Border officials searching travelers’ electronic devices cannot use them to get at information stored in the cloud, U.S. Customs and Border Protection said in a new policy Friday that puts some firm limits on the extent of border searches.
CBP also announced new rules limiting officers’ ability to collect and store travelers’ passwords, requiring the passwords to quickly destroyed after they are no longer needed to get into the devices the officers are searching.
The changes come as searches continue to spike: Officers searched 30,200 devices last year, which was up more than 50 percent over 2016.
“As CBP trains more officers in this, as we get more familiar with the content that is found, and as we adjust our operations as how threats emerge, we also change how we do things — so we will search more devices,” a senior agency official said as the new policies were announced. The official briefed reporters on condition he not be named.
Border searches have been controversial for years, but the proliferation of tablets and smartphones and the increase in the amount of personal information people store on them has made the devices a juicy target for searches — but also raised questions about limits.
CBP, an agency within Homeland Security, said officers had been discouraged from searching the cloud but this week’s new policy lays out the limits.
The senior agency official said CBP is authorized to conduct a border search, which means what a traveler brings as he or she crosses into or out of the country. They concluded that the cloud constituted information beyond the border, and so it shouldn’t be subject to a search.
“It’s only what’s physically present on the device at the time they’re entering and departing the United States,” the official said.
The new guidance also lays out the types of searches officers conduct.
Any officer can decide to conduct a “basic” search based on their own judgment, and the search usually entails scrolling through call logs, photo streams and the like.
An “advanced” search requires an officer to have reasonable suspicion of criminal behavior and approval of a supervisor. That search can involve copying the data to use in an investigation later.
Officers also are allowed to confiscate and hold a device and attempt to breach it if someone refuses to cooperate in providing access.
Officials insist those instances are rare, but did not provide numbers.
CBP said the added level of approval for advances searches goes above what’s required by law.
The American Civil Liberties Union disagreed, saying that while the higher standards were a step in the right direction, “this policy still falls far short of what the Constitution requires — a search warrant based on probable cause.”
“The policy would still enable officers at the border to manually sift through a traveler’s photos, emails, documents, and other information stored on a device without individualized suspicion of any kind,” said Neema Singh Guliani, legislative counsel at the ACLU.
She also said travelers should have the freedom to refuse to provide passwords or otherwise help officers peek into their private affairs.