US Customs and Border Protection agents are allowed to search the contents of travelers’ phones but not their data stored exclusively on the cloud, according to a letter from federal officials.
The letter (pdf), published by NBC News this week, was a response to senator Ron Wyden, a Democrat from Oregon, who wrote to the Department of Homeland Security in February (pdf), expressing alarm at “digital dragnet border searches” in which agents demanded access codes for cell phones so they could access information that would usually require a search warrant.
In January, the issue made headlines when Sidd Bikkannavar, a US-born scientist at NASA’s Jet Propulsion Laboratory was detained at the Houston airport until he revealed his password to CBP agents. Engadget reports that 5,000 cell-phone searches were conducted in February of 2016 alone.
In the agency’s letter, CBP Acting Commissioner Kevin McAleenan likens forcing a traveler to unlock his or her cell phone, essentially, to unlocking one’s suitcase:
“As with any other aspect of the border search process, CPB’s inspection of an electronic device transported by an international traveler does not require the consent of that traveler. To the extent that a CBP officer decided to conduct a border search on a traveler’s goods or merchandise that locked, or was otherwise not immediately available for inspection, the officer can request the traveler’s assistance in opening or presenting the goods.”
Border Patrol is only permitted to search information that is stored “physically” on a traveler’s phone, and not data that is stored “solely” on the cloud, the letter states.
While some spin the agency’s statements as a victory for travelers and digital privacy, skeptics advise caution.
“As soon as you unlock your phone its Pandora’s Box,” Tim Schwartz, an activist who runs digital-privacy workshops and has worked with the Fordham Law School’s Center on Law and Information Policy (CLIP) to research online privacy, told Quartz.
“If they can search your phone they can search your cloud account. Take Dropbox or iCloud as an example. They both sync information on your phone with the cloud…The only safe method is to back up your phone ahead of time, clear it to factory settings, travel, then restore it on the other side.”