Sens. Ron Wyden and Rand Paul introduced a bill that would curb law enforcement’s extensive authority over personal data at the border.
Lawmakers want to start requiring federal agents to obtain a warrant before through Americans’ electronic devices at the border.
Sens. Ron Wyden, D-Ore., and Rand Paul, R-Ky., on Wednesday introduced legislation that would increase digital privacy protections for U.S. residents crossing the border and limit the situations in which agents could legally seize their devices. If enacted, the Protecting Data at the Border Act would curb law enforcement’s extensive authority over electronic information at the border.
Rep. Ted Lieu, D-Calif., introduced a companion bill in the House.
In 2014, the Supreme Court ruled that law enforcement agencies needed to obtain a warrant to search devices of anyone they arrested, but those limitations largely disappear at the border. Customs and Border Protection agents are allowed to dig through devices at their own discretion, and in 2017, more than 30,000 people had their phones, laptops and tablets searched before they could enter or leave the country.
While CBP leadership added a few minor restrictions last year, agents in the field are still allowed to search devices without a warrant or probable cause and access encrypted information without the owner’s permission. Officers are required by law to immediately delete data collected through these searches, but internal investigators found agents often do not.
“The border is quickly becoming a rights-free zone for Americans who travel,” Wyden said in a statement. “The government shouldn’t be able to review your whole digital life simply because you went on vacation or had to travel for work. Require a warrant to search Americans’ electronic devices, so border agents can focus on the real security threats, not regular Americans.”
Under the bill, agents would be required to obtain “a valid warrant supported by probable cause” in order to access any devices at the border. Officials would also be barred from denying someone entry if they refuse to hand over passwords, PINs or social media account information. Agents must also have probable cause before they seize anyone’s device.
The legislation includes a handful of exemptions for emergency situations or public safety and health concerns. In these cases, CBP must obtain a warrant after the fact.
CBP would only be able to copy or store information gathered through a device search if there’s probable cause that it contains evidence of a crime. Otherwise, the data must be destroyed “immediately” and CBP must notify the person when it’s deleted.
The government must document of every time it accesses someone’s personal device, including information on the reason and extent to which the device was searched, and whether the search was consensual.
Last month, the ACLU and Electronic Frontier Foundation filed a legal motion claiming CBP’s warrantless device search policies violate American’s First and Fourth Amendment rights. The motion comes as part of a larger lawsuit, which asks the court to require the Homeland Security Department to obtain warrants before searching devices.
“Searches of electronic devices at the border are often integral to a determination of an individual’s intentions upon entry and provide additional information relevant to admissibility determinations under immigration laws,” a CBP spokesperson said in an email to Nextgov. “We are committed to ensuring the rights and [privacy] of all people while making certain that CBP can take the lawful actions necessary to secure our borders.