In the last few years, many U.S. citizens and other travelers have been surprised to find that their phones and other personal electronic devices are subject to search and seizure without a warrant or probable cause upon crossing the border into the U.S. Recently, stories like that of NASA scientist Sidd Bikkannavar have raised questions for UW-Madison’s international travelers, such as “Should I travel?”, “What should I do if a customs official wants to search my work or personal device?” or even, “Don’t they need a warrant to do that?”
Let’s take that last question first. The short answer is, no. Customs and Border Protection do not need a warrant or probable cause to search your phone or laptop. Since 2013, the Department of Homeland Security has claimed legal authority to search your electronic devices without a warrant or probable cause at the U.S. border or international airports. One likely basis for this interpretation is federal regulation 19 C.F.R § 162.6, assuming one classifies a cell phone, laptop, or other electronic device as “baggage.”
Note that this regulation pertains specifically to border searches conducted by U.S. Customs agents at the US border, international airports, or other ports of entry.
The UW-Madison Office of Legal Affairs (“OLA”), which provides legal advice for employees engaged in work-related travel, offers the following information.
- U.S. Customs officers have broad legal authority to search and seize the possessions of individuals (U.S. citizens and non-citizens) seeking to enter the United States; this includes searching and seizing laptops and other electronic devices.
- While traveling abroad, your laptop and electronic devices are subject to foreign laws, which might not provide the same privacy protections as U.S. laws. As such, your laptop and electronic devices could be subject to search and seizure under the laws of the country in which you are traveling.
- Accordingly, employees should avoid carrying sensitive data abroad. If you have questions about whether data in your possession is subject to privacy laws or a non-disclosure agreement, please contact OLA, at: 3-7400, prior to taking the data abroad.
- All UW-Madison employees traveling abroad are urged to take only “clean” devices that do not contain any sensitive work-related information. The Division of Information Technology (“DoIT”) offers loaner laptops and electronic devices that can be used by employees traveling abroad.
OLA can only advise on employment-related matters, but you may have concerns about keeping data on personal devices secure and confidential. Also, while it is a highly visible and contentious issue currently, remember that border searches are only one challenge to maintaining your online privacy and data security while travelling abroad. Not all nations extend any expectation of privacy to visitors or citizens. Eavesdropping is routine in some countries.
Here are a few suggestions to mitigate the risks to your data:
- If you must take your own device, “sanitize” it by backing up the information and removing all information not needed during your travels, including saved logins and other credentials. Note that simply deleting, or moving files to the trash or recycle bin isn’t sufficient. Trashed files are easily recovered unless securely deleted (MacOS only. See this How-To-Geek article for a secure delete option for Windows).
- Ensure up-to-date protections for anti-malware, security patching and firewalls.
- Make sure the password or lock code you use is unique and not used for another device or account.
- As soon as you return home, change the passwords of all accounts you accessed while traveling.
For more recommendations, see our guide “Safe computing when traveling abroad.”
Also see the presentations prepared by Ronald Machoian, UW-Madison International Safety and Security Director on the topics of Data and Financial security while traveling linked below.
Image credit: James R. Tourtellotte – http://en.wikipedia.org/wiki/Image:Bordercontrol.jpg, Public Domain, https://commons.wikimedia.org/w/index.php?curid=1086535