive bodily searches require a certain level of suspicion due to dignitary and privacy interests. However, the Court has not ruled on the limitations placed on CBP officers to search and seize electronic devices being carried across U.S. borders by international travelers.
Recently, the 9th Circuit upheld the right of CBP agents to search the electronic devices of international travelers both entering and exiting the United States without suspicion. In that case, U.S v. Arnold, 523 F.3d 941 (9th Cir., 2008), Michael Arnold was charged with knowingly possessing and transporting child pornography when CBP agents found child pornography on his computer after his return from vacation in the Philippines. The 9th Circuit ruled that privacy rights of individuals are diminished at the border due to the government’s interest in preventing harm to the Nation, and that searches of property such as laptops do not raise the same dignity and privacy concerns as intrusive bodily searches. Therefore, such searches are considered routine and do not require a level of suspicion. The court did not reach the issue of whether travelers chosen for screening can be compelled to provide their passwords to CBP officials. However, in In re Boucher, a district court in Vermont determined that forcing a person to furnish his password is a violation of the 5th Amendment right against self-incrimination. 2007 WL 4246473 (D.Vt.2007). Both U.S. v. Arnold and In re Boucher are currently on appeal, and the procedures for searching electronic information and password protected data at the border will continue to evolve as the courts establish a legal framework for such warrantless searches.
Practical Implications Regarding Searches and Seizures of Electronic Devices
The procedures that the Department of Homeland Security and CBP employ to determine which electronic devices will be searched or confiscated remain unclear. However, refusing to allow CBP officers to search electronic devices or declining to provide a password could lead to delayed entry into the U.S., denial of entry, or seizure of the electronic device in question. To protect their employees and proprietary and sensitive business information, companies are implementing various strategies to maintain the integrity of sensitive information stored on electronic devices while traveling internationally. For example:
- Use of laptops with blank hard drives
- Encryption of sensitive data
- Deletion of sensitive materials
- Remote access of information over encrypted channels
- Transmission of sensitive data via e-mail
- Clear identification of privileged files
Finally, U.S. citizens traveling abroad should also be aware of border procedures in their destination countries. Border agents in foreign countries may also be authorized to seize electronic devices. Border authorities in certain foreign countries may be authorized to copy data including sensitive or export controlled information from electronic devices while others may limit a traveler’s ability to import or use encryption on electronic devices.