US border security can legally search your phone. Here’s how to protect it
By Sophie Dickinson
Since Trump’s inauguration in January, entering the US has become increasingly fraught. A French scientist was recently denied entry at the border after officials found messages on his phone critical of the president, while some journalists have been warned against storing sensitive material on their phone, and EU diplomats have been advised to travel with so-called “burner” devices when visiting the country. A Traveller reader was also denied entry without a clear reason, after border officials questioned why he had flown via Hong Kong and examined the contents of his phone.
There have been numerous reports of visitors arriving in the US having their phone searched and, in at least one case, being refused entry as a result.Credit: Getty Images
Despite a decline in the number of tourists travelling to the US since the new administration took hold, a large number still arrive in the country every day. Whether you’re travelling for business or pleasure, the US Customs and Border Protection (CBP) has the authority to search digital devices: for most travellers, there should be no issue, but it’s good practice to be proactive about cybersecurity regardless. Here’s everything you need to know.
Can the US Customs and Border Protection search my phone?
In a word: yes. The CBP can search phones as, generally, border zones fall outside of the Fourth Amendment protections (which usually require a warrant for a device to be searched). Officials can ask for your PIN or biometric information, like your thumbprint or face ID, to access the data. Mobile phones, computers, tablets and cameras can all be searched under the same powers.
American citizens can refuse a device search without being denied entry (though doing so may lead to further questioning), while foreign visitors – even those arriving for a holiday – can face detention or deportation if they refuse a device search.
US border officials can search the phones of arriving foreigners without a warrant. Australia’s Border Force also has this power.Credit: Getty Images
Similar rules apply in various other places around the world, including here in Australia and in New Zealand – but the new administration in the US means the practice is under greater scrutiny and, according to some reports, becoming more widespread.
What does a mobile phone search involve?
This usually depends on your legal status and right to enter the US. Searches can take the form of a manual search (where a border guard looks through the contents of your phone) or include an advanced, forensic download of data. The latter will, of course, take considerably longer.
“Searches can be random,” says Sophia Cope, senior staff attorney at the Electronic Frontier Foundation. “But we also know that travel history and prior law enforcement encounters can increase the likelihood of being pulled into secondary inspection.”
Will travelling with an alternative phone help protect my data?
You might try travelling with an alternative phone – either a totally new device, or an old one which has been wiped clean and repurposed. Importantly, it shouldn’t be a completely blank device – that will seem unnecessarily suspicious. Instead, it should be a version of your “real” phone, complete with messages, photos and apps. The difference, of course, is that the messages and photos won’t include any details of your political views or years worth of travel information.
Some experts suggest putting your phone away at border control and using only paper documentation.Credit: Getty Images
So what should an alternative phone include? It’s an idea to have a travel-only email address that you can access from this phone and that can hold all your holiday information. This can also be used to log into any apps you might need, whether that’s for accessing accommodation or transportation.
Downloading an encrypted communication app – like Signal or Whatsapp – means you’ll still be able to message people at home (try using an eSim to save on data roaming overseas). For true cybersecurity, it’s probably best if this phone does not share your usual phone number. And if you typically use social media, having a travel account on, for example, Instagram, is a good idea – it’s something you can show the CBP without giving away too much personal information.
For most, this level of security will not be necessary (especially if you are just visiting for a holiday). It might, however, give some travellers peace of mind.
If this seems like too much hassle, you can still travel with your primary phone. Experts recommend removing old messages and apps, especially those that might reveal something about your identity (such as LGBTQ+ dating apps, for example).
“Everyone should back up their data, because if the phone is confiscated or the data is corrupted somehow, that data will be lost,” says Cope.
“People should minimise or delete the sensitive data on their phone – what that means is unique to each person,” she adds.
Without very precise cybersecurity measures, it can be hard to totally wipe all traceable elements from a phone. Cloud backups can reveal information previously thought to be deleted, and some apps can save files without it being immediately obvious to the user (but can be found using a forensic search). For most, a quick deletion exercise should be enough. But to be completely thorough, read more information on Amnesty’s Security Lab website.
What should I do before I travel?
It’s important that your phone’s software is up to date, as this will mean encryption and security are at their strongest.
If you plan to refuse a search, make sure you have biometric entry (like fingerprints or face ID) turned off, and instead use a numerical code – something that only you know.
Some experts recommend an “out of sight, out of mind” method. When approaching border controls, put your phone away and use only paper documentation. Having travel information available readily will allow you to keep the interaction device-free – and therefore avoid it becoming an item of interest.
How you choose to protect your devices will likely be informed by how at risk you feel. Those with passport stamps from certain countries, or who have been previously profiled, will probably feel more at risk – and may want to take precautions.
Molly Cyr from the Security Lab at Amnesty International says that travellers should consider their personal circumstances before taking any steps to remove data.
“We know there’s a lot of worry about border crossings at the moment, but it’s not everyone who is at risk of further searches,” she says. “People should do a mini risk assessment and make sure that they take precautions before leaving.”
The Telegraph, London
Sign up for the Traveller newsletter
The latest travel news, tips and inspiration delivered to your inbox. Sign up now.