chevron-down Created with Sketch Beta.

Litigation News

Fall 2023, Vol. 49, No. 1

Coming (Back) to America: Does Your Data Cross with You?

John McNichols and Nicole Fleming

Summary

  • Ordinary constitutional protections against unreasonable searches and seizures are considerably relaxed at the border.
  • For lawyers, this can be particularly alarming, given our professional obligations to maintain confidentiality.
  • Courts and legislators are beginning to scrutinize the notion that the information on a laptop or smartphone is as inspectable as a bottle of liquor from the duty-free shop.
Coming (Back) to America: Does Your Data Cross with You?
Science Photo Library

Jump to:

Imagine yourself coming back to the United States from an overseas business trip. You touch down at Logan Airport in Boston, deplane, and lug your suitcase through the final stretch of Terminal E. Only one obstacle remains between you and a comfortable cab ride home: U.S. Customs. Not a problem, right? You have no need to fear the Midnight Express treatment because you have no contraband. Moreover, you have no papers, just your phone and work laptop with some digital files from the client. But after running through the typical customs questions—“Where are you coming from? … Purpose of trip? … Anything to declare?”—things take a strange turn: The customs officer picks up your laptop, opens it, and presses the power button. “We need to inspect this,” he declares, gesturing at the login screen. “Please put in the password.”

U.S. citizens may be surprised to know that this kind of search actually happens. Although only a small fraction of international travelers have their devices searched, the practice is on the rise. Ordinary constitutional protections against unreasonable searches and seizures are considerably relaxed at the border, which means that searching, decrypting, and even copying your digital data—all without a warrant or even probable cause—are within legal limits. For lawyers, this can be particularly alarming, given our professional obligations to maintain confidentiality. But courts and legislators are beginning to scrutinize the notion that the information on a laptop or smartphone is every bit as inspectable as a bottle of liquor from the duty-free shop.

What Happens During a Border Search?

The historical rule for crossing international boundaries is that sovereign states have discretion to determine who may enter their territories and on what terms. Consistent with this, travelers have long expected plenary searches when entering a new domain, even in jurisdictions like the United States where privacy rights have constitutional safeguards. This so-called “border exception” to the Fourth Amendment has been part of American jurisprudence since the founding. The question, then, is whether the digital age changes anything.

Current U.S. policy on international arrivals effectively treats travelers’ digital information like other forms of physical property. That is to say, U.S. Customs and Border Patrol (CBP) and Immigration and Customs Enforcement (ICE) have largely unbridled discretion to search electronic devices. Under the agencies’ policies, an agent need not suspect any criminal activity to open a traveler’s device, flip through accessible files, and do everything short of a forensic examination. And even a forensic or “advanced” search—i.e., one that involves connecting external equipment to the device in question—requires only a reasonable suspicion of criminal activity, not a warrant.

CBP has said that Americans will not be denied entry for refusing to give their passwords to border agents, but for those who do refuse, the government can always deny entry to the device itself. And regardless of whether a traveler consents to the search, border agents may “detain” the device to perform additional analysis. While CBP and ICE state that detained devices should be returned to their owners within a “reasonable” time, no law or regulation places any ultimate time limit on them, and travelers report that the agencies have kept their devices for days and even weeks. After returning a device, moreover, the agencies may keep copies of the data thereon if it reflects criminal activity, and they may share the data with other law enforcement agencies at all levels of government.

What Have U.S. Courts Said?

The number of border searches of electronic devices has snowballed in recent years: CBP reported conducting 45,000 searches in 2022, compared with just 19,000 in 2016. Although the increased search activity has occasioned new legal challenges, the multiple federal appellate courts to consider CBP and ICE border policies have largely upheld them. Under their decisions, border agents are permitted to conduct manual searches of electronic devices without probable cause or individualized suspicion of criminal activity. And while some courts have been more circumspect about forensic searches—in some cases requiring reasonable suspicion and a nexus to a border-related rationale—that skepticism is not universal. Perhaps most tellingly of all, it was not until this year that any federal court had ever required a warrant for a border search of a digital device.

That changed in May 2023, when Judge Jed Rakoff of the U.S. District Court for the Southern District of New York held that the government must have a warrant to search an American citizen’s cell phone at the border. In United States v. Smith, Judge Rakoff reasoned that the principal purpose of robust border searches was to prohibit entry of physical contraband. Seizing digital data “contained” on a cell phone, however, would likely not stop its entry into the country, since much of the phone’s data is already externally stored in a U.S. server. Moreover, travelers would not reasonably expect to forfeit the privacy of the expansive (and often intimate) personal information typically found in one’s cell phone simply by taking the device on an international trip. 

For years, activists have argued the same points: Searches of digital devices are not sufficiently tied to the traditional purpose of border searches to justify law enforcement’s access to a trove of sensitive data that, until this century, could never have been physically carried by a traveler even with the largest steamer trunk. Sharing these concerns, the Protecting Data at the Border Act—a bipartisan Senate bill proposed two years ago by Senator Ron Wyden of Oregon—would require probable cause of a felony to seize electronic devices and a judicially executed warrant to search them.

What Particular Concerns Do Lawyers Have?

Our hypothetical above takes place in Boston, where the First Circuit has allowed border agents to freely search any and all electronic devices with no suspicion needed even for forensic searches.  But in allowing such searches, the First Circuit reserved the possibility of a different outcome if the government were using border searches to pierce the attorney-client privilege. This suggests that heightened caution may be warranted when the traveler bearing the device happens to be an attorney. Nevertheless, courts have provided little insight into how to protect privilege and work product during these border searches.

CBP and ICE policies presently permit searching devices containing privileged material, a risk flagged by the American Bar Association, which has urged the agencies to require warrants. Prompted by the ABA’s concerns, CBP policy instructs that if a traveler informs border agents that his or her device contains privileged material, agents should seek clarification about which particular files are at issue in order to “segregate” potentially privileged material during the search. Still, the public lacks clarity about how this approach would function in the case of an attorney’s devices, such as a work laptop consisting predominantly or entirely of privileged material and work product.

In addition, CBP’s policy calls for deletion of any copies of privileged materials that happen to be collected during a search. But exceptions to this direction allow privileged materials to be retained for national security concerns or “other legal requirement[s],” without further specification. And if CBP or ICE shares that information with another agency, that other agency’s retention policy governs the disposition of its copy. One can envision numerous logistical and technological hurdles in the event of inadvertent access, as the claw-back process for the return of protected files is uncharted. With the swell in border searches of electronic devices, international trips may involve a new headache about scrubbing current devices of privileged material or buying burners—not because of privacy risks while in another country but, rather, because of a lack of privacy while entering or exiting your own.

Resources

    Authors