CBP revises rules for device searches at the border
New guidelines prevent law enforcement from trying to hack phones or access content on the cloud without "reasonable suspicion."
A Customs and Border Protection policy update puts new limits on the authority of law enforcement to search electronic devices at U.S. border crossings. Some privacy advocates praised the move but are still seeking legislation to clarify the rights of returning citizens and residents crossing the border into to the U.S. over their digital information and media.
CBP released the directive, which limits routine searches of mobile phones and other electronic devices from accessing remotely stored information and media, on Jan. 4. The policy also sets out conditions for "advanced" searches of tech gear, involving copying and analyzing information on a device. These need to be approved by a supervisor and under circumstances of reasonable suspicion, including a subject of a search being on a terrorist watch list or on a "lookout" list.
The directive was last updated in 2009.
The updated policy permits border agents to attempt to hack into encrypted and passcode-protected phones and devices if an owner won't grant access.
"Nothing in this Directive limit's CPB's ability, with respect to any device presented in a manner that is not readily available for inspection, to seek technical assistance, or to use external equipment or take other reasonable measures…to render a device in a condition that allows for inspection of the device and its contents," CPB states.
That language caught the attention of Sen. Ron Wyden (D-Ore.), who is seeking a warrant requirement for such device searches.
"CBP's new rules also explicitly permit CBP to attempt to bypass the encryption or brute-force a password protecting a device seized at the border without reasonable suspicion," Wyden's office noted in a statement.
Wyden's Protecting Data at the Border Act, co-sponsored with Sen. Rand Paul (R-Ky.), would introduce new rules governing border searches. Still, Wyden calls the new directive an improvement over existing policy.
"By requiring 'reasonable suspicion' before conducting forensic searches of Americans' devices at the border, Customs and Border Protection is beginning to recognize what the Supreme Court has already clearly stated that 'digital is different,'" Wyden said.
American Civil Liberties Union legislative counsel Neema Singh Guliani said it was "positive" that the new policy "would least require officers to have some level of suspicion before copying and using electronic methods to search a traveler's electronic device." She added that "this policy still falls far short of what the Constitution requires -- a search warrant based on probable cause."
Despite the new policy, CBP sees device searches as an important law enforcement tool. In a privacy notice reviewing the new directive, it was revealed that CBP conducted 30,200 searches of electronic devices in FY 2017 for inbound and outbound travelers. That number is up from 18,400 in FY 2016.
In responses to questions from senators after his confirmation hearing, Acting CBP Commissioner Kevin McAleenan said that, "searches of electronic devices at the border routinely result in significant enforcement actions despite the rarity of their use."
NEXT STORY: Can federal purchasing power counteract botnets?