Traveling for the holidays to the US? Everyone appearing at a US Customs and Border Protection (“CBP”) Port of Entry (“POE”) is subject to a warrantless physical search, and to the search of “devices” which includes anything with a chip or a battery. No “reason” is needed to justify a physical search. If you insist on traveling with electronic devices containing resident memory or Internet enabled storage access, then everything accessible on the device might be searched and could be seized by the US government. What to do to protect your privacy?
First, disable the mobile data, WiFi and Internet access for your device (use “airplane mode”). Second, remove all storage media from the device. If you have stored any data on the SIM cards or an expansion SD card, then put these in your pocket before you get off the plane. Third, clear your Internet browser histories from all accounts accessible from the devices with which you are traveling. Protect your privacy. Take all of these steps before “deplaning” in particular if you are traveling on a non-USA flagged carrier on an international flight. Avoid placing yourself in the position of refusing a “request” to unlock your devices by protecting your privacy before you travel.
There is one notable exception to the warrantless search of devices at a POE. As of July 2024, John F. Kennedy International Airport (JFK) is the only airport in the U.S. where it is illegal to search your “devices” without a court order or warrant. In United States v. Sultanov, a New York federal trial court in the Eastern District of New York ruled that border agents must obtain a warrant based on probable cause before conducting searches of electronic devices at the border. The court ruled that searches of cell phones or other electronic devices are “nonroutine,” bringing them outside the “border search exception” to the Fourth Amendment. US. v. Sultanov (22- CR-149) Memorandum & Order (E.D.N.Y)(July 24, 2024). Compare., U.S. v. Vergera 884 F.3d 1309 (11 Cir 2018)(11th Circuit Court of Appeals held the inverse – namely “[t]he Supreme Court has consistently held that border searches are not subject to the probable cause and warrant requirements of the Fourth Amendment” and that “[a]t the border, the highest standard for a search is reasonable suspicion,..”); Compare., U.S. v. Cano, 934 F.3d 1002, 1019-21 (9th Cir. 2019) (in a search after an arrest for drugs smuggling but declared to be a “border search” by the CBP the Ninth Circuit threw out the evidence seized and held that the “border search” exception authorized warrantless cell phone searches only when directed at finding “digital contraband.”1); Compare., U.S. v. Kolsuz, 890 F.3d 133 (4th Cir. 2018) Forensic searches require reasonable suspicion in 4th Circuit. The appellate court held that these searches are, by their nature, more intrusive than manual searches. It has deemed them non- routine and therefore has required reasonable suspicion (holding that “a forensic border search of a phone must be treated as nonroutine, permissible only on a showing of individualized suspicion.”)
Travelers should put the risk into perspective – In Fiscal Year (FY) 2023, less than 0.01 percent of arriving international travelers encountered by CBP at a port of entry had their electronic devices searched. A total of 41,767 searches were made without warrants from a total of 394,569,408 total passengers for FY2023. However, of that 41,767 searches a total of 33,110 were “non-citizens” and a further 3,989 of the searches were “advanced media searches” as opposed to “basic media searches.” That means that 79.27% of the searches were on visa holders. When a visa holder considers that the visa is an “invitation” which may be withdrawn at the POE at the discretion of the officer, then deciding whether to cooperate with the officer when “asked” to provide your phone and password is not a simple matter of “rights.” Your “consent” to be searched in this circumstance has been found to be “voluntary” in at least one US trial court.2 So, the criminal consequences of the discovery what data might be on your device should be considered well before surrendering it for inspection.
The “right” a visa holder and a citizen share is the “right” to refuse inspection. The consequences of a refusal, however, are vastly different. In presenting themselves at the POE for admission to the USA, travelers are obligated to present for inspection themselves and their electronic devices and the information “resident” on the devices in a condition that allows for the examination of the device and its contents by the officer. If the electronic device cannot be inspected because it is protected by a passcode or encryption or other security mechanism, then, at a minimum, that device may be subject to exclusion, detention, seizure, or other appropriate action or disposition. The saga doesn’t necessarily stop there. https://www.cbp.gov/document/directives/cbp- directive-no-3340-049a-border-search-electronic-devices
A search of the device itself, without connectivity to the cloud or any reader equipment, is defined as a “basic search” for which no warrant is required in all other jurisdictions (other than JFK Airport at the moment). See., CBP Directive No.3340-049A §5.1.3. Any more intrusive search level requires the articulation of “a reasonable suspicion of activity in violation of “ law, and the approval of a Grade 14 level supervisor or higher. Such as search is defined as an “advanced search” [See., CBP Directive No.3340-049A §5.1.4] and such search may be performed without the traveler present. See., CBP Directive No.3340-049A §5.1.6. The device can be held for five (5) days on the authority of the appropriate level supervisor, and the hold can be extended for an initial period of fifteen (15) days and then again in increments of seven (7) days with appropriate supervisory approvals. There is no required end of the seizure period, and in criminal matters the seizure can be involuntary and indefinite.
CBP officers document border searches of electronic devices in the “Electronic Media Report” module of TECS (the law enforcement data system), which provides information on why the traveler was selected for an examination. Furthermore, at every stage after the traveler is referred to “secondary inspection,” CBP maintains records of the examination, detention, retention, or seizure of a traveler’s property, including any electronic devices. This history is theoretically available for inspection by the traveler on the CBP Privacy Impact Assessments page.3 However, if a law enforcement motivation is flagged then the information may not be available online or even through an agency specific public records request (“FOIA”).
The traveler’s personal data – all of it – of any kind – will remain the property of the CBP4 (1) if there is probable cause to believe the information contains evidence of a violation of law that CBP is authorized to enforce or administer, or (2) if the information relates to immigration, customs, or other enforcement matters. The information seized may be retained in CBP’s Automated Targeting System (ATS) for a period 15 years, after which time the records are required to be deleted. The traveler’s exclusive administrative remedy for this search and seizure is to complain as set forth on a “tear sheet” the officer will provide afterwards. https://www.cbp.gov/travel/cbp-search-authority/border-search-electronic-devices . Good luck with that. See., CBP Directive No.3340-049A §5.4.1.3.
Generally, border searches are authorized by law at any POE and within 100 miles of an US international border. See., 19 U.S.C. §507. The Sultanov case (supra) presents an unsympathetic set of facts – the photos on the phone seized were described by the prosecutor as “child pornography” – but these bad facts raised the civil rights stakes sufficiently for the trial court to suppress the evidence seized and to issue a very careful analysis (as seen in the order) to the application of the U.S. constitutional Fourth Amendment right against “unreasonable search and seizure.” The trial court wrote – “This raises the unsettled issue — one that is percolating among district courts within this Circuit, but which the Second Circuit has not yet addressed — whether the historical exemption to the warrant requirement at the border must yield to the heightened privacy interests implicated by the search of a modern cell phone. Because “[c]ell phones differ in both a quantitative and a qualitative sense from other objects” a traveler might bring across the border, the Court concludes that it must so yield, and that the government should have obtained a warrant before conducting its search. Riley v. California, 573 U.S. 373, 393 (2014).” In the analysis the trial court reached the core issue of “what is the reasonable expectation of privacy associated with international travel” as described in U.S. v. Flores-Montano, 541 U.S. 149, 153 (2004) when related to a mobile or “cellular” phone in the modern era? Most travelers would assert that the expectation of privacy (today) is substantially greater than ever before due to all of the private personal information held on current generation smart phones.
The CBP officers are not well advised by the Department in CBP Directive No.3340-049A relating to Border Search of Electronic Devices (January 4, 2018) which did not fully anticipate the morphing of the phone into a portable personal data assistant and archive. The current generation of “Smart Phone” is used for and contains everything from biometric data through banking information all of which is typically held by the traveler to be sacrosanct. In a practical manner, there is a substantial difference in privacy expectations between checking a mobile phone or laptop case for an explosive content as opposed to searching the same for the data resident thereon. However, the 2018 era guidance has been updated to keep pace with the evolving public expectations of privacy, and thus, courts are beginning to add uncertainty into the routine law enforcement practices at the border such as seen with the Sultanov decision.
The traveler must carefully consider what happens to the visa status if the traveler refuses an inspection or if the results of an inspection yields data “deemed problematic” to the CBP officer.5 In the absence of any higher level guidance the field officers have unfettered discretion to exclude a traveler at the border.6 A traveler is well advised to take steps in advance to avoid being placed into the position of “refusing” a request to unlock a device.
The traveler should spend a reasonable amount of time to inspect the devices with which the traveler is crossing the border prior to presenting at the POE. The consequences of a failure of reasonable diligence can be tragic and consequential. For example. U.S. border officials denied entry to a 17-year-old Harvard freshman just days before classes were set to begin due to social media posts found on his Smart Phone at the POE. Ismail Ajjawi7, a Palestinian student living in Lebanon, had his student visa cancelled and was put on a flight home shortly after arriving at Boston Logan International Airport. Customs & Border Protection officers searched his phone and decided he was ineligible for entry because of his friends’ social media posts found on his phone. The anecdotal evidence remains that of the almost 33,000 visa holders inspected in FY2023 that some number were excluded from the U.S. POE8 after the CBP reviewed devices which contained messages either sent to or received from friends, family or even strangers. These inspections, typically, include reviews of images or videos obtained from social media sites like Facebook and Twitter, and encrypted messaging apps like WhatsApp, which were downloaded to the traveler’s phone.9 It is not publicly reported whether Internet browser history is also inspected and if so used as a basis for exclusion from the US.
Once you are at the POE the CBP officer has access to your online visa application which will include a list of the traveler’s disclosed social media accounts. First, make absolutely certain that your device and your visa application list exactly the same accounts. Do not “omit” or “forget” anything on the visa application which shows up on your device menu. Second, those travelers who apply for U.S. visas must disclose their social media handles and profiles completely – and it can be considered “fraud” if you fail to do so. For example – what was that AOL or Yahoo account you used in 2000? What was your .edu email address while at university or your email address at work five years ago? If you forgot these items then you should go find them and disclose it on the visa application even if you haven’t used it in years. USCIS officers look for social media content that may raise a reasonable suspicion that the traveler falls within established grounds for denial of admission. Content checked by USCIS officers may be videos, photos and comments that are publicly available to anyone online. The officers’ motives are “pure” in as much as the officers want to ensure that people who are applying for visas or who present at the POE are “who they claim to be” and that they are being transparent about their reasons for coming to the United States. The traveler should disclose social media platforms, handles, and email addresses on the travel visa applications usually processed at the consular level (i.e., forms DS-160, DS-156, DS-260). It is not possible to predict what images or links found on your devices will cause a secondary inspection or an eventual “inadmissibility” determination by the CBP.
References
1 The agents conducted the first and second searches manually, examining Cano’s text messages and call log, and recording some of the listed phone numbers. During the third search, the agents used Cellebrite software to download data from Cano’s phone. The agents declared the searches as “border searches” and thus “warrantless.” The motion to suppress the evidence was denied by the trial court. The Ninth Circuit overruled the trial court and suppressed the warrantless evidence. The reasonable expectation held in a personal phone was sufficiently high at the border that only warrantless searches “directed at determine[ing] whether the phone contains contraband” were allowed as warrantless at the border.
Fishing expeditions for evidence of ‘border related crimes’ were expressly outside the border area exception to the warrant requirement of the 4th amendment .
2 See., e.g., U.S. v. Gavino, 2024 WL 85072 (E.D.N.Y. Jan. 7, 2024)(Defendant’s decision to unlock his phone for CBP was voluntary despite a totality of circumstances implying prolonged seizure if consent were withheld).
3 Click on “CBP” at the left and then “DHS/CBP/PIA-009 TECS System: CBP Primary and Secondary Processing” and “DHS/CBP/PIA-021 TECS System: Platform”.
4 https://www.washingtonpost.com/technology/2022/09/15/government-surveillance-database-dhs/ Washington Post reports September 15, 2022 that CBP is retaining the call logs of the phones searched at the border. “***thousands of agents have access to a searchable database without public oversight is a new development in what privacy advocates and some lawmakers warn could be an infringement of Americans’ Fourth Amendment rights against unreasonable searches and seizures.”
5 If you are not a U.S. citizen or lawful permanent resident, you may be denied entry to the United States for a refusal to answer questions. The federal Immigration and Nationality Act describes a number of reasons why foreign nationals might be inadmissible into the country. The Department of State applies these considerations when it decides whether to grant a visa, and CBP applies them again at the border. CBP has broad discretion to determine that a foreign national meets one or more of the grounds for inadmissibility and can rule a person inadmissible notwithstanding that the State Department concluded otherwise when it issued a visa. Once CBP denies you admission into the country, it is very difficult to challenge its decision. If CBP denies you admission, it most likely will revoke your visa stamp. It may also, if it chooses, initiate “expedited removal” proceedings that will result in a five-year bar on you entering the United States. CBP may, but is not required to, offer you the option of “withdrawing your petition” to enter the United States. If CBP offers you the option to withdraw, you should strongly consider accepting it, because if you do not, CBP may initiate expedited removal.
If you are a citizen and have been referred to Secondary Screening, you have the right to ask for a lawyer to be present during your questioning. If you are not a U.S. citizen, federal officials will not permit you to make a phone call to seek assistance from counsel or others once you have been referred to Secondary Screening.
6 If you are inadmissible under any ground in INA 212(a), including INA
212(a)(9)(B)(i) and INA212(a)(9)(C)(i)(I), you generally cannot obtain a visa from the U.S. Department of State, enter the United States at a port of entry, or obtain an immigration benefit such as adjustment of status to lawful permanent resident (a Green Card) in the United States unless you first obtain a waiver or another form of relief (such as consent to reapply for admission).
7 https://www.nytimes.com/2019/08/27/us/harvard-student-ismail-ajjawi.html
8 https://techcrunch.com/2019/09/02/denied-entry-united-states-whatsapp/9https://www.cbsnews.com/news/senators-letter-mayorkas-border-search-phone-data-warrant/
Regina Mundi Global Advisors 