U.S. border agents have significantly increased the number of searches of electronic devices at borders and airports. Companies understandably are worried about the confidential information stored on their employees’ mobile phones, laptops or other electronic devices. so the companies should know what information may be at risk and understand what could happen when their employees arrive at or depart from the United States.

Customs and Border Protection (CBP) is the nation’s frontline border security and protection agency. “All persons, baggage, and merchandise arriving in the . . . United States from places outside thereof are liable to inspection and search by a Customs officer.” 19 C.F.R. § 162.6. CBP has the legal “authority to demand the assistance of any person in making any arrest, search, or seizure,” 19 U.S.C.A. § 507, and CBP has relied on this authority to claim that travelers must help CBP agents search their own devices, even by providing the searching agent with their personal passwords. Some courts have sought to place limits on CBP’s authority, although there is not yet consensus on such limits.

Based on its broad statutory authority, CBP does not disclose the reasons for or justify its border searches of a person’s belongings. If a traveler refuses to provide access to an electronic device, CBP may temporarily detain the device or copy the information it contains. And non-U.S. citizens who refuse to provide assistance may be denied entry into the country.

Where information is confidential, CBP is required to protect the information from unauthorized disclosure. Of course, some information may not only be confidential, but also privileged. While CBP imposes additional protocols in such circumstances, these protocols are vague and ill-defined. Under CBP Directive No. 3340-049, a CBP agent must first consult with the CBP Associate/Assistant Chief Counsel before searching a device suspected of containing propriety legal information, but it does not further outline the procedures border agents must follow. The American Bar Association recently petitioned for “specific standards and procedures” to protect confidential legal information.

In the meantime, companies can take some steps to safeguard their confidential information, such as:

  • Employ multi-layered encryption or password-protection of sensitive information
  • Require that employees travel with a clean device and access sensitive information remotely once at their destination
  • Backup copies of files before traveling in the event a device is detained

Companies also should instruct employees how to respond if CBP demands a traveler’s password to access an electronic device.

  • Employees should notify CBP agents of any sensitive, confidential or privileged business information contained on the device.
  • Employees should ask to contact company counsel, although CBP may refuse such a request.
  • If a device is detained, employees should request to speak to a CBP supervisor (a CBP officer needs permission from a supervisor to detain an electronic device after a person’s departure) and also ask for a Customs’ receipt (Form 6051D).

The search and seizure of electronic devices at borders and other ports of entry raise difficult practical and legal questions. While companies and travelers can take steps to reduce their exposure, the best practice to secure information when crossing international borders may simply be to not bring along any device containing sensitive information.

This article was written by Evelina Norwinski and Marcus Asner, Partners in Arnold & Porter Kaye Scholer’s White Collar Defense practice group; and Andy Wang, an Associate in Arnold & Porter Kaye Scholer’s Litigation Group. Nora Ellingsen, a third year law student at Harvard Law School, contributed to this article. More about border searches of electronic devices can be found in the authors’ article, “Electronic Device Searches: What Business Travelers Should Know About Searches And Seizures Of Electronic Devices At U.S. Borders And Airports,” which appears in The Government Contractor, a weekly newsletter published by Thomson Reuters.