How to Protect Your Digital Privacy at the Border

When you cross the US border — whether entering or leaving — Customs and Border Protection (CBP) has broad authority to search your electronic devices without a warrant. Your smartphone, laptop, tablet, and even external storage can be inspected. In January 2026, CBP updated its directive on electronic device searches with new rules that every traveler should understand.

What CBP Can Do at the Border

Under the "border search exception" to the Fourth Amendment, CBP officers can search your electronic devices at any US port of entry — airports, land crossings, and seaports. This authority applies to everyone, including US citizens and permanent residents.

CBP's updated Directive 3340-049B (January 2026) defines two types of device searches:

Basic Search

A basic search involves a manual review of the accessible content on your device — scrolling through photos, messages, emails, browsing history, and apps. No suspicion is required. Any CBP officer can conduct a basic search at their own discretion as part of routine screening.

Advanced Search

An advanced search involves connecting your device to external equipment to copy, analyze, or forensically review its contents. Advanced searches require supervisory approval and can only be conducted when there is "reasonable suspicion" of a legal violation or a national security concern.

Your Rights During a Device Search

Understanding your rights is essential:

• US citizens cannot be denied entry for refusing to unlock a device, though the device itself may be seized
• Lawful permanent residents (green card holders) cannot be denied entry for refusal either, but may face additional scrutiny and delay
• Foreign visitors who refuse to unlock their devices can be denied entry to the United States
• Attorney-client materials, journalistic content, medical files, and commercial data have special protections under the directive
• Devices can be detained for a reasonable period — detention beyond 5 days requires supervisory approval, and beyond 15 days requires higher-level approval
• Passcodes must be deleted by CBP after the search is completed

How to Prepare Your Devices Before Traveling

1. Back Up and Minimize

Before international travel, back up your devices to encrypted cloud storage or an encrypted external drive that stays at home. Then consider removing sensitive data from the devices you're carrying. The less data on your device, the less that can be accessed during a search.

2. Enable Full-Disk Encryption

Make sure your devices are fully encrypted:

• iPhone: Enabled by default when you set a passcode
• Android: Enable in Settings → Security → Encryption
• Mac: Enable FileVault in System Settings → Privacy & Security
• Windows: Enable BitLocker in System Settings

Encryption protects your data if the device is seized but not unlocked. It doesn't prevent access if you provide your passcode.

3. Use a Strong Passcode

Switch from a 4-digit PIN to a strong alphanumeric passcode. Disable biometric unlock (Face ID, fingerprint) before approaching the border — in some legal interpretations, officers may compel biometric unlocking more easily than demanding a memorized passcode.

4. Enable Airplane Mode

Before reaching the border checkpoint, put all devices in airplane mode. This prevents CBP officers from inadvertently (or intentionally) accessing cloud-synced data, which is outside the scope of their search authority.

5. Log Out of Sensitive Apps

Log out of email, social media, banking apps, cloud storage, and messaging apps before arriving at the border. Even during a basic search, an officer could open any accessible app on your device.

6. Secure Your Cloud Accounts

Even though CBP can't access cloud-only data, make sure your cloud accounts are properly secured:

• Use strong, unique passwords for every cloud service
• Enable two-factor authentication on all accounts
• Remove saved passwords from your browser before traveling
• Use a password manager that requires a separate master password to access

7. Know Your Messaging App Settings

End-to-end encrypted messaging apps like Signal store messages locally on your device by default. If your device is searched, those messages may be visible. Consider enabling disappearing messages before travel to minimize locally stored conversations.

What Happens If Your Device Is Seized?

If CBP seizes your device:

• You should receive a property receipt documenting what was taken
• CBP must return the device within a "reasonable" timeframe
• You can contact CBP to check on the status of your device
• Any data copied from your device may be shared with federal, state, local, and even foreign agencies
• If you believe your rights were violated, you can file a complaint with the DHS Traveler Redress Inquiry Program (DHS TRIP)

Special Considerations for Business Travelers

If you carry devices with confidential business data, trade secrets, or client information, border searches create significant legal and business risks. Consult with your company's legal team before international travel and consider:

• Using a company-issued travel device with no local business data
• Accessing business systems only through a VPN and virtual desktop after arriving at your destination
• Documenting your device preparation process in case of legal disputes

Protecting Your Broader Digital Privacy

Border device searches are just one way your personal information can be exposed during travel. Data brokers may already have your home address, travel patterns, family information, and financial details publicly available online.