Can Border Patrol Agents Search The Data Your Phone Stores In The Cloud?

Image courtesy of USACE HQ

While police must have a warrant to search someone’s phone in the U.S. — even after that person has been arrested — what can law enforcement do with gadgets seized at the border? For one thing, U.S. Customs and Border Protection says its officers are limited to searching phone content that is saved directly to the device, and not on the cloud — including social media.

Lawmakers Looking For Answers

Last February, citing “deeply troubling” reports of Americans being detained by CBP and pressured to give agents access to locked devices, Sen. Ron Wyden asked [PDF] the Department of Homeland Security to explain, among other things: Exactly how it deals with social media or email account passwords on devices it seizes or searches, and how its use a traveler’s password to access data in the cloud is legal.

Two months later, he and three of his fellow lawmakers in the Senate and the House introduced The Protecting Data at the Border Act [PDF] — which would prevent warrantless searches of “any electronic equipment belonging to or in the possession of a United States person” at the border.

CBP Responds

Although Wyden had asked for answers to his questions by March 20, acting CBP commissioner Kevin McALeenan said in a June 20 letter [PDF] — first obtained by NBC News — that DHS answered Wyden’s questions on May 9.

In response to the issue of cloud data on seized phones, McAleenan acknowledged that while officers can search a phone without consent or a warrant in most cases, they’re limited to looking at content saved on the device itself: Call histories, text messages, photos and videos, contacts, or other files.

“CBP’s authority to conduct border searches extends to all merchandise entering or departing the United States, including information that is physically resident on an electronic device transported by an international traveler,” the letter reads. “Therefore, border searches conducted by CBP do not extend to information that is located solely on remote servers.”

In other words, they can’t go digging through your email, Facebook, Twitter, Instagram, Snapchat, or other apps. It’s unclear whether this means an agent could put a device in “airplane mode” — thereby shutting off its access to the internet — in order to see what information is stored locally for those apps.

McAleenan says the agency issued guidelines in April to remind officers of this aspect of CBP’s border search policy. However, it’s unclear exactly what those rules say: They won’t be made public because “they’re law enforcement sensitive,” the acting commissioner noted.