A Stand Against Invasive Phone Searches at the U.S. Border

A senator has joined human-rights groups in opposing warrantless scans of travelers' digital devices.

A traveler scans his fingerprints at the Houston airport as a customs officer monitors his computer.
Customs agents have asked incoming travelers—some of them U.S. citizens—to unlock their smartphones and allow them to be searched. (Dave Einsel / Getty)

For years, travelers entering into the U.S.—whether they’re citizens or not—have been pulled aside at the border and pressured into giving up passwords to their phones and other electronic devices. Customs agents have claimed the authority for these searches under the auspices of a broad exception to Fourth Amendment rights that applies at the border.

But Senator Ron Wyden, a Democrat from Oregon, has a few questions about that legal authority. He sent a letter to the secretary of the Department of Homeland Security on Monday, expressing dismay at reports that people were being asked to unlock and hand over their smartphones at the border. He also said he’s planning on introducing a bill to require agents to get a warrant before searching a device, and to prevent DHS from implementing a new policy that would require foreign visitors to turn over their online passcodes before visiting the U.S.

The news reports began last week: First, there was Sidd Bikkannavar, the U.S.-born NASA engineer who was detained at the Houston airport after a two-week vacation in Chile. He was pressured into turning over the passcode to the smartphone he was carrying, which was owned by his employer, NASA’s Jet Propulsion Laboratory.

Then there was Haisam Elsharkawi, an American citizen who was stopped at the Los Angeles airport before getting on a plane to Saudi Arabia. He was handcuffed, questioned, and pressed into giving up his smartphone’s passcode. After a 15-minute search, Elsharkawi was released.

Customs and Border Protection, the agency that secures the border crossings like international airports in the U.S., has conducted invasive digital searches on travelers before. It’s not clear whether these searches at the border have increased in frequency or intensity since President Trump took office.

But since Trump signed a hastily assembled executive order temporarily barring visitors from seven Muslim-majority countries from entering the U.S., America’s borders have come under intense public scrutiny. It could be that CBP officers have become more aggressive about searching travelers—or perhaps the stories of travelers who submitted to digital searches are surfacing more readily.

Wyden asked DHS Secretary John Kelly for detailed statistics on the number of times customs agents asked for or demanded a smartphone or computer password in the past five years as well as since Trump took office in January. He also asked how Customs and Border Protection, or CBP, justifies these searches legally, focusing specifically on the Fifth Amendment, which protects people from testifying against themselves. (I’ve written before how the Fifth Amendment prevents law enforcement from demanding that someone give up a password—and how it may not apply to devices that are unlocked via fingerprint, iris scans, or speech patterns.)

“Indiscriminate digital searches distract CBP from its core mission and needlessly divert agency resources away from those who truly threaten our nation,” Wyden wrote. He warned that uncertainty about what data might be seized at the border could harm businesses whose employees regularly travel overseas.

The senator also took aim at a proposal that Kelly put forward in front of the House Homeland Security Committee two weeks ago. He suggested that visitors may be required to turn over passwords to their social-media accounts or risk being denied entry. The idea alarmed privacy advocates, who say such a rule would give CBP agents an overly broad look into travelers’ digital lives.

Issuing a blanket approval for social-media searches at the border could run into thorny legal issues, too. To get a subject’s personal information from a company like Facebook, Google, or Apple, law enforcement must first obtain a subpoena or a search warrant, which it can then use to ask the company to turn over relevant data. Getting social media passwords straight from a traveler would end-run this system.

“By requesting a traveler’s credentials and directly accessing their data, CBP would be short-circuiting the vital checks and balances that exist in our current system,” Wyden wrote to Secretary Kelly.

The senator asked DHS for statistics on social-media searches that took place at the border since 2012 and since Trump’s inauguration, and for the legal basis for the social-media search proposal. He suggested that those searches could violate the Computer Fraud and Abuse Act, which forbids unauthorized access to computers and networks.

On Tuesday, the Center for Democracy and Technology also released a letter pushing back against social-media searches. The letter, which was signed by dozens of human-rights organizations and security experts, called the proposal a “direct assault on fundamental rights.”

The letter warned that such a policy would discourage people from using online services and from traveling with their own devices. More worryingly, it could set a new precedent that would lead other countries around the world to follow suit.

“Demands for passwords are incredibly invasive,” said Emma Llansó, the director of the free expression project at the Center for Democracy and Technology. “This is not a precedent that the U.S. government should set.”

The senator’s involvement, plus the forceful letter from respected organizations and experts, ramps up political pressure on the Department of Homeland Security, which has been widely panned for how it handled the rollout of the travel ban in January.

In his own letter, Wyden announced that he would introduce a bill “shortly” to “guarantee that the Fourth Amendment is respected at the border.” It would require agents to get a warrant before searching a device, and would bar DHS from requiring passwords to online accounts like Facebook or Twitter.

The bill will likely face an uphill battle in Congress, where national security and law enforcement concerns have historically trumped digital privacy. (An update to a three-decade old privacy law has been stalled for years.) A spokesperson for Wyden would not provide any more details about the legislation, saying only, “stay tuned.”