U.S. border agents can inspect data located on physical devices such as phones and laptops, but cannot access information stored remotely or on the cloud, under a new directive from U.S. Customs and Border Protection (CBP).
Under the updated rules, travellers can be asked to provide their devices’ passwords to agents, but the passwords must be deleted or destroyed immediately following the search.
READ MORE: Should you worry about U.S. border agents searching your phone? Yes, says privacy czar
Searches of electronic devices should be carried out in the presence of the individual whose devices is being scrutinized unless there are concerns regarding national security or officer safety, the directive states. But allowing an individual to be present during a search “does not necessarily mean that the individual shall observe the search itself.”
In order to prevent agents from accessing data stored remotely, travellers will be asked to disable network connectivity or put their devices in airplane mode before submitting them for inspection.
READ MORE: NAFTA, Trump and the cloud: What the negotiations mean for your personal data
But while the directive offers privacy safeguards, it also includes exceptions under which officers can conduct more advanced searches.
Get daily National news
In cases of “reasonable suspicion” concerning national security, law breaking or officer safety, agents can ask supervisors for permission to connect external devices, physically or wirelessly, to travellers’ devices in order to review and copy their contents.
Where sensitive data is accessed, such as medical records or journalists’ work materials, agents will handle the data in accordance with “applicable federal law and CBP policy.”
READ MORE: Digital searches at the US border: what you need to know
While CBP insisted that its rules strike a balance between national security and civil liberties, privacy advocates weren’t convinced.
In a statement, the American Civil Liberties Union (ACLU) said that the use of “reasonable suspicion” to justify searching devices falls short of the Constitutional requirement for search warrants based on probable cause.
The ACLU also criticized the directive for not making it clear that while travellers can be asked to provide their passwords, they are not under any obligation to do so.
“Congress should continue to press CBP to improve its policy,” the group said.
WATCH: Canadian border officials can search your cellphone, confiscate your device
In addition to the new rules, the agency also released data showing the government inspected a record number of devices last year.
Agents inspected 30,200 electronic devices in the fiscal year 2017, which ended in September — a nearly 60 per cent increase from 2016.
READ MORE: Border patrol arrests hit 45-year low during Trump’s first year in office
However, the agency stressed that only around 0.007 per cent of incoming international travellers had their devices checked.
The spike in searches comes as the Trump administration has moved to ramp up border security.
Comments