Over the last year, the risk that border agents will search and detain U.S. citizens’ personal devices has increased dramatically. Arriving foreigners, meanwhile, now have to contend with the possibility that they will not only be asked to list their social media accounts but also provide the passwords for them before they can enter the United States.
A new bill in Congress could address US citizens’ fears of having their phones or other devices confiscated. But even if that bill passes, the Trump administration may still choose to gather foreigners’ social media passwords, a policy known as extreme vetting. In turn, Americans may become anxious that other countries will subject them to the very same treatment.
The usual rules don’t apply to your devices
There’s always been a risk that your phone or laptop could be searched upon your return to the States — and that you can’t do anything about that. Customs and Border Protection agents can also temporarily confiscate your device to search its data.
That’s because, as an August 2009 Department of Homeland Security paper states, your Fourth Amendment rights against unreasonable searches and seizures of your property don’t apply until you officially enter America.
That 2009 DHS document says CBP should spend no more than five days on an initial inspection of a “detained” device, while more-in-depth investigations should last 30 days at most.
What can you do in this situation? Traveling without electronics is a non-starter for many people, especially business travelers. Wiping your device or uninstalling all social-media apps may only make you look suspicious.
The Electronic Frontier Foundation’s advice boils down to this: Be polite, realize you may have to surrender your device if you don’t allow its search, and don’t commit a crime by lying to CBP agents.
“That leaves people with not a lot of great options,” summed up Emma Llansó, director of the Free Expression Project at the Center for Democracy & Technology, at a panel hosted by the D.C. chapter of the Internet Society in March.
Beginning in 2016, device searches became considerably more frequent. An NBC News report cited DHS data showing their numbers went from below 5,000 in 2015 to almost 25,000 in 2016. In February 2017 alone, CBP agents searched some 5,000 devices.
A CBP spokesperson said previously released 2015 and 2016 numbers were distorted by a mix-up of fiscal-year and calendar-year statistics; the representative said we would have correct data by April 12 but had provided none by the time of this article’s publication.
These searches still represent a tiny fraction of the total number of international travel. “CBP’s electronic searches affect less than one hundredth of one percent of travelers,” the spokesperson explained via email.
The spokesperson added that “electronic media searches” led to “arrests for child pornography, evidence helpful in combating terrorist activity, violations of export controls, convictions for intellectual property rights violations, and visa fraud discoveries.”
Recent anecdotes have been disturbing. For instance, CBP agents demanded that NASA Jet Propulsion Laboratory engineer Sidd Bikkannavar provide the unlock code for his JPL-issued phone and said they would not allow him to leave Houston Intercontinental Airport until he did so.
Bikkannavar is a native-born American citizen and a member of CBP’s Global Entry network — a trusted-traveler program that requires a detailed background check and CBP digitizing your fingerprints.
A new bill, however, could cramp CBP’s authority to search your stuff.
The “Protecting Data at the Border Act,” would prohibit customs officials and other border agents from searching the contents of the devices of U.S. citizens and permanent residents without a court warrant. It would also stop them from making a citizen or resident unlock a device and prevent them from detaining a citizen or resident for more than four hours.
The proposed law would, however, let a government agent search a device without a warrant if they “reasonably determine” an emergency involves an immediate threat of harm, a conspiracy “threatening the national security interest of the United States” or “activities characteristic of organized crime.”
The agent would only have to get a warrant after the fact.
The bill’s sponsorship shows an unusual degree of cooperation among legislators who may agree on few other issues this year. Sens. Ron Wyden (D.-Ore.) and Rand Paul (R.-Ky.) introduced it in the Senate. In the House, Reps. Don Beyer (D.-Va.), Blake Farenthold (R.-Tex.), Reps. Jared Polis (D.-Colo.) and Adam Smith (D.-Wash.) introduced its counterpart.
Things can get worse
That bill would not, however, limit CBP searches of arriving foreigners. But they may have something worse to worry about.
As numerous reports have indicated (most recently, an April 4 Wall Street Journal story), the Trump administration is considering requiring foreigners to share contacts lists and even social media account passwords for background checks.
That “extreme vetting” measure would be a giant step beyond the practice, begun in December, of asking many foreign visitors for their usernames on 13 social networks. A February report by DHS’s Inspector General criticized the department for launching this program without clear metrics for its performance.
At the D.C. Internet Society panel, CDT’s Llansó noted that Customs can share information it gathers in bulk with the National Security Agency. She called that “an opportunity for the U.S. government to have extensive maps of the civilian population.”
But requiring people to hand over not just their online identities but the keys to them has previously been a habit of totalitarian regimes overseas. Can the U.S. do that? At the border, probably so.
“It’s not just a search, it’s also a testimonial act, and you’re being asked to do something that could be incriminating,” Mason Kortz, a fellow at Harvard Law School’s Cyberlaw Clinic, told Yahoo Finance’s Daniel Howley. “But it’s still probably justifiable in determining who gets to come into the country.”
Maybe you don’t worry about what foreigners face at U.S. borders — nobody’s making them come here. But remember this: Little but the politeness of other countries need stop them from returning the favor to arriving Americans.
More from Rob:
- How Apple’s secrecy can hurt consumers
- The cheapest way to watch baseball online
- Trump is going after the open internet next
- Congress votes to roll back internet privacy protection
- You’re not as secure online as you might think