Virginia, US
Article image
| Carl W. Hampe

Border Searches of Electronic Devices and the Fourth Amendment

There have been a number of high profile press reports on travelers being asked to hand over laptops or smartphones, and the passwords to the devices, to U.S. Customs and Border Protection (CBP) upon arriving at a U.S. airport or land border. Does CBP have the right to search your electronic devices? Readers might be surprised to learn that the answer is a qualified “yes.” The problem is that major areas of the law have not caught up with today’s technology.
The Fourth Amendment to the U.S. Constitution protects against unreasonable searches or seizures by the Government. However, the Supreme Court has created a “border search” exception to the normal requirements that law enforcement officials must have probable cause, and a search warrant, for searches and seizures. Under that exception, border searches have generally been considered per se reasonable.
Applicable Law
There is a line of lower-court cases distinguishing routine searches of property from non-routine searches (judged by the level of intrusiveness) that require non-routine searches to be supported by "reasonable suspicion."
Most of the courts addressing this issue in the factual context of border searches of electronic storage devices like smart phones and laptops have concluded that such searches are routine. The 9th Circuit has taken the most-government-friendly view, concluding that those searches are generally acceptable even without any analysis of intrusiveness.
The current case law weighs in favor of the government's authority to search electronic storage devices, but no border-search case has addressed the fact that smart phones and laptops are also gateways to corporate IT networks.
There is some non-border search case law that addresses the intrusiveness of an electronic storage device search. That analysis has not crept into border search cases, but clearly, it should.
And there is no case law–border or non-border–that directly answers the question of whether a person can be forced to provide passwords to electronic devices that provide access to computer networks not resident on the device itself. The simplified version of the "password" case law seems to be that the government cannot require you to provide your password, but they do have the legal authority to seize the device in the case of refusal (subject to a separate set of standards, time limits, and such).
U.S. Citizens vs. Non-Citizens
There is also a practical difference between U.S. citizens, permanents residents, and others seeking admission (such as persons with B-1/B-2 visitor visas, or with temporary work visas such as H-1B or L-1 visas).
Once a person’s identity is confirmed and their U.S. citizenship established upon inspection by CBP, that person cannot be refused admission to the United States.  That person’s device could be seized, however, for further analysis.
Persons who are neither citizens nor returning permanent resident aliens have the burden at a port of entry to show they are "clearly and beyond a doubt" admissible. If they do not allow the search or do not provide a password, CBP could simply find that they have not met this burden and decide not to admit them.
Returning permanent residents are legally somewhere in the middle, and a CBP officer could take a harder line with permanent residents than with citizens. 
Employees Traveling with Company-Owned Devices
Unrestricted government access to electronically stored information at the border creates heightened concern for the protection of proprietary or other sensitive corporate information. There are similar concerns related to sensitive client information, information covered by the attorney-client privilege, and information gathered by journalists. Accordingly, the time is ripe for employers to develop protocols for employees who need to travel with electronic devices that could provide access to corporate networks, and for how to deal with CBP requests at the border to inspect devices that contain or provide access to proprietary, constitutionally protected, or privileged information.
At a minimum, employers should develop protocols so that employees entering the United States from abroad know how to respond if they are asked to turn over and provide passwords to company-owned electronic devices.
If CBP does not respond appropriately to the public sentiment against overly broad border searches, it might be time for companies to consider litigation to bring the border-search case law relating to networked electronic devices in line with the non-border decisions on government access to such devices, and to clarify the rules applicable to searches of digital networks.