When entering the United States through an airport or seaport, your electronic devices – laptops, phones, tablets – can be subject to search by Customs and Border Protection (CBP). A basic search involves an officer manually reviewing the device’s contents without using any external tools. An advanced search uses specialised equipment to access, copy and analyse the data on your device. This more invasive search requires reasonable suspicion of a law being broken or a national security threat, and must be approved by a senior Customs or Border Protection official. But border agents do not need a warrant to conduct either one of these searches. An electronic device subject to search is any “that may contain information in an electronic or digital form, such as computers, tablets, disks, drives, tapes, mobile phones and other communication devices, cameras, music and other media players”, according to Customs and Border Protection. We say everyone should have a plan before travel Sophia Cope, senior lawyer with the Electronic Frontier Foundation The issue has made headlines in recent weeks after a lawyer was detained in early April at the Detroit airport by customs officials, who told him they would confiscate his phone unless he gave it to them to look through his contacts. Because he was a US citizen, he was given back his phone and eventually allowed to re-enter the country after a family holiday in the Dominican Republic. “We say everyone should have a plan before travel,” said Sophia Cope, senior lawyer with the Electronic Frontier Foundation (EFF), a non-profit organisation focused on civil rights in the digital age. The EFF created an extensive guide on how to protect your digital privacy at the border. Cope said the foundation does not “discourage people from handing over the actual physical device”, as federal agents have the right to inspect it. However, Cope said to be aware that an officer may ask for a device to be unlocked or requests the passcode. “The traveller has to know what they’re going to do in that moment. either they’re going to comply or they’re not going to comply.” Here are key steps in protecting the data on your device: 1. Minimise your phone’s data Before you travel, delete sensitive data on your phone or move it to secure cloud storage, and log out of accounts that contain it. The EFF also suggests leaving behind electronic devices such as laptops and computers, if possible. 2. Use strong passwords and encryption Enable full-disk encryption – on an iPhone, go to Settings and Face ID & Passcode, where you should see the phrase data protection is enabled at the bottom of the page. Also, set up strong, alphanumeric passwords and disable facial recognition and fingerprint identification, as these may be easier to compel. CBP and other law enforcement agencies can use advanced forensic tools to recover deleted files and reveal past activity on your device, even if it is not visible at first glance, according to the Electronic Frontier Foundation. The EFF discourages people from trying to hide data on their devices. We recommend against using methods that may be, or even appear to be, calculated to deceive or mislead border agents about what data is present on a device,” she said. 3. Back up your data “Backups prevent your data from being lost if your device is seized, stolen, or broken – risks that are significantly heightened during international travel,” according to the EFF. Sometimes having a completely wiped phone or that kind of very clean travel device might itself raise suspicions Sophia Cope, Electronic Frontier Foundation, on using a burner phone The EFF has a guide on how to enable advanced data protection on iOS and a Surveillance Self Defence Guide. You may choose to safeguard your data at home or work or use an online backup you can access while travelling. 4. Power down devices Turn off your devices completely and make sure they are disconnected from Wi-fi before arriving at Customs. This ensures that full-disk encryption is active and adds a layer of protection. 5. Get a temporary phone For especially sensitive travel, consider using a temporary or burner phone with only the essential data needed for your trip, but be prepared for any questions that may arise from agents. “Sometimes having a completely wiped phone or that kind of very clean travel device might itself raise suspicions,” said Cope. She suggests that travellers be prepared to give an honest answer when using a travel phone. “You don’t want to be in a situation where what you’ve done or what you are saying could be interpreted as lying to a federal agent, and that’s a crime,” Cope said. 6. Know your rights You have the right to refuse a search – even if there may be consequences, such as having your electronics confiscated. Assert your rights calmly and ask whether you are free to go. If a device is confiscated, ask for a receipt. Cope said if you choose not to comply with a request, border agents might let it go if it is just a routine inspection and you are not a specific concern, but there is also a chance it could upset them. “You kind of have to hope for the best,” she said. 7. Be prepared to seek legal support If you believe your rights are violated, legal organisations like the EFF can help. Document the encounter and seek help as soon as possible. 8. What about social media? Under its 2018 policy, “CBP expressly says that they are not allowed … to look at live cloud content”, Cope said. To make sure officers do not access any information stored online, CBP officers will either ask the traveller to turn off internet and network connections or they will turn them off themselves, according to the CBP website. This includes both public and private social media – whether it is a public Instagram or a private Facebook account, Cope said. Previously, she said, officers were able to open the apps and scroll through the accounts. This rule also applies to other devices like laptops or iPads. Customs agents are only permitted to review data “resident on the device”, which means information that is physically stored on the hard drive, Cope said. However, she notes a technical caveat: even though data like emails or social media content live primarily in the cloud, “copies are downloaded onto the device”, so agents might still see remnants of cloud content. She recommends that travellers “delete social media apps” and “clear the cache” in browsers as a precaution.