Employees traveling internationally on behalf of an organization must take steps to protect sensitive, confidential, or proprietary data carried on electronic devices. U.S. Customs and Border Protection (CBP) has broad authority to inspect electronic devices—regardless of citizenship—at U.S. airports, land borders, seaports, and preclearance facilities abroad. Below is important guidance to help protect information and reduce risk while complying with applicable laws.

1. Understanding CBP’s Search Authority

CBP may conduct warrantless searches of electronic devices under the “border search exception” to the Fourth Amendment.

Key points to know:

  1. Basic searches (no suspicion required): CBP officers can ask to see the contents of your device—like photos, emails, or documents—without any suspicion.
  2. Advanced searches (reasonable suspicion or national security concern): If they want to use forensic tools to copy or analyze data, they usually need reasonable suspicion or a national security reason.
  3. Password requests: CBP can ask for passwords or access codes, though you can legally refuse. However, refusal could result in your device being detained or you being delayed or denied entry (if you’re not a U.S. citizen).
  4. Device retention: CBP can temporarily seize your device for further examination, sometimes holding it for several days or even weeks.

CBP has procedures for handling confidential business data, but protection is not guaranteed.

2. Cloud vs. Local Storage: Key Differences

  • Local Storage: Data saved directly on your device can be accessed during CBP inspections—even in airplane mode. 
  • Cloud Storage: Stored remotely and generally only accessible if the device is logged in or syncing to cloud services. Use Airplane Mode: This prevents access to cloud-stored data, which CBP is not authorized to search.

Tip: Log out of cloud accounts and activate airplane mode before arriving at the border to limit access to cloud-based information.  Officers may ask for passwords for your electronic devices. Courts have generally upheld CBP’s authority to search devices at the border but the law is still evolving, especially regarding encrypted or cloud-based content.

3. Preparation Before Travel

Evaluate Necessity

  • Only bring devices essential to your trip.
  • Consider using a dedicated travel device with limited data.
  • If feasible, ship devices securely ahead of time.

Data Management

  • Think of your device like a suitcase: bring only what you’re prepared to expose.
  • Remove or encrypt any confidential or sensitive company files.
  • Back up all important data to secure cloud platforms prior to departure.
  • Consider a factory reset to protect private data.

Minimize Stored Data

  • Avoid storing company documents or sensitive emails locally. Minimize Data: Carry only essential data. Consider using a “travel-only” device with minimal personal information. Backup and Remove Sensitive Data: Back up important information and remove sensitive data from your devices before travel.
  • Empty “Trash” or “Recycle Bin” folders to ensure deleted files cannot be retrieved.

Device Security

  • Use full-disk encryption with strong, unique passwords. Disable Biometric Unlocking: Use strong passcodes instead of fingerprint or facial recognition, as biometric data can be compelled.
  • Power off your devices or use airplane mode before reaching the border.
  • Disable automatic syncing and log out of applications that access cloud data.

4. At the Border

Know Your Rights and Risks

  • U.S. citizens are not legally required to unlock their device, but refusal may result in device seizure. U.S. citizens cannot be denied entry; non-citizens may be denied admission.  You cannot be denied entry to the U.S. for refusing to give a password—U.S. citizens have an absolute right to re-enter the country.  However, CBP can detain your device for further inspection and may keep it for days or weeks.  Refusal may result in increased questioning, delays, or flagging for future inspections.
  • Unlike U.S. citizens, non-citizens do not have a guaranteed right to enter the U.S. (except lawful permanent residents, who have stronger rights). Refusing to unlock a device by a non-citizen and non-permanent resident could lead to denial of entry, visa revocation, as well as being turned away or detained, depending on the situation and immigration status and circumstances.  Tourists, students, and temporary visa holders are especially vulnerable. Denial of entry can occur if CBP feels you’re not cooperating or if they suspect a violation of visa terms.  Cooperating may avoid issues but raises privacy concerns.
  • If your device contains confidential company information, politely state this to the agent.
  • Do not share written passwords—enter them yourself if necessary.

Conduct and Documentation

  • If an officer confiscates your electronic device, get a receipt and write down the officer’s name, agency, and badge number, along with the time and nature of any questions or searches.
  • If your device is searched or retained, notify IT or Legal immediately to determine next steps.

Related Attorneys

Media Contact

Holland Goodrow

Marketing Communications Manager
hgoodrow@potomaclaw.com

Recent News

Jump to Page

By using this site, you agree to our updated Privacy Policy and our Terms of Use