US Border Patrol isn’t allowed to search travelers’ data stored in the cloud
When searching travelers’ mobile phones at the border, US Customs and Border Protection (CBP) officers do not have the authority to rifle through data stored solely on remote servers (“in the cloud”).
The official confirmation has been offered in a letter penned by Kevin McAleenan, CBP’s acting commissioner, as a response to Senator Ron Wyden’s inquiry earlier this year, in which he asked for details about what kind of access to information the CBP can and cannot demand of travelers.
The agents are looking for contraband (e.g. child pornography), information indicating inadmissibility, or information that could present a threat to national security, McAleenan explained.
He says the agents can search a traveler’s phone without consent, but only for data saved directly to the device (e.g. text messages, contacts, call history, photos, videos, etc).
“CBP’s authority to conduct border searches extends to all merchandise entering or departing the United States, including information that is physically resident on an electronic device transported by an international traveler. In conducting a border search, CBP does not access information found only on remote servers through an electronic device presented for examination, regardless of whether those servers are located abroad or domestically.”
So, it seems that solutions like 1Password’s Travel Mode can currently help travelers keep their passwords out of BDP agent’s hands.
McAleenan also confirmed that US citizens can’t be prevented from re-entering the country even though they decline to unlock the device. “If CBP is unable to determine whether an item is admissible in the condition as presented by the traveler, CBP may choose to detain the item pending a determination of its admissibility in accordance with the law.”
But he didn’t provide the asked-for statistics regarding border encounters that included cell phone searches by CBP agents at the request of other government agencies (e.g. FBI, DEA, etc.), as a method to bypass their own search restrictions (i.e. obtaining a search warrant).
Senator Wyden, along with three other lawmakers, has introduced in April the Protecting Data at the Border Act, a bill that’s aimed to ensure Americans are not forced to endure indiscriminate and suspicionless searches of their phones, laptops and other digital devices just to cross the border.
“Americans’ Constitutional rights shouldn’t disappear at the border. By requiring a warrant to search Americans’ devices and prohibiting unreasonable delay, this bill makes sure that border agents are focused on criminals and terrorists instead of wasting their time thumbing through innocent Americans’ personal photos and other data,” Senator Wyden noted at the time.