photo by Jonathan Cutrer
A federal judge has finally ruled that there is a limit on how much fishing a border agent can do in the deep pool of personal data on your mobile device. But it is a pretty generous limit.
Millions of Americans are flying today, one of the busiest travel days of the year. While most of today’s heavy airport traffic is domestic, international arrivals continue to face potential pressure to allow government agents to rifle through the contents of smartphones, tablets and laptops. As I have written before, it is obvious to any traveler who gives it a moment’s thought why such searches are much more invasive than a look through a carry-on bag. Agents might see anything from romantic correspondence to sensitive medical information to financial data. Many travelers have reported pressure to unlock or unencrypt devices, for no stated reason at all (much less a warrant). In fiscal 2018, the government conducted more than 33,000 electronic searches at the border. That number exceeded 40,000 in fiscal 2019.
The new ruling does not shut down this practice. Still, the decision by U.S. District Judge Denise Casper in Boston marks what apparently represents the first time any federal court has restricted the ability of Customs and Border Protection agents to demand passwords, logins and user handles to browse through someone’s digital universe when that person enters the United States. Immigration and Customs Enforcement agents also sometimes conduct similar searches; the same restrictions will apply. Earlier rulings, in contrast, have essentially given border authorities carte blanche. Agents could examine not only whether a traveler is entitled to enter the country and whether the traveler is carrying material subject to duty or exclusion, but could look for pretty much anything at all.
In a case brought by 10 U.S. citizens and one lawful permanent resident, Casper held that border agents must have a reasonable suspicion that devices contain “contraband,” such as child pornography, before either demanding access to the device’s data or using external peripherals to extract files for examination and storage. Casper also rejected the claim that groundless searches would cause minimal harm to their targets.
The judge stopped well short of granting the full scope of the plaintiffs’ requests. These included requiring agents to get court-issued warrants based on probable cause (a higher standard than reasonable suspicion) before searching device contents. Casper noted that no court has yet required a higher standard than reasonable suspicion for a search at the border. The plaintiffs, some of whom have had devices searched on multiple occasions, also sought an order forcing the government to expunge any information it has already collected from their devices. The judge turned them down.
This may not sound like much of a legal victory. As a practical matter, it probably is not. Agents will be trained on the definition of “reasonable suspicion,” and they will almost certainly find some basis – plausible or otherwise – to articulate it when they want to rifle through a border-crosser’s digital life. Courts are historically loath to second-guess such law enforcement activity, or to apply even such seemingly mild sanctions as expungement when they find it crosses constitutional boundaries. The Department of Homeland Security has long contended searches at the border do not require warrants. So far the courts agree.
But Casper’s decision at least points to the direction the legal tide is flowing. Even the CBP has implicitly acknowledged as much. In January 2018, after several highly publicized cases in which its agents made sweeping demands – including forcing an employee of the federal Jet Propulsion Laboratory to grant access to a device containing sensitive data – CBP imposed a policy requiring reasonable suspicion before its agents conduct an “advanced” search. An advanced search is one in which external machines are connected to the traveler’s device, either with a cable or wirelessly. These devices can then review, copy and analyze the device’s content, including potentially recovering deleted information. But CBP and ICE have continued to assert that their human agents can demand access for “basic” searches of a device, its contents and a traveler’s online activity without articulating any reason at all.
In her ruling, Casper observed that even so-called basic searches are still highly intrusive. She wrote, “even a basic search alone may reveal a wealth of personal information. Electronic devices carried by travelers, including smartphones and laptops, can contain a very large volume of information, including ‘sensitive information.’ Such devices can contain, for some examples, prescription information, information about employment, travel history and browsing history.” Agents will need to cite reasonable suspicion for both types of search going forward.
Neither the CBP nor ICE has publicly responded to the latest ruling. The agencies will probably pay it little attention, especially outside the Massachusetts district in which Casper ruled, until the question is addressed by appellate courts (potentially including the Supreme Court). Alternatively, Congress and the president could enact legislation establishing privacy standards for electronic border searches. Considering that these aggressive searches began during the Obama administration and have accelerated under President Trump, I would not hold my breath while waiting on this outcome.
Foreigners seeking admission to the United States have few legal rights and little recourse when border agents want to know anything or everything about them. But U.S. passport holders have an unqualified right to come and go as we please. A court has finally recognized, at least in a limited way, that we do not sacrifice our Fourth Amendment rights against unreasonable searches when we exercise our concurrent right to travel abroad. Now it is up to the higher courts, or the political branches, to redeem those rights to the full extent that most of us expect.