In the September 18, 2017 Federal Register notice (see 82 FR 43556) , U.S. Citizenship and Immigration made clear it will now routinely require those applying to enter the U.S. to provide social media handles. As such, the obvious starting point for these tips must be a reminder that Customs and Border Protection (“CBP”) officers may require arriving travelers to provide the unlock code to their electronic devices and user names/passwords to gain access to programs, including social media accounts, so make sure all your programs are closed when you cross the border! The contents on your devices can be examined, and that is true whether or not you are a U.S. citizen, and regardless of your profession. If you are selected for such an inspection, you can expect this two page summary may be handed to you – https://www.cbp.gov/sites/default/files/documents/inspection-electronic-devices-tearsheet.pdf.
The national security concerns of protecting the homeland allow CBP officers to inspect passengers and their belongings without meeting the Fourth Amendment protections against unreasonable search and seizure. A CBP officer is not required to articulate why he or she directs you to secondary or why you or a particular device is of interest.
The 2009 directives (for CBP – see https://www.dhs.gov/xlibrary/assets/cbp_directive_3340-049.pdf; for Immigration and Customs Enforcement (ICE”) see https://www.dhs.gov/xlibrary/assets/ice_border_search_electronic_devices.pdf) provide a specific process only if a traveler identifies him or herself as an attorney (with equal application to U.S. and foreign attorneys). In that case, the officer is to consult with either the agency’s own attorneys or the Dept. of Justice for approval to proceed with the inspection of the relevant materials. Regardless, the device is subject to inspection. In reality, the stories which make the news do not generally involve the inspection of electronic devices belonging to attorneys, but rather those belonging to other travelers.
In the recently filed Ghassan Alasaad et al v. Elaine Duke, et al, Mass DC, Case No. 1:17-cv-11730, September 13, 2017, we learn about 11 travelers and their unpleasant experiences, which range from being held in secondary for a few hours to far more upsetting stories. In one example, a family crossed from Canada back into the U.S. with a sick child and was detained about six (6) hours before being permitted to leave, during the course of which their devices were seized for many days before being returned. In another case, father and daughter returned from Canada to the U.S. by bus, were detained at a small U.S. crossing point for about seven (7) hours, the father’s devices were inspected and later, they were permitted to leave, but long after their original bus had departed. Equally perplexing is why some of the individuals were stopped more than once, and the very same electronic devices subjected to searches each time!
Lest anyone think only CBP officers at small ports with limited traffic are the culprits, Dallas-Fort Worth and Miami also gave rise to incidents described in the pending case. The focus of the lawsuit is to declare the current procedures unconstitutional given that electronic devices carry so much personal information that they no longer equate to the contents of one’s luggage, which everyone surely concurs is available to be inspected at time of entry.
The Supreme Court has repeatedly held that CBP has an unfettered right to inspect anything which accompanies a traveler leaving from or returning to the U.S.. The issue of laptop searches and surrounding privacy rights comes up every few years. The current iteration of the push-pull between protecting the borders and the right to privacy is no longer limited to just laptops.
To provide some context, CBP published the following figures:
1) In 2015, of the 383.2 million travelers, 8,503 searches of electronic devices were conducted;
2) In 2016, of the 390.6 million travelers, 19,033 searches of electronic devices were conducted; and
3) In the first six months of 2017, there were 14,993 searches of electronic devices conducted out of the 189.6 million travelers.
While the numbers of devices searched is still small in comparison to the number of travelers, the number of searches is steadily climbing and, if it is your device which is held, you will likely run out and replace it long before you get your original device back. So, be prepared to spend the money to do so or plan to stick around, even if you miss a connecting flight, assuming CBP or ICE will release your device. Cooperating with authorities does not guarantee the release of your device.
In 2009, when the CBP and ICE directives were originally issued, they were woefully inadequate. They did not address all the situations where the law recognizes confidentiality. Yes, the search of attorney devices was marginally carved out, but what about a device belonging to a doctor or priest, or one containing someone’s medical information, or how about the business person who has confidential communications from an attorney? There are also journalists whose sources are typically protected from disclosure.
From the CBP side, certainly great flexibility is needed to protect the homeland, no one doubts that. It is also true that sometimes the situation is nothing more than the officer has a well-founded hunch which proves to be right. At the same time, threatening to pull your gun or choking someone to get your hands on a smartphone to inspect it, as alleged in the current lawsuit, would seem to be excessive by any standard!
The courts have long held that taking the device, imaging it, and returning it long thereafter does require a search warrant, especially if a criminal case is filed. How is the average traveler to know his or her rights?
So, what is traveler to do?
- If you don’t absolutely need the device, don’t take it with you.
- Keep in mind which of your devices has security settings and which does not. The ones which do not could be inspected, no matter the circumstances.
- You can put the data which you later want to access in the cloud with strong password protection (be sure to disable the connection) and carry the equivalent of a burner phone. Otherwise, make sure all your programs are closed.
- Do not keep more data on your device than you are willing to have exposed to CBP or ICE.
- If you have photos on a device, store them in your cloud account and remove them from your device.
- Some have suggested that if the device is in airplane mode, it may discourage any inspection since the device is not connected to the Internet. While CBP did state in June 2017 that its searches are limited to “information that is physically resident on the device,” it is not clear that simply activating airplane mode actually makes a difference. *
- If you do get selected for secondary, you really only have two choices – give them the information they want and make the search process go as quickly as possible** or be prepared to sit around for several hours and, in the end, possibly be forced to leave your device behind to be returned (perhaps) at some later undefined point in time.
- In 2009, both CBP and Immigration and Customs Enforcement issued directives as to how each agency would deal with the inspection of digital devices. They protect no one, not even attorneys!
* See file://data/data/litip/41592/00001/0374/9316578.PDF for the full list of questions and answers from the Senate Finance Committee dated June 20, 2017 to the nominee for Commissioner of Customs and Border Protection.
**Of course, if you are an attorney or work for a lawyer or law firm, or are in house, you must immediately object to the search of the device so as to have the best argument possible the attorney-client and work product privileges apply, despite what the officers may find on your device.
This topic finally takes us to the question of what companies are doing to protect themselves? Just as developing a bring your own device to work policy is necessary, so are ground rules for employees traveling with company owned devices. Many companies are in highly regulated industries or have employees with access to highly prized information and so already have robust policies in place. If you do not, at least adopt the above recommendations as a starting point to stylizing a policy that works best for your individual company’s needs.