Here's What To Know The Next Time You Cross The U.S. Border

Hold off on refusing to unlock your phone for border agents for now, at least until the issue has been resolved by the courts

01/09/2018 08:55 EST | Updated 01/09/2018 16:54 EST

On Jan. 4, 2018, United States Customs and Border Protection (USCBP) issued an updated policy directive on border searches of electronic devices.

The Supreme Court previously found that a routine search of any persons seeking admission to the U.S., and their personal effects, may be performed without reasonable suspicion, probable cause or a warrant. This is based on the premise that there is a reduced expectation of privacy associated with international travel.

Mike Blake / Reuters
A U.S. Customs and Border Patrol officer interviews people entering the United States from Mexico at the border crossing in San Ysidro, California, on Oct. 14, 2016.

Nevertheless, it has long been believed by privacy advocates that USCBP's authority to search a traveller's electronic devices should not be exercised in the same manner as a briefcase or suitcase. This is because hand-carried electronic devices now have the capacity to store a very large amount of personal or business information.

The new directive addresses some, but not all, of the issues that arise in the context of border searches involving electronic devices. The most significant issues are briefly discussed below.

Passcode-protected or encrypted information

The new directive states that a USCBP officer may request the traveller's assistance in presenting electronic devices, and information contained therein, in a condition that allows inspection of the device and its contents. If the USCBP officer is unable to complete an inspection of an electronic device because it is protected by a passcode or encryption, they may seize the device pending a determination as to its admissibility, exclusion or other disposition.

Of course, the new directive does not actually state that travellers have a positive obligation to provide a passcode or other means of access to USCBP during a border search. This is because the law in this area is still unclear.

On Sept. 13, 2017, the Electronic Frontier Foundation (EFF) and the American Civil Liberties Union (ACLU) filed a lawsuit against the federal government on behalf of 11 travellers (10 U.S. citizens and one lawful permanent resident) whose smartphones and other electronic devices were searched without a warrant at the United States border.

The USCBP does not currently have the legal authority to compel travelers to assist them in unlocking an electronic device at the border.

The EFF/ACLU lawsuit alleges that border searches of electronic devices violate the First and Fourth Amendments to the U.S. Constitution when conducted without a warrant that is based on probable cause that the device contains data indicating the traveler has broken an immigration or customs law.

Specifically, the lawsuit alleges the Supreme Court decision in Riley v. California should apply in the border context. In that decision, the Supreme Court held that, given the significant and unprecedented privacy interests that people have in their digital data, the Police could not conduct warrantless searches of the cell phones of people they arrest.

So, the USCBP does not currently have the legal authority to compel travelers to assist them in unlocking an electronic device at the border. Nevertheless, the new directive makes clear that USCBP officers will continue to ask for passcodes and other means of access in order to inspect electronic devices. It also makes clear that, if the traveler does not comply, USCBP may detain the electronic device for further examination.

CarmenMurillo via Getty Images

The new directive also does not address the issue of how long USCBP may delay the entry of a traveler in connection with the search of their electronic devices. The threat of an extended delay, which may cause the traveler to miss their flight, could also compel some travelers to cooperate.

Finally, if the traveller is not a U.S. citizen, there are additional tactics the USCBP could utilize to compel the traveller's cooperation. For example, they could threaten to summarily refuse the traveller's admission to the U.S. If this occurs, it may also become more difficult for the traveller to enter the U.S. on future occasions.

Despite the present uncertainty regarding whether USCBP actually has the lawful authority to perform a warrantless search of a traveller's electronic device, refusing to unlock an electronic device at the request of a USCBP officer may still lead to undesirable consequences.

Restrictions on USCBP access to information in the Cloud

Fortunately, the new directive formally clarifies that a border search should include an examination of only the information on the device itself and accessible through the device's operating systems or through other software, tools or applications. In other words, officers may not use the device to access information stored solely in the "cloud."

This means that information stored on cloud-based servers (e.g. DropBox, Google Drive, etc.) should fall outside the scope of a USCBP search. Based on this policy, information privatelystored in the traveller's social media accounts should theoretically fall outside the scope of a USCBP search as well.

More from HuffPost Canada:

Of course, many applications store synced copies of cloud-based information on the device itself. If information remains accessible after the device has been disconnected from the Internet, this means that a local copy has been saved on the device. According to the new directive, USCBP officers will be permitted to examine this information.

Given the fact that USCBP may employ a broad range of tactics to compel a traveller to unlock their electronic device, refusing to do so on the basis that USCBP does not clearly have the lawful authority to search such devices may not be advisable, at least until the issue has been resolved by the courts.

However, since cloud-based information is off limits, the safest course of action is to ensure that all sensitive information remains in the cloud and is not stored on the electronic device itself.

Follow HuffPost Canada Blogs on Facebook

Also on HuffPost: