Last week, The Washington Post reported that US Customs and Border Protection (CBP) annually contributes roughly 10,000 travelers’ call records, photos, texts, and other personal data. This information is put in a massive DHS database of individuals entering the country via ports of entry. This archive, which stores a person’s records for as long as 15 years, does not require a warrant to access, and is available to nearly 3,000 government workers at any given time.
Congress members like Sen. Ron Wyden (D-Ore.) have called out the program for “allowing indiscriminate rifling through Americans’ private records.” Still, there isn’t much reform on the horizon regarding the ways CBP and other law enforcement agents can easily access your smartphones, tablets, and laptops if they deem you suspicious, or merely worth further investigation. This is largely thanks to a longstanding court exception granted to border officials that allows them to search private devices without a warrant, unlike other law enforcement agency personnel.
[Related: The FCC might force cellphone providers to report data breaches differently.]
So what can travelers do to protect their sensitive information and the general digital privacy of both themselves, loved ones, and friends? Not a whole lot, apparently. In fact, the CBP directive in question even allows officers the right to confiscate a phone for up to five days if you refuse to unlock your device for a “basic search.” It’s pretty bleak, and a follow-up WaPo explainer makes it clear that this invasive privilege is so broad and far-reaching that there simply isn’t much to do about it right now. In fact, if you refuse these searches as a non-citizen, CBP has total authority to bar you from entering the country.
Other privacy expert suggestions really only cater to those with a discretionary income dedicated for additional digital privacy and security, like owning separate devices for travel or “flying into a state with more stringent boundaries for CBP searches,” such as Arizona, apparently.
[Related: You should start using a password manager.]
There are a few quick things one can do to make it at least slightly more difficult for authorities to gain access to your devices, such as turning off Face ID, generating properly complex passwords, and enabling lengthier phone passcodes. In the end, however, the newest revelations really just further drive home the staggeringly invasive reach governments and corporations have over citizens’ digital privacy. Small lifehacks such as using a browser with built-in VPN or tracking the trackers can help as stopgaps, but legislative restrictions and reforms are what is truly needed to protect individuals both at home and abroad.