This week Sen. Wyden (D-OR) sent a letter to Department of Homeland Security (DHS) Secretary John Kelly stating that he will soon introduce legislation that would require law enforcement agencies to obtain a warrant before searching the data on digital devices at the border. We applaud Sen. Wyden for taking a stand on this important privacy issue.

Sen. Wyden said that he wants to “guarantee that the Fourth Amendment is respected at the border.”

We have been arguing for a while that the Fourth Amendment requires a warrant based on probable cause for border searches of cell phones, laptops and other mobile devices that contain gigabytes of highly personal information.

Sen. Wyden’s letter comes after several recent reports that Customs and Border Protection (CBP) agents have been conducting invasive searches of the digital devices of Americans and foreign travelers alike. For example, CBP agents demand that travelers unlock or decrypt their devices, or simply disclose their device passcodes. Additionally, CBP agents access not only public social media posts by demanding handles, but also private social media and other “cloud” content via smartphone apps. The AP recently reported that border agents accessed an American citizen’s eBay and Amazon accounts via his cell phone.

Sen. Wyden also wants to prohibit government agents from forcing travelers to disclose the login credentials to their social media and other online accounts. Secretary Kelly proposed requiring this from foreign visitors to the U.S. during a congressional hearing earlier this month.

Sen. Wyden argued that DHS/CBP policies and practices violate the privacy and civil liberties of travelers, “distract CBP from its core mission and needlessly divert agency resources away from those who truly threaten our nation,” and harm U.S. economic interests by discouraging international business travel.

Sen. Wyden also asked Secretary Kelly to respond to five excellent questions by March 20, 2017:

  1. What legal authority permits CBP to ask for or demand, as a condition of entry, that a U.S. person disclose their social media or email account password?
  2. How is CBP use of a traveler’s password to gain access to data stored in the cloud consistent with the Computer Fraud and Abuse Act?
  3. What legal authority permits CBP to ask for or demand, as a condition of entry, that a U.S. person turn over their device PIN or password to gain access to encrypted data? How are such demands consistent with the Fifth Amendment?
  4. How many times in each calendar year 2012-2016 did CBP personnel ask for or demand, as a condition of entry, that a U.S. person disclose a smartphone or computer passcode, or otherwise provide access to a locked smartphone or computer? How many times has this occurred since January 20, 2017?
  5. How many times in each calendar year [2012-2016] did CBP personnel ask for or demand, as a condition of entry, that a U.S. person disclose a social media or email account password, or otherwise provide CBP personnel access to data stored in an online account? How many times has this occurred since January 20, 2017?

While we believe that the Constitution requires the highest level of legal protection for digital data at the border and we urge courts to make this clear in case law, we support Sen. Wyden’s effort to enshrine a probable cause warrant requirement in legislation. The faster we reach this unequivocal rule the better.

We also look forward to Secretary Kelly’s responses to Sen. Wyden’s questions.

In the meantime, please tell us your border search stories. You can write to us at borders@eff.org. If you want to contact us securely via email, please use PGP/GPG. Or you can call us at +1-415-436-9333.