Skip to main content

Imagine arriving at an airport and being denied entry because of what’s on your phone. This isn’t a dystopian fantasy – it’s a reality for some travelers today. Under broad legal powers and minimal oversight, U.S. Customs and Border Protection (CBP) agents can search laptops, phones, and other devices at the border with few constraints. In one recent case, a French scientist traveling to a conference in Houston was turned away after CBP officers found private messages critical of President Trump on his phone, which agents absurdly claimed: “conveyed hatred of Trump & could be qualified as terrorism”. In another, a Brown University doctor named Rasha Alawieh was refused entry when agents discovered “pro-Hezbollah” images in her phone’s photo album. These incidents show a disturbing trend: border officials increasingly comb through personal data and have even used it to justify deportations or visa denials. CBP’s device searches have spiked in frequency under recent policies, yet the practice faces little outside oversight.

Unfortunately, in the current geopolitical client, this situation is not unique to U.S. borders, as many other countries are following in the footsteps of the U.S. to enact stronger immigration laws and more prevalent inspections.

In the U.S., CBP agents operate under a special legal loophole known as the border search exception to the Fourth Amendment, which means they don’t need a warrant or probable cause to search travelers’ belongings at entry points. In fact, courts have not yet settled how this applies to our digital devices, so for now, CBP largely sets its own rules. Those rules give officers wide latitude: they can conduct a basic manual search of your phone at their discretion, and with any “reasonable suspicion” (or vaguely defined “national security” concern), they can perform an “advanced search” using forensic tools like Cellebrite to hack into your device and copy data.

Officers are supposed to only inspect data stored on the device, but in practice, an agency’s internal promises are scant comfort when you’re at the border. “The super-conservative perspective is to assume they [CSB] are completely unhinged and that even the most benign reasons for travel are going to subject non-citizens to these device searches,” said Sophia Cope, a senior staff attorney at the Electronic Frontier Foundation (EFF). Even U.S. citizens – who by law cannot be refused entry – aren’t immune from hassle: agents can detain you for hours and confiscate your device if you decline to unlock it. For visa holders and foreign visitors, the stakes are higher: CBP can decide on the spot that you’re “not eligible” to enter if you refuse a search or if they dislike what they find. Legal permanent residents (green card holders) historically had rights close to citizens, but recent crackdowns show that even they can be targeted under broad “national security” pretexts (e.g., the attempted deportation of Columbia University graduate Mahmoud Khalil in apparent retaliation for his campus activism). In short, anyone crossing into the U.S. and a number of other countries should be prepared for the possibility of intrusive digital searches – especially journalists, activists, or others carrying sensitive information.

What Are Border Agents Looking For on Your Devices?

CBP agents claim that searching phones and laptops is a “routine part” of verifying a visitor’s admissibility. In many cases, they’re hunting for evidence of anything that might violate immigration rules or national security:

  • Political or religious content: Private communications or social media that express certain political opinions have raised flags. The French researcher’s text messages criticizing U.S. policies were viewed as “anti-American” and even conflated with terrorism. In the past, travelers have been questioned about their political beliefs or associations at the border. Content supporting controversial groups (for example, the images on Rasha Alawieh’s phone that were deemed supportive of Hezbollah) can be treated as links to extremism. Even completely lawful activism or speech may draw scrutiny if an agent deems it “inflammatory.” This creates a climate where legitimate dissent or religious expression could be misinterpreted as a security threat.
  • Contact lists and communications: Agents often scroll through contacts, call logs, emails, messaging apps, and social media. They may look for names of people of interest, evidence of plans to overstay a visa or work without authorization, or any associations they consider suspicious. In one reported case, officers demanded a traveler’s social media handles and scoured their online posts. Notably, U.S. visa applications now ask for social media IDs, so border agents can already view any content you’ve made public. While the policy says agents shouldn’t demand your private social media passwords, anything you’re already logged into on your device at the moment you hand it over to an agent could be accessed. Essentially, your digital footprint – from WhatsApp chats to Twitter feed – is under the microscope. Even the list of previously used WiFi hotspots can be used to determine where you have been.
  • Photos, videos, and files: Your camera roll and files can also be browsed for incriminating material. Agents have searched photo galleries for violent or explicit content, symbols, or contacts. Dr. Alawieh’s case is a cautionary tale: the “incriminating” photos agents cited were not even in her main gallery but in the phone’s “Recently Deleted” folder (iPhones retain deleted photos for 30 days unless you manually purge them). This means that even files you think you deleted might still be found during a forensic search. Simply clearing the trash bin isn’t foolproof – often, deletion just hides data without truly erasing it from storage. Agents with specialized tools might recover emails, browser history, or documents you attempted to remove.
  • Anything they can use against you: The unfortunate reality is that at the border, the presumption of innocence is flipped. Officers have wide discretion to interpret what they find. Harmless content can be taken out of context – jokes in a group chat, memes saved on your phone, or an old text about looking for work could all raise questions. If agents find something they don’t like, they can use it as a basis to refuse entry, cancel your visa, or, in rare cases, confiscate your device for further investigation. And if you refuse to cooperate or provide passwords, that alone might be viewed as suspicious. In other words, border agents are fishing for anything – from serious to trivial – that they can use to question your purpose or character.

It’s hard to predict exactly what will trigger scrutiny, which is why we suggest taking a “better safe than sorry” approach. Sophia Cope advises doing a personal risk assessment: consider your immigration status, travel history, and what data you carry that could be misinterpreted. Then, take steps to minimize what’s on your device during travel.

Travel Clean: Consider Leaving Personal Devices at Home

The simplest way to protect your digital privacy at the border is not to carry sensitive data across in the first place. Border authorities can only search what you have on your devices at the border.” If you don’t bring it, they can’t search it. For this reason, we recommend using “clean” devices for travel and leaving your everyday phone or laptop at home.

Burner Phones & Temporary Laptops: One strategy is to use a basic “burner” phone (a cheap phone with a fresh SIM or no SIM) while traveling. Your regular phone can stay safely at home, and you carry a phone that has no sensitive data on it – just the bare essentials for communication. Similarly, you might travel with a loaner or new laptop that contains no personal files. A Chromebook is a good travel laptop since it’s inexpensive and designed to store data primarily in the cloud. With a clean device, if an agent confiscates or searches it, there’s little for them to find. It is advisable to hand over the device when it is turned off, as this ensures no recently used apps are running and that the running memory is clean. It is, therefore, important to remember to turn off your devices well before you reach the border crossing. Note: A completely clean device may be seen as suspicious and used as a pretext for further search. “People are damned if they do and damned if they don’t, If you cross the border with no data on your device, that itself can be seen as suspicious.,” warns EFF’s Sophia Cope. Border agents might wonder if you wiped something incriminating. We, therefore, recommend using your clean devices before traveling to make sure they look authentic.

Cloud Storage is Your Friend: Using cloud services can help ensure you’re not carrying data locally. Files, photos, and messages that you store in the cloud – and log out of – won’t be accessible if your device is searched offline. Current CBP policy instructs officers to only inspect data residing on the device, not to probe their online accounts. So, consider uploading important documents to a secure cloud drive and delete the local copies from your phone or computer before you travel. You can download them later once you’re safely past the border. Note: You must fully log out of cloud apps (Drive, Dropbox, iCloud, email, etc.) on your device; if you stay logged in, an officer can open those apps and view synced data. But if the data lives only online and your device is offline and logged out, it’s effectively out of reach. This way, you travel “light” digitally – your device becomes a shell that grants access to your cloud data after you’re through customs.

Wipe Data Before the Next Destination: If you do use a device during your trip (even a “clean” one can accumulate messages or photos), you might consider deleting personal data before crossing into your next destination. For example, if you’re concerned about searches when you return home or enter another country, back up any data you need and delete it prior to travel. This ensures that any new sensitive info you picked up on your trip isn’t carried over borders. However, remember that showing up with a completely clean device, such as the case following a factory reset, may look suspicious.

In an ideal world, you would travel with zero private data and have nothing to worry about. In reality, completely disconnecting may not be practical for everyone. If you must bring your regular phone or laptop or need to keep some data with you, the next section covers steps you can take to mitigate the risks.

What if You Decide to Bring Your Personal Devices Along?

If you choose to travel with your personal device (or can’t use a burner), you should harden it and minimize its contents before you reach the border. Here are some precautions to help protect your privacy:

  • Power Off Before Crossing & Use Strong Passwords: Shut down your devices completely before you approach customs. Turning off a phone or laptop resets its security state and re-enables full disk encryption, making it much harder for anyone to bypass your lock screen. Upon reboot, a password will be required to decrypt the storage. This is critical: if your phone is just in sleep mode, advanced forensics tools might be able to exploit it. So power down, and when you turn it on for an officer, unlock it yourself if required to – don’t reveal your passcode. Also, ensure you have a strong device passphrase, not something easily guessable. Modern iPhones and many Androids are encrypted by default (as long as you set a PIN/password), but that encryption is only as strong as your code. We recommend a password at least 9-12 characters long (or a random 4-5 word phrase) for robust security. A long, unique passcode can thwart casual guessing by agents and significantly slow down forensic cracking attempts.
  • Disable Fingerprints and Face Unlock: Biometric locks (fingerprints, Face ID, etc.) should be turned off before travel. Why? Because agents can physically compel or trick you into unlocking with your biometrics – for example, by holding your phone up to your face – even if they can’t legally force you to divulge a PIN. Unlike a memorized password, which you can refuse to provide, your biometric features aren’t protected in the same way. To avoid this, switch to password-only unlock at least for the duration of your trip. On iPhones, if you hold the side button and a volume button for a few seconds, it will disable Face ID until the next passcode entry. Similarly, you can turn off Touch ID/Face ID in settings before you travel. This ensures that only your password can unlock the device, which is under your control. It might feel less convenient day-to-day, but it’s a smart trade-off when crossing borders.
  • Encrypt and Back Up Everything: Full-device encryption is a must if you travel with electronics. Encryption scrambles your data so that even if an agent confiscates your device and connects it to forensic software, they’ll struggle to access your files without your key. Most up-to-date smartphones have encryption on by default – just double-check in your security settings. For laptops, enable disk encryption (FileVault on Mac, BitLocker on Windows, or VeraCrypt for other systems). Back up your data before traveling, then remove what you don’t need from the device. The idea is to carry as little sensitive information as possible and have an encrypted backup at home or in the cloud to restore later. That way, even if something happens to your device or you choose to wipe it, you haven’t lost anything important.
  • Use “Travel Mode” and a Security PIN for Sensitive Apps: Some apps recognize the unique security risks of travel. For example, the password manager 1Password offers a Travel Mode that temporarily removes designated vaults from your device entirely. Before you cross a border, you can flip the app into travel mode to hide sensitive passwords or documents, leaving only a minimal set of data accessible. Once you’re safely through, you log into 1Password’s website to restore your vaults. Consider using this if you have a password manager – it’s an excellent way to avoid carrying a trove of account credentials that could be compromised. Likewise, log out of email and social media apps or even uninstall them for the trip if you won’t need them. You can always reinstall later. Some travelers go as far as to create a separate “travel” account (email, social, etc.) that they use on the road, which contains no sensitive info, while their real accounts stay logged out. This kind of alternate persona can be useful for high-risk individuals: your travel accounts present a clean, innocuous profile if inspected, while your true data remains in the cloud, protected by strong passwords you haven’t stored on the device. Finally, some apps such as two-factor authenticator (2FA), dropbox, and crypto-wallets allow you to specify a lock PIN that you have to enter before using the app. This provides another layer of security.
  • Protect Your Contacts and Messages: Think carefully about the contacts, call logs, and messages on your device. These can reveal your associations (friends, colleagues, organizations) and personal life. If you have contacts that might raise questions (e.g. journalists, activists, or just someone with a certain surname), you might remove or alias them for the trip. For messaging apps, consider clearing chat histories or using apps with disappearing messages for any particularly sensitive conversations before you travel. It may also help to turn off message previews on your lock screen – so if your device receives a text during the inspection, it doesn’t display potentially private content to prying eyes. Overall, carry only what communication data you truly need; archive or delete the rest.
  • Plan for the Worst (and Hope for the Best): Finally, mentally prepare a plan for what you will do if an agent demands access to your device. Know your bottom line: Are you willing to refuse and risk longer detention or denial of entry? Or will you comply but try to minimize what’s exposed? It’s a personal decision. Remember, U.S. citizens cannot be denied entry for refusing a device search (though you might be delayed). Visitors, unfortunately, don’t have that protection – refusing could mean you’re sent back home. Some travelers have a “dummy” screen ready – e.g., a secondary phone that you surrender – while keeping their primary data elsewhere. If you’re extremely concerned, you might coordinate with a lawyer in advance or have a device confiscation contingency (for instance, some journalists travel with loaner devices that can be safely abandoned if seized). These scenarios are rare, but thinking them through ahead of time will leave you much more confident if you do hear those dreaded words: “Please step aside for secondary inspection.”

Conclusion

Crossing the border with digital devices now carries real privacy risks. In an age of cloud-connected lives, our phones and laptops hold intimate details about who we are – information that border agents can exploit under lax rules. The stories of travelers being deported or detained over innocent texts and photos are a wake-up call. The good news is you can take control of your data footprint. The best solution is to travel with devices that reveal little or nothing – and thanks to cloud services and affordable gadgets, that’s easier than ever. If you do bring your primary devices, a bit of preparation (encrypting, logging out, using strong passwords, and pruning sensitive data) can go a long way to shield your privacy during border crossings.

Digital rights advocates at Conscious Digital and beyond want you to know that you don’t have to roll over when faced with an invasive device search. By following the steps above and staying informed of your rights, you can significantly reduce the risk of a privacy violation at the border. Safe travels – and stay safe online, too!

Sources: This guide draws on expertise from the Electronic Frontier Foundation’s Digital Privacy at the U.S. Border handbook and recent cases reported by The Guardian, Reason, Bruce Schneier, and others.

Yoav Aviram

Author Yoav Aviram

More posts by Yoav Aviram

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.