Esha Bhandari - Hello everyone and welcome to the CLE: Traveling Internationally with Digital Data- A Changing Legal Landscape for US Border Searches. My name is Esha Bhandari, and I'm a deputy project director with the ACLU Speech Privacy and Technology Project, where I've been working on the issue of the legality of searches of electronic devices at the US border for many years. I'm presenting this CLE in February 2022.
The goals for this CLE are to provide the following information. One, to discuss the state of the law regarding digital device searches at the US border. Two, to explain federal government policies and practices, with respect to border searches of electronic devices and situate those policies within constitutional limitations. I'm also going to give an overview of the current state of the case law and the splits among federal circuit courts on what exactly those constitutional limitations are. Next, I'm going to provide guidance to practitioners on strategies to suppress evidence from border device searches. And finally, I'll provide advice to all international travelers on safeguarding sensitive information, including confidential attorney-client information when traveling into or out of the United States with electronic devices.
I also wanna give a bit of context for what I'm referring to when I talk about border searches of electronic devices. I'm talking about searches that take place when a traveler is physically entering or exiting the United States. So, whether you're arriving at a land port of entry, whether it's the Mexico or Canada border with the United States, or if you're arriving at an airport and going through Immigration and Customs. But these searches that I'm talking about are searches of traveler's electronic devices that happen at the point of entering or exiting the country. Most people and most travelers will be familiar with being searched on entering the United States. That's most often when you get searched by border officers, but it happens occasionally, though rarely, that people will be searched when they're leaving the United States. You might be at an airport boarding a plane, and prior to that, be searched by Customs and Immigration officers. So I'm referring to searches that happen then. I'm not talking about searches that happen in the interior of the United States but might be conducted by border or immigration officers. So for example, sometimes people talk about a hundred mile zone from the border where there are immigration checkpoints, where border officers might be stopping people and conducting searches. Those interior domestic searches are not what I'm referring to here because those searches are just subject to very different policies and practices. So, you know, with that understanding, I'm gonna talk about the federal government policies and practices that apply.
First, when we talk about border searches of electronic devices, there are two main agencies that conduct these searches. One is US Customs and Border Protection or CBP. And the second is US Immigration and Customs Enforcement, or ICE. I'm gonna be referring mainly to these two agencies. Both agencies under their current policies, permit warrantless and suspicionless searches of electronic devices when a traveler is at the US border. That's the overarching policy here. These searches do not require a warrant and they don't require suspicion of wrongdoing on the part of the traveler.
But getting into more specifics of what the policies do say, I'm gonna turn first to the US CBP 2018 Directive, which is the currently operative policy. The CBP policy divides electronic device searches into two types. One is known as a basic search. And the second is called an advanced search. An advanced search is any search in which an officer connects external equipment through a wired or wireless connection to an electronic device to review, copy, or analyze its contents. So an advanced search is any search where they hook up equipment that lets them do the search via what we might call forensic means. It might be a Cellebrite device. It might be some other device. It doesn't mean plugging in a device for power. So plugging in a laptop or plugging in a smartphone. A basic search on the other hand is just any search that doesn't require equipment. So this could be an officer scrolling through a smartphone. It could be someone using the internal search function of a laptop to search through keywords or for images, but there's no external equipment that's helping with the analysis.
If you look at the case law, sometimes advanced searches are referred to as forensic searches by courts, while basic searches might be called manual searches. Under CBP policy, a basic search can be conducted with no suspicion at all, but an advanced search requires reasonable suspicion of a violation of the laws administered or enforced by CBP. And notably, CBP claims the authority to enforce a wide range of laws. It's not necessarily just immigration and customs enforcement that we might imagine pertains to whether you're entitled to come into the country and bring your belongings with you. So CBP claims the authority to enforce a wide range of laws. And if it has reasonable suspicion of a violation of those laws it can conduct an advanced search. There is an exception for a national security concern, in which case CBP can conduct an advanced search without any individualized suspicion. CBP policy doesn't permit searches of cloud data. And this is an important limitation. What this means is if your phone has access to certain information, when it's connected to the internet, but that information isn't physically resident on the device, it cannot be searched at the border by CBP officers. For example, if you have an app, an email app on your phone where you regularly check your email, some of those messages are likely cashed on your device. If you've already downloaded and viewed them, they might be physically resident on your device and they'd subject to search. But if you had to connect to the internet to refresh and get new emails, that process, and those emails shouldn't be subject to search at the border.
Some travelers will be searched right at the border. When they arrive, the officer might search their phone on the spot or take it into another room and do an advanced search by connecting it to equipment. But nonetheless, they might complete that search, give you your device back and send you on your way. However, CBP policy does allow for devices to be confiscated from a traveler for the search to be conducted at a later time. That means that you might be allowed into the United States to go on your way, but the device could be held back by border officers. The time period for confiscation should not ordinarily exceed five days, but it can be prolonged with supervisory approval. In my experience, many times if border officers confiscate a device from a traveler and keep it, that device can be kept for weeks or months at a time. Because ultimately there is no time limit in the CBP policy on when a device has to be returned to the traveler. So it is quite likely that someone whose device is seized may not see that for quite a long time. Let's say a border officer has searched a traveler's device. What happens then? What happens with the information that they've gathered from that search? Well, the CBP policy permits the agency to retain information from a traveler's device that is related to immigration, customs, and other enforcement matters without probable cause to suspect a violation of law. The policy also permits officers to share any information that they've retained from an electronic device search with federal, state, local and foreign law enforcement agencies. So once they've retained information and it's been deemed to be within this immigration, customs and enforcement matters purview, which is quite broad, then that information can be shared widely.
Turning now to the ICE policy. The ICE Directive is dated from 2009, and it's been superseded in part by broadcast, which was issued in 2018. These two documents combined are the currently operative ICE policy. ICE's policy uses the same definitions of advanced and basic searches as CBP. ICE similarly requires reasonable suspicion for an advanced search and no suspicion for a basic search. One notable difference is that ICE does not have a national security concern exception for advanced searches without suspicion. ICE has stated in the course of litigation, that it will also not search cloud data and the ICE policy also similar to CBP lays out various requirements for retaining information obtained from a border device search and ICE searches can similarly result in the information being shared with other state, local, federal, or foreign law enforcement entities.
Just one thing to note is that a border device search done by ICE is usually done by a sub component of ICE known as Homeland Security Investigations or HSI. What normally happens with a traveler at the border is that they'll initially be searched by a CBP officer. These are the officers that scan your passports if you arrive at the airport and go through customs. So what's most likely to happen is that a traveler will be subject to the CBP policy on device searches when they're at the border. But if ICE, sorry, if CBP confiscates a device from the traveler before sending the traveler on their way, then they're most likely to send that device to ICE or HSI for the search and then ICE and HSI policy would apply. That's just something to keep in mind if for example, you have a client that had a device confiscated by CBP, that it's quite possible, maybe even likely, that the device is now in the possession of ICE or HSI. And therefore that is the relevant policy to look at.
ICE policy states that searches should generally be completed within 90 days, but can be prolonged with supervisory approval. Again, in my experience, once a device has been confiscated, they are often retained for weeks or months on end. Those are the two relevant agencies policies. Taking a bit of a step back, why does this matter? This is an increasing problem that we have seen at US borders. The number of device searches of travelers has been growing exponentially. In fiscal year 2015, it was about 8,500 devices that were searched. This is according to CBP data and doesn't include ICE data. So it's likely an under count. But then if we look at fiscal year 2017, that number jumped to about 30,500 and in fiscal year 2019, it was almost 41,000 devices that were searched by CBP. I think we can see why these numbers might be going up in terms of two specific trends. One, travelers are increasingly likely to be carrying smartphones with them. That's been a huge change even from the last 15 or 10 years that many, if not most travelers traveling internationally will have some sort of electronic device on them. And of course these devices have only gotten more powerful over the years. They have a greater capacity, more information to be searched. And second, the government's technological capabilities have also increased. There are more devices that the government has, including at ports of entry to conduct advanced or forensic searches. They can plug in equipment to a traveler's device, copy the contents and analyze it later. So the ease of search has gone up and the government has increasingly been using this authority under these two policies to search an ever-growing number of travelers devices.
So what are the reasons for search? Of course, CBP and ICE claim the authority to conduct searches for immigration and customs enforcement. The traditional type of search that you would expect at the border where they're assessing whether a traveler is entitled to come into the United States and whether they have any contraband with them or dutiable goods. But ICE and CBP also claim the authority to conduct border searches for purposes that go beyond just immigration and customs enforcement, including general law enforcement purposes to conduct risk assessments or to advance preexisting domestic investigations. Border agencies will consider requests from other government agencies and law enforcement to search a particular traveler's device and border officers assert the authority to search a traveler's device to obtain information about someone else. This means that if you are the traveler and you're not suspected of any wrongdoing or you're not the person of interest, but border officers nonetheless think you might have communications or information about someone that they're interested in, they claim the authority to search your device for that information about the other person. So this obviously has implications for everyone, but particularly is noteworthy for lawyers whose devices might contain attorney-client privileged material.
For example, many of us lawyers might have information about clients that is of interest to the government. Particularly if those clients are being investigated and similarly journalists who might have confidential source information. And, you know, even if the journalist is not suspected of any wrong doing whatsoever, if the government is interested in the sources, then that is a claimed authority to search a journalist device. The federal government policies do have provisions for handling particularly sensitive material slightly differently. For example, the CBP policy does refer to attorney-client privileged or confidential material, and also journalists confidential or source material, and lays out a set of procedural steps that are supposed to be followed for searching such information. But whether those steps are followed in every case is an open question. And in any event, none of those types of materials are protected by the requirement of a warrant or any legal process or any court oversight before they can be searched. It's the agencies themselves that decide whether they can search the confidential information that's contained on a traveler's device. That's an overview of the policies and the practices that currently apply with searching devices at the US border.
Now let's turn to the state of the law. What does the law have to say about this? What are the constitutional limitations? First, I'm gonna talk about traditional border search rules.
Consistent with the Fourth Amendment, traditional border search rules don't require a warrant or even suspicion for searches of physical luggage and other personal effects. Those of us who've traveled internationally have likely experienced this. Where when you return, your baggage can be opened. You can be asked to show things that you're carrying on you at any time. There's no requirement that border officers identify any particular individualized suspicion for that. That is just the traditional border search rule. And courts have stated that that doesn't violate the Fourth Amendment. That's consistent with the power of the sovereign to examine who's allowed to come in and what they're bringing in with them and whether it's subject to duty or whether it's contraband, physical goods that just can't be brought into the country. Appellate courts have held that certain non-routine searches at the border require reasonable suspicion. So for example, alimentary canal searches, body cavity searches, x-rays, all of these courts have said in many instances will require individualized reasonable suspicion. You know, usually in that case, because it's the search of physical body parts that the person is carrying contraband. And the reason for this of course is these searches are highly invasive. They affect dignitary interests. They invade privacy in a greater degree. And so courts have said, you need a higher level of suspicion to justify those searches.
So even though they can be conducted without a warrant officers have to have an individual justification for doing those. And then in the case, United States v. Ramsey from the 1970s, the Supreme Court suggested that there might also be constitutional limits on searching reading material in international mail. That case involved a border officer opening international mail, which was bulky because the officer suspected it contained contraband, contraband drugs in that case. The Supreme Court was examining a Fourth Amendment search question, was that a permissible search? And the court said that yes, officers could open international mail when they suspected that there were drugs in there. And it was you reasonable to assume that there was more than just correspondence because the package was bulky. But the court did suggest that there might be a First Amendment concern if border officers could read international mail without suspicion. The court didn't have to actually reach the First Amendment question because there were regulations in place that flatly prohibited customs officers from reading the contents of international mail.
So notably the Supreme Court didn't have to reach that First Amendment question, but it did acknowledge and recognize that if border officers could just read international mail without suspicion or a warrant, that would have a huge chilling effect on First Amendment freedoms, because people in the United States would not feel free to correspond back and forth internationally, to send mail back and forth internationally if they knew that that correspondence could be read at any time by government officers. And that case from the seventies is of course relevant now to the question of border device searches, because the digital data that is contained there is the 21st century equivalent of our international correspondence in many ways. The communications we used to do over paper and by letter now happen electronically. So the same chilling effect, the same First Amendment concerns exist if we think that border officers can read the contents of our communications and the whole host of other information contained on our devices, every time we cross the border, without having any suspicion of wrongdoing. So that First Amendment case was another interesting case where the Supreme Court suggested that traditional border search rules, while they are very permissive and allow suspicionless searches of physical effects, they're not without limitation. The constitution does have something to say about border searches.
Separate from the line of cases, dealing with the traditional rules for border searches we have to also consider a line of cases discussing the application of the Fourth Amendment to the digital age. And in recent years, the Supreme Court has issued a series of decisions that have made clear that you can't mechanically apply traditional Fourth Amendment rules to novel technologies. That you have to actually assess what the privacy harms are from these new technologies and what new powers government agents are given to search into areas that are traditionally private and protected. I would say the overarching theme of many of these cases is the court seeking to preserve that degree of privacy from government intrusion that existed at the time the Fourth Amendment was adopted. So even though when the Fourth Amendment was adopted, we didn't have smartphones or anything like them, we have to look at, what sort of information do they contain? What privacy interests are implicated? And is this the type of information that the Fourth Amendment was meant to protect against? That the balance between what the government has access to and what we are entitled to keep private is preserved, even as we have new technologies. with the cases that I've listed, you see this trend coming repeatedly, where the Supreme Court requires a warrant for a search that is a novel type of search that implicates privacy.
In Kyllo v. the United States in 2001, that was about a thermal imaging device that let law enforcement get access to information inside people's homes without ever entering their homes. And the Supreme Court said you need a warrant for that because it does intrude on the traditional privacy of the home even though the officers are never entering. In Jones the United States, it was about a GPS transmitter on a vehicle. And again, the Supreme Court said, you need a warrant there because of the nature of the persistent tracking that a GPS transmitter enables. And also because it was a, you know, there was a property intrusion in placing the transmitter on the car. And the warrant is required, even though traditionally, officers could tail someone, they could tail them on foot, they could tail them by car, that wouldn't be a search. They might be able to get some of the similar location information, where someone's going, who they're seeing and speaking to. But using a GPS transmitter was a novel way of doing it and that did require a warrant.
In Riley v. California, which was a 2014 case, the Supreme Court held that you need a warrant to search cell phones incident to arrest. The traditional Fourth Amendment rule had always been that certain searches of someone after they've been arrested are permitted without a warrant. So you could search someone's pockets. You could look through the things that they had on them without a warrant. And that was okay, because once they'd been arrested, this search incident to arrest exception to the warrant requirement came in. The justifications for this exception were always that the officers are entitled to do the search to make sure there aren't weapons, so that they're safe after they've arrested someone. And also the preservation of evidence, just making sure someone who's been arrested doesn't immediately destroy whatever evidence they have on them. And the Supreme Court said, well, this is the traditional rule, but if we take that and apply that to searches of cell phones that someone's carrying on them when they're arrested, it doesn't make sense. And you need a warrant for those searches. Because they're highly invasive. The privacy interests implicated in searching the contents of a cell phone so greatly outweigh any government interests in preservation of evidence or officer safety that we don't apply the traditional rule here. And, you know, that was an again, a notable example of a traditional area where warrants weren't required. But a warrant is required when you're talking about digital searches, again, because of the invasiveness of the search. And because the justifications of officer safety and preservation of evidence didn't really apply with cell phones. They're not weapons. They can't themselves harm officers. And there were alternative means of preserving evidence.
Then the last decision most recently that takes this approach is Carpenter v. the United States from 2018, where the Supreme Court said, you need a warrant for historical cell site location history. And there again, they reexamined a traditional rule regarding the information that's held by third parties, in this case cell phone companies, which might have this historical location information. And the court said because of the invasiveness of this information and how it allows extensive tracking of someone's life, that privacy interest necessitates a warrant. So we have another example here of a traditional rule being reexamined for the digital age. What does this mean for the state of the law on border device searches? As you might imagine, courts have been reexamining the traditional rules, applying to searches of luggage, for example, at the border, as they consider what should limit searches of digital devices. So the Supreme Court's guidance on new technology and the Fourth Amendment has come into play now with how courts are examining digital device searches at the border. I'm now going to turn to covering the state of the law. There is currently a circuit split in the federal courts on the constitutional standards that apply. Some courts have imposed a higher standard for certain border device searches. And some courts have even considered whether these searches might require a warrant. But there's currently very different approaches being taken by the different circuits, which means that the rules that apply will actually vary depending on where in the country the traveler enters the United States.
Turning to the Ninth Circuit, which issued one of the first decisions squarely considering border device searches. In 2013 in US v. Cotterman, the Ninth Circuit sitting on bunk held that you need reasonable suspicion for a forensic search of a laptop. This decision interestingly came before the Supreme Court's decision in Riley v. California, which was the case that said, you need a warrant to search cell phones, incident to arrest. So prior to that Riley decision, the Ninth Circuit had already said, you need this heightened reasonable suspicion for forensic searches. In that case, they were looking at an extensive search of a laptop and looking at the huge amount of data and the quantity and quality of the data that officers were able to uncover. And they said that because of the privacy interest implicated you really, you cannot do it on a suspicionless basis.
In 2019, the Ninth Circuit added some gloss to that Cotterman decision in a case called US v. Cano. And in that case, the court said any border search of an electronic device has to be limited in scope to a search for digital contraband. So what this means in effect is that in the Ninth Circuit, manual or basic searches can be done without suspicion and advanced or forensic searches need to have reasonable suspicion. But regardless of what type of search you are doing, both searches have to be limited to a search for digital contraband. And this is a very meaningful limitation because it essentially says that if officers are looking for free floating evidence of wrongdoing, if they're looking for intelligence gathering information, that's not a permissible use of the border. All that the border search can be used for is to search for digital contraband itself. And there are very few things that would fall within the category of digital contraband. This is content that itself is unlawful to bring into the country or carry across the border. And, you know, very few things would meet that standard.
So for example, if an officer were merely looking at a contact list on a phone, trying to figure out associates of the traveler, put down names and numbers of people that they were interested in, that wouldn't be a search for digital contraband because the contact information, the numbers themselves are not unlawful, but if they were looking at images of child sexual abuse material, for example, that would be digital contraband. So the Ninth Circuit said very clearly that the searches have to be limited in this way. And that is a significant protection for travelers in that circuit. The fourth circuit has taken a different approach.
With United States v. Kolsuz, a 2018 decision, the Fourth Circuit held that a forensic search does require some level of individualized suspicion, but it declined to decide whether that has to be a warrant or some other standard. So, it's clear that you cannot do a suspicion list forensic search in the Fourth Circuit, but it wasn't decided whether that suspicion requires probable cause and a warrant, or whether some other level of heightened suspicion such as reasonable suspicion is sufficient. On top of that holding about the level of suspicion that's needed, the court said that any search of an electronic device at the border has to have some nexus to the border. So it cannot just be a free floating search for anything that might interest border officers. There has to be some connection to border and border enforcement. And in the Kolsuz case, which involved export control violations, the court found that searching for evidence of export control violations is a sufficient nexus. Now note that this is a limitation on the reasons for search, but it's a different limitation than the Ninth Circuit imposed, because in the Ninth Circuit, you couldn't simply search for evidence of a border related crime, evidence of wrongdoing. You could only search for the digital contraband itself, the unlawful material itself. But in the Fourth Circuit, the court said you can search for evidence as long as the violation that you're investigating is related to the border.
Then in 2019 in United States v. Aigbekaen, the Fourth Circuit builds on its decision in Kolsuz and it held that a warrant is required for a device search that is done to advance a preexisting domestic investigation. In that case, border officers were searching someone for evidence of a child trafficking violation. Now the government argued that child trafficking often has international elements. It can involve cross border aspects to it. And so, any child trafficking investigation, full stop should be considered a sufficient nexus to the border to allow for a warrantless search. But the Fourth Circuit rejected that reasoning. And it said in that case, the particular search at issue was for a purely domestic child trafficking investigation. There was no international component and because it was a domestic investigation, the government needed to get a warrant just as it would need a warrant if it wanted to do any domestic investigation. If the government showed up at our house tomorrow and said, I want to search your laptop for evidence of this crime I'm investigating, they would need a warrant for that. So they didn't get to use the border as an end run or a loophole around those requirements for an investigation that had nothing to do with international travel or border enforcement. The Aigbekaen decision is notably an instance where a federal court has in fact required a warrant for a search of a device that took place at the border. While no court has squarely held that all such device searches at the border require a warrant, This decision is noteworthy because the particular search at issue there, the court said had to have a warrant to be constitutionally valid.
The 11th Circuit has taken a different approach from the Fourth and Ninth circuits and has held that border searches of electronic devices require no suspicion whether they are manual or forensic. So no suspicion is required in the 11th Circuit. In the First Circuit, the operative rule was decided in a civil case that was brought by 11 plaintiffs who were challenging the CBP and ICE policies affirmatively. I was counsel in that case, Alasaad v. Mayorkas, And in that case the First Circuit held that no warrant or probable cause is required for any border device search. And it upheld the current CBP and ICE policies as written against constitutional challenge. And remember, under the CBP and ICE policies, that means reasonable suspicion for advanced searches, with the national security concern exception for CBP and no suspicion for basic searches. And the court also made clear that searches need not be limited to digital contraband. So it diverged from the Ninth Circuit there. And the First Circuit decision overturned summary judgment, which was in favor of the plaintiffs in that civil case, in which the district court had held that the Fourth Amendment requires that searches be limited to digital contraband and that they be based on at least reasonable suspicion for both basic and advanced searches. That's the state of the law currently. Those are the circuits that have clearly weighed in. Other circuits have considered the border device search case, but have often sidestep squarely deciding it because of other procedural grounds that they could decide the issue on.
What is most noteworthy about the cases that I've just described is that the effects of Riley and Carpenter, those decisions from the Supreme Court are now being seen in the lower federal courts, as they grapple with the issue of border device searches. And most critically is what Riley said about how you decide this Fourth Amendment question with respect to searches of cell phones. In Riley, the court balanced the government's interests in warrantless cell phone searches versus the privacy interests that people have in their devices. And the court said, this is how you decide whether an exception to the Fourth Amendment's warrant requirement applies to a particular search. So in Riley, it was considering the search incident to arrest exception. And of course, with border searches, the border search exception is a long standing exception to the Fourth Amendment's warrant requirement for certain routine searches, as I mentioned, physical searches and so forth. So if you're weighing the privacy interests against the government interests, Riley made clear that the privacy interests in digital devices are immense, both because of the quantity of information that's contained on devices, but also because the information is qualitatively different than searches of physical objects. So, not only is there an immense storage capacity in cell phones and laptops today, there's also a type of information on there that would never have previously existed. For example, browsing history, which doesn't have any analog version. And of course is incredibly revealing of our thoughts, intimate concerns, and again, it's just not information that existed prior to the digital age or historical location information down to the very minute detail of where you've been at every moment of the day, stretching back weeks, months, or years.
Similarly, metadata, which can reveal not just your image, but the people that were in a photo, the location, the time, all of this coupled together is just information that didn't exist when you had perhaps a paper photo album that you might have carried on you. So, this is the type of privacy concern that the Supreme Court had in mind in Riley, when it was weighing that against the government's interest in search. When you apply that to border searches of devices, courts similarly have to weigh the privacy interests in digital devices, which are the same as in Riley, versus the government's interest in the border search context.
In the Cano case, in the Ninth Circuit, which is the case in which the courts required that searches only be for digital contraband, the court noted that border searches advance the government's interest in keeping out people and goods that are not permitted to enter. And that's why it narrowed the scope of border searches only to digital contraband. Because it said it's not a general law enforcement or investigatory authority at the border that allows suspicionless, warrantless searches. It's just keeping out specific things that are not permitted to enter. And cell phones are not the same as physical contraband, drugs or weapons that cannot be brought in. And to the extent that they contain contraband, which is digital contraband, that's a very limited category of things. Because data generally is not unlawful in and of itself. It's not, not allowed to be brought into the country. It's usually what the evidentiary value of the data is that the government is searching for. But in those instances where there may be data that is itself not permitted to enter the country, those are the only instances in which the search is permissible.
Riley is not the only case that courts have to consider, Carpenter, which was the case in which the Supreme Court recognized the serious privacy interests in historical cell site location information is also relevant. In that case, the Supreme Court said we have a legitimate expectation of privacy in our record of physical movements that are captured through cell site location information. But of course, cell phones contain historical location information, whether through apps that we've used, maps applications or other applications that track our movements and our location. But that's just one category of the information that cell phones contain. So historical cell site location information was itself enough to trigger a warrant requirement in Carpenter. Cell phones can reveal that and much more. And that's one of the arguments that those of us who have been challenging border device search practices have made. And then lastly, the Supreme Court's decision in Ramsey, which I mentioned earlier about international mail is also relevant. There the concern was what would be the chilling effect on Americans' First Amendment rights if people living in the country could not correspond internationally without fearing that a border officer could read that correspondence at any time, without any justification or reason.
Of course, with digital data that is like international correspondence to the nth degree, given the quantity and quality of information. So that opinion may become more relevant as courts grapple with this question. That is an overview of the current state of the law. Now I'm going to turn to providing guidance to practitioners on challenging searches. If you've got clients who've had a device seized at the border. If you've had clients who've had devices searched. If you yourself have experienced this, I'm going to now address various options that are available to either prevent a search if it hasn't happened yet, or to get deletion of any information or data that was gleaned from a search or suppress the use of any such information or data in any criminal proceeding.
First, if a device has been confiscated by a border officer and has not yet been returned, you have a couple of options. One, you can file an administrative complaint with the agency that has the device, or you can file a Rule 41 motion to return property. There's no particular format that an administrative complaint has to take. You can write out your arguments there and submit it to the agency. Note what I said at the outset, which is that CBP is often the agency that will do the confiscation because CBP is the agency that encounters travelers at the border. But sometimes a device may be transferred to ICE or Homeland Security Investigations for later search. So you may want to first figure out whether it's CBP or ICE that have the device. Maybe to cover your bases you may want to file an administrative complaint with both agencies if you are unsure which agency currently has the device.
What can you do if a device has been returned to you and you're worried that information may have been retained from the device, either directly copied via forensic search, or maybe an officer did a manual search or a basic search, but took notes by hand recorded sensitive information and you're worried about that? A few things, one, you can file a Freedom of Information Act request on behalf of the person who wants information about what was retained about them. The way you would do it is you would have the person whose device was searched, file a FOIA with the agency, seeking agency records about them. That can result in disclosure of what the agency has on you, which could tell you if they retained anything from the search of your device. Two, you could file a Privacy Act request, seeking expungement of information unlawfully retained, or three, file a Rule 41 motion to expunge information. One thing to note is that a FOIA request will not lead to expungement of information because FOIA doesn't provide that. But it may tell you if you get records that this is the information the agency has on you. Whereas the Privacy Act route can provide expungement as an option. I've provided an example here of a sample administrative complaint that you could file with any one of the agencies. This particular sample complaint argues that CBP's policies on device searches violate the Fourth Amendment and makes the constitutional arguments against those policies. It also notes that CBPs policies lack protections for First Amendment rights, because they allow for questioning and device searches focused on and possibly on the basis of a traveler's expressive activities and or associations.
That's one thing that I haven't talked about much, but that is an other issue to be aware of. If a device search seems to be targeted on the basis of First Amendment protected expressive activities or associations, that may be a separate basis for challenging it. Apart from the fact that it was conducted without a warrant or without suspicion. The latter two arguments being Fourth Amendment arguments, but the First Amendment argument being focused on the singling out or selection of someone for search, because let's say there a journalist, let's say they're associated with certain groups, maybe politically disfavored groups or other groups, that might raise First Amendment concerns. And you can see that here, this complaint was on behalf of an artist. So the First Amendment argument is raised in addition to the Fourth Amendment argument. As I mentioned, these complaints don't have to follow a particular format, but you do want to lay out what the problem is. In addition to the constitutional arguments that you may want to make, of course you should note if there were any violations of the agency's own policy. So for example, as I mentioned, there are procedural requirements that are supposed to be followed for particularly sensitive information, such as attorney-client information or journalist confidential information.
So if you have a reason to know that the device contains, let's say, attorney-client privileged information, you should absolutely make sure that that's noted to the agency. Tell the agency that they are at risk of searching such information if they indiscriminately look in the device. And then, you know, make sure you point to the agency's own policies and say that they need to make sure that they follow those policies once they're put on notice that there is this particularly sensitive information on that device.
Let's say you're in criminal proceedings and you'd like to file a motion to suppress evidence that's been obtained from a warrantless border device search on behalf of a client. You've got the potential legal arguments that I've already mentioned, the Fourth Amendment argument. And if you're in a circuit that hasn't already definitively weighed in on that question, you can argue that a warrant is required under the Fourth Amendment or in the alternative, individualized suspicion. If you're in the Ninth Circuit, for example, and the search went beyond a search for digital contraband, then you would have the argument there that it was in violation of that circuit's governing precedent. Of course, you can still argue the larger Fourth Amendment argument that a warrant is required if you'd like to preserve that argument because the Supreme Court hasn't definitively weighed in on that. So you can certainly make the broader argument about a warrant being required.
But then of course, in the alternative, you want to look at the circuits govern law and for example, argue for individualized suspicion or a digital contraband limitation as an alternative constitutional limit. Similarly, in the Fourth Circuit, you would want to make sure that the search adhered to the requirement of a border nexus and that officers hadn't tried to advance a preexisting domestic investigation, which the Fourth Circuit said is not a permissible reason for a warrantless search. You could also make First Amendment arguments, as I mentioned, especially where you have facts about particular targeting of someone for search on the basis of First Amendment protected activity. If there has been a violation of attorney-client privilege or search of confidential materials, those would also be arguments you could make in a motion to suppress evidence.
Particular relevant facts that you might want to consider before filing that motion to suppress to the extent that you can uncover these facts, one, did the device contain attorney-client privileged material or work product or journalist confidential source material, trade secret material, or any other particularly sensitive material, such as doctor-patient privileged material, or, you know, a religious counselor's privileged material. Those are all kinds of facts that you want to establish about what was on the device to the extent that there have been violations of those privileges through the search that happened. Was the traveler singled out for the search on the basis of association, political or religious beliefs or some other impermissible factor? Any such facts would go towards whether there's a cognizable First Amendment claim that you might make. There was a district court decision in the district of Massachusetts House v. Napolitano, in which the court held that a plaintiff did have a first amendment claim based on allegations of being singled out for a border device search, on the basis of lawful political association.
So establishing those facts might mean looking at the circumstantial evidence around the search. Was there anything that the border officer said to the traveler or your client about why they were searched? Were they asking particular questions that tended toward religious or political or other lawful association? These are the kinds of things that could help you establish whether there is that kind of First Amendment based targeting claim. Other facts that you'd want to establish include whether border officers were searching for digital contraband or evidence.
Again, you might look to the questions that the officers asked, whether they seem to be pertaining to looking for digital contraband material on the device itself, or whether they seem to be interested in more intelligence gathering. Sometimes when officers conduct device searches, they may do it in front of the traveler and ask questions about data that they find on the device. So that can be direct evidence of whether they were looking at things that were not digital contraband. Things like going through contact lists or text messages that were just text and had no images, for example. Or looking at metadata and location history, which is not digital contraband. Those kinds of facts would be relevant to making an argument that the search went beyond a permissible scope for digital contraband. If the officers were looking for evidence, was the evidence connected to an ongoing law enforcement investigation unrelated to the border? And this again, could help to establish a violation of the Fourth Circuit's requirement or in other circuits where that argument could be made that a completely unconnected to the border investigation violates the Fourth Amendment, you'd want to have those facts.
Another relevant fact is, was the device search done at the request of another law enforcement agency? If you can get evidence about this, for example, if local law enforcement was conducting an investigation and then asked border officers to search a client's device when they were returning from an overseas trip, that would be relevant to your constitutional arguments, because that would, again, tend to show that the border was used as a loophole around domestic protections, and that this was not a typical customs or immigration related search, but it was a convenient way to do a warrantless search of someone who was already under investigation for something that had nothing to do with their international travel. And another fact you might wanna establish is, was the person of interest someone other than the traveler whose device was searched?
In the Alasaad district court civil case that I mentioned, which went up to the First Circuit, there was an extensive record established in which the agency noted that it could often claim the authority to search someone's device for example, if the traveler is a business person and they have a business partner who's of interest and their device might have communications with that business partner. Or searching US citizens who have undocumented family members or friends for information about those undocumented family members or friends. And regardless of whether those searches could be tied to customs and immigration enforcement, that's an argument you're going to want to make, that by searching the person who was not themselves under suspicion, that that was an impermissible use of border search authority, regardless of whether it's claimed to be for immigration enforcement and the traveler would have information on their device, that's relevant to those things. So, those are all facts that, to the extent you can explore, you'll want to explore. And they can help strengthen any motion to suppress that you file.
Now, I'd like to turn to practical tips for travelers. Given the state of play with the policies as they are, and with the circuit splits and the differing standards, depending on where you enter the United States, what can you do if you have particularly sensitive data, or you just generally don't want border officers searching your devices?
The first tip is simply to travel with as little data as possible. That means if there's a device that you don't strictly need to take with you, and let's say, it's your work device, your work laptop, and you're not planning to do any work on your overseas trip, it may be better to leave that behind if you're on the fence about its utility to you on that trip. Put your device in airplane mode when crossing the border. This is critical because both ICE And CBPs say that border officers should not be searching cloud data per their own policies. And officers should be putting phones and laptops in airplane mode before they conduct a search. But of course, sometimes that doesn't happen. If your device is already in airplane mode, then that's a much greater protection because then an officer would affirmatively have to take it off airplane mode to get cloud data, as opposed to an officer simply forgetting or failing to put the device in airplane mode. Password protect your device and use encryption. And if your device is searched by a border officer and confiscated, get a receipt. That receipt can be important in tracking down the device later, particularly if it's held for weeks or months. If you're subject to a border device search. If the officer asks for your phone, let's say, and you have particularly sensitive information on there, you should absolutely inform the border officer of that.
If you're a lawyer, for example, and you know that your device has attorney-client privileged material or other confidential information, if you're a journalist and you've got source information or other confidential journalistic work product, if you've got certain business confidential information, you absolutely should inform the officers of that. Because without doing that, it's going to be difficult to invoke the procedural protections in the policy. As minimal as they may be, it's incumbent on you to inform the officers if your real concern is that that information never be searched. After the fact, of course, you may try to have that information expunged from the agency. You may try to have it suppressed in any criminal proceedings, but that after the fact work can be very difficult and uncertain. So if what you really want to do is prevent the search at the outset, you should absolutely tell border officers of that information. And this is all covered in section 5.2 of CBP's 2018 policy. It outlines the processes that are supposed to happen when privileged or sensitive material is on a device. Let's say you're at the border and an officer has asked to search your device and the device is password protected.
What are your obligations if the officer asks you to unlock the device or to provide the password? The implications of refusing to unlock a device differ depending on the traveler's immigration status. For US citizens and lawful permanent residents who've maintained their lawful permanent resident status, they cannot be denied entry to the United States. If you refuse to unlock a device or provide a password, it might lead to delays at the border. If the officers cannot search the device, they're, you know, they're saying that they want to search the device, but they need the password, or they need you to unlock it and you refuse to do so, you should be aware you might be held longer. But at the end of the day, you cannot be refused entry into the country. It may also mean that your device is seized and confiscated, and you are allowed into the country. So, what you decide to do in that circumstance really depends on your own risk reward calculus. For some people, if the information is particularly sensitive and they'd rather contact their lawyer or deal with the issue later, they may refuse to unlock the device, be allowed into the country, but then not have the device with them while they work out trying to get it back or prevent a search. For some other people, losing access to your smartphone or your laptop with its critical information on it may just not be an option. So you'll have to think carefully about your own risk and reward and threat model there. But those are the options for US citizens and lawful permanent residents. For visa holders and other travelers, if you don't unlock a device or provide a password to the device, then you do risk being denied entry to the country.
So there again, travelers should consider their own options and preferences when deciding what to do. And travelers who aren't US citizens and lawful permanent residents may want to think especially carefully about the information that they have on their devices, particularly if they're really sensitive and the information absolutely cannot be searched. One thing that border officers should not be doing is asking for passwords to social media accounts with information in the cloud. Again because their own policies say that cloud data should not be searched. So, asking for a password to a social media account so that they can search the things that you've been saying that should not be permissible. And if that happens, again, you have to consider your own immigration status because refusal to provide that information for a visa holder and other traveler could result in denial of entry, though you may want to contact a lawyer after the fact. But for US citizens and lawful permanent residents, this is also important information to keep in mind that you cannot be refused entry into the country for not providing a password to a social media account.
That's the end of all of the topics I'm gonna cover in this CLE. But to recap the key points, one, is that government policies distinguish between basic and advanced device searches. Devices can be confiscated and retained after travelers leave the border. Information that border officers glean from a border device search can be retained if it pertains to immigration, customs, or other enforcement matters, without requiring probable cause. And that information can be shared with other agencies and foreign law enforcement entities.
So, once a search is taken place, remember that it's not just the agency that searched your device that may have that information. Which may be relevant if you are seeking to expunge that information. You may want to both make the request of the agency that did the search, but also try to track down or require the agency to disclose where else they sent that information. The current legal standards for device searches at the border are contested. There are different standards depending on the federal circuit court. And the Supreme Court has not yet weighed in on the specific question of the standard for border searches of electronic devices. And this open question is particularly salient now because of the Supreme Court's decision in 2014, in Riley v. California. More and more courts are considering the application of traditional border search rules under the Fourth Amendment to digital device searches. And so motions to suppress that district courts are entertaining now will have to take account of the evolving Supreme Court jurisprudence involving novel technologies. Even if there isn't circuit precedent directly on point. It's important to identify attorney-client privileged material and other confidential material at the point of search. It might be possible to get remedies after the fact including expungement, but of course the harm of search has already happened.
So to the extent that you can prevent those privileged materials being searched in the first place, it is best to do so. And it is best to advise clients traveling with that information, to have that in mind. And then finally the best protection is to limit sensitive information on devices during international travel. If you know that you're going to have to acquire particular information during your trip, let's say you're going abroad for work, and you're going to be doing work related activities and you're gonna have confidential material from that.
It may be that you want to have that information in the cloud during the period that you're traveling so that it's not subject to search on your device. And then re-download that once you're back in the United States, that's one option that you can choose. Of course, you have to then weigh the pros and cons of using a cloud service for of confidential information. And again, you have to conduct a risk assessment of the likelihood that you would be searched at the border versus any risks with using the cloud. But that is an option that is available for people who need to acquire information abroad and know that they're going to get that information overseas and therefore cannot limit what they're carrying in advance, the cloud may be an option to consider.
And then of course, finally, the choice of what to do if you're asked for a password at the border will depend on your immigration status. Travelers who are particularly worried about search should consider in advance what their preference would be if they are put in the position of being asked to give a password and potentially risking denial of entry, if that's a risk for them, versus for US citizens and lawful permanent residents potentially being delayed at the border or having your devices confiscated and unavailable to use for weeks or months.
Lastly, I haven't addressed the rules that apply when you are entering another country other than the United States, but it, to the extent that you are worried about border officers in a foreign country, searching your devices, the practical tips here to limit what you're carrying physically resident on your device, would protect you in those circumstances as well. Although the legal regimes there may be very different.
That's the end of this CLE. Thank you very much for listening.
Traveling Internationally With Digital Data: A Changing Legal Landscape for U.S. Border Searches
* Claim credit(s) for one free course during your 7-day trial.
Credit information
Jurisdiction | Credits | Available until | Status |
---|---|---|---|
Alabama | |||
Alaska |
| ||
Arizona |
| ||
Arkansas |
| ||
California |
| ||
Colorado |
| December 31, 2024 at 11:59PM HST | |
Connecticut |
| ||
Delaware |
| ||
Florida |
| ||
Georgia |
| ||
Guam |
| ||
Hawaii |
| ||
Idaho | |||
Illinois |
| ||
Indiana | |||
Iowa | |||
Kansas |
| ||
Kentucky |
| ||
Louisiana | |||
Maine |
| December 31, 2026 at 11:59PM HST | |
Minnesota |
| ||
Mississippi |
| ||
Missouri |
| ||
Montana | |||
Nebraska |
| ||
Nevada |
| March 15, 2025 at 11:59PM HST | |
New Hampshire |
| ||
New Jersey |
| ||
New Mexico | |||
New York |
| ||
North Carolina |
| ||
North Dakota |
| ||
Ohio |
| ||
Oklahoma | |||
Oregon |
| February 22, 2025 at 11:59PM HST | |
Pennsylvania |
| ||
Puerto Rico | |||
Rhode Island | |||
South Carolina | |||
Tennessee |
| ||
Texas |
| ||
Utah | |||
Vermont |
| ||
Virginia | |||
Virgin Islands |
| ||
Washington |
| February 22, 2026 at 11:59PM HST | |
West Virginia |
| ||
Wisconsin | |||
Wyoming |
Alabama
Credits
Available until
Status
Alaska
Credits
- 1.0 voluntary
Available until
Status
Arizona
Credits
- 1.0 general
Available until
Status
Arkansas
Credits
- 1.0 general
Available until
Status
California
Credits
- 1.0 general
Available until
Status
Colorado
Credits
- 1.0 general
Available until
December 31, 2024 at 11:59PM HST
Status
Connecticut
Credits
- 1.0 general
Available until
Status
Delaware
Credits
- 1.0 general
Available until
Status
Florida
Credits
- 1.0 general
Available until
Status
Georgia
Credits
- 1.0 general
Available until
Status
Guam
Credits
- 1.0 general
Available until
Status
Hawaii
Credits
- 1.0 general
Available until
Status
Idaho
Credits
Available until
Status
Illinois
Credits
- 1.0 general
Available until
Status
Indiana
Credits
Available until
Status
Iowa
Credits
Available until
Status
Kansas
Credits
- 1.0 general
Available until
Status
Kentucky
Credits
- 1.0 general
Available until
Status
Louisiana
Credits
Available until
Status
Maine
Credits
- 1.0 general
Available until
December 31, 2026 at 11:59PM HST
Status
Minnesota
Credits
- 1.0 general
Available until
Status
Mississippi
Credits
- 1.0 general
Available until
Status
Missouri
Credits
- 1.0 general
Available until
Status
Montana
Credits
Available until
Status
Nebraska
Credits
- 1.0 general
Available until
Status
Nevada
Credits
- 1.0 general
Available until
March 15, 2025 at 11:59PM HST
Status
New Hampshire
Credits
- 1.0 general
Available until
Status
New Jersey
Credits
- 1.2 general
Available until
Status
New Mexico
Credits
Available until
Status
New York
Credits
- 1.0 areas of professional practice
Available until
Status
North Carolina
Credits
- 1.0 general
Available until
Status
North Dakota
Credits
- 1.0 general
Available until
Status
Ohio
Credits
- 1.0 general
Available until
Status
Oklahoma
Credits
Available until
Status
Oregon
Credits
- 1.0 general
Available until
February 22, 2025 at 11:59PM HST
Status
Pennsylvania
Credits
- 1.0 general
Available until
Status
Puerto Rico
Credits
Available until
Status
Rhode Island
Credits
Available until
Status
South Carolina
Credits
Available until
Status
Tennessee
Credits
- 1.0 general
Available until
Status
Texas
Credits
- 1.0 general
Available until
Status
Utah
Credits
Available until
Status
Vermont
Credits
- 1.0 general
Available until
Status
Virginia
Credits
Available until
Status
Virgin Islands
Credits
- 1.0 general
Available until
Status
Washington
Credits
- 1.0 law & legal
Available until
February 22, 2026 at 11:59PM HST
Status
West Virginia
Credits
- 1.2 general
Available until
Status
Wisconsin
Credits
Available until
Status
Wyoming
Credits
Available until
Status
Become a Quimbee CLE presenter
Quimbee partners with top attorneys nationwide. We offer course stipends, an in-house production team, and an unparalleled presenter experience. Apply to teach and show us what you've got.