How to Lock Down Your Phone When Crossing the U.S. Border

Credit: Oscar Wong/Moment via Getty Images

There has been increasing attention in recent weeks on travelers being hassled at the U.S. border with searches of their digital devices—and in some cases, denied entry as a result of what was found. Therefore, it's worth keeping in mind that there is a possibility when you arrive to the U.S. from abroad that law enforcement will pull you aside and request to search your phone, computer, and other electronics.

There are, of course, some serious privacy concerns with granting them access to this data, but there's not a simple answer as to whether you should. Here's what you need to know about protecting your digital privacy when crossing the U.S. border.

Can my device be searched at the border?

U.S. Customs and Border Patrol (CBP) has long been able to conduct electronic device searches without warrants at the U.S. border, though the rules governing these searches have evolved over time. Prior to 2018, CBP guidance allowed agents to search any device at random, even if they didn't suspect the traveler of any wrongdoing.

A new policy issued in January 2018 amended that to permit "basic" or manual searches—tapping through a device and opening files or apps with your device on airplane mode—at any time, while requiring "advanced" forensic searches that use other devices or software to analyze data to have reasonable suspicion. (There's a broad "national security concern" loophole for advanced searches.)

According to reporting from The Verge, though, this is complicated by the fact that courts across the U.S. have issued various rulings on border searches, so whether you can be subjected to a basic and advanced search may be different depending on your port of entry.

But as an analysis from the Electronic Frontier Foundation (EFF) notes, any device search is intrusive and a privacy violation, as a manual search can still reveal everything from to-do lists and family photos to sensitive information like health records and financial data.

So what can you do? If you're a U.S. citizen, you cannot be denied entry into the country even if you decline to unlock your device, though CBP may detain you temporarily or seize your device and hold it for weeks or months. Lawful permanent residents (green card holders) have the same right of entry, while visa holders and tourists may not be admitted if a search is refused.

Additionally, law enforcement can require you to unlock devices with biometrics, but cannot force you to enter passwords and passcodes.

What has changed?

While there have been recent reports of travelers, including valid visa holders, being detained or denied entry to the U.S., EFF senior staff attorney Sophia Cope says CBP has always been an aggressive agency when it comes to device searches—so in that regard, not much has changed.

"What seems to be a bit different is that particularly for non-citizens, the U.S. government seems to be a lot more aggressive in being willing to look at people's devices and actually also just deny them entry into the United States, even if they have a visa," she says.

Device searches have also consistently risen year over year (with a few exceptions), so that's not new either. In fiscal year 2024, CBP conducted 47,047 border inspections of electronics—4,322 of which were forensic searches—with the majority (36,506) on devices owned by non-citizens. That's less than 0.01% of international arrivals, though a big jump from the 19,051 total device searches conducted in fiscal year 2016.

How to assess your risk

Cope recommends that anyone anticipating a border crossing assess the risk of being searched and decide in advance whether to comply with a secondary inspection rather than try to figure it out when stressed in real time. Some risk factors have to do with you personally, and others with the technical aspects of your devices and data.

Immigration status is one of the most important factors to weigh, according to Cope. For U.S. citizens, a secondary screening is an inconvenience and may cause travel delays, and declining a device search may cause you to temporarily lose access to data as well as possession of device(s) that you may need to replace. For visa holders or non-citizens, data found on your device and noncompliance with a search can be used to deny entry. For green card holders, actions at the border may be used to challenge lawful status.

There are a variety of other issues you should consider when determining your risk and how to handle a search:

Travel history

Law enforcement history

Tolerance for confrontation

Philosophy on privacy

Sensitivity of data on your device (such as confidential sources or patient information)

Data access needed while traveling (and whether you have a backup for any data lost if your device is seized)

Internet availability while traveling for accessing cloud services

Device ownership (personal vs. work, for example)

Steps to protect your digital privacy

At all risk levels, the simplest way to protect your privacy is to limit how much data you carry across the border.

EFF advises leaving devices you don't need at home. You may consider selectively deleting sensitive or extraneous data or moving it to the cloud to re-download once you've cleared the border (or on a different device if yours is confiscated). You should also log out of apps and browsers that give access to cloud-based data and online accounts—including social media—and remove any stored credentials, or uninstall apps temporarily.

Alternatively, you could get a separate phone or computer that contains only what you need while traveling, although this may not be realistic for some due to the cost or logistics of carrying additional devices. Further, using a blank burner phone that has no data at all may raise suspicion in a search.

You should also back up your data and encrypt your device using full-disk storage encryption secured by a strong password. Turn off biometrics and lock your device with a password instead, and power your devices down before arriving at the border to block high-tech attacks. The Intercept has a helpful guide to encrypting your devices as well as other digital privacy best practices.

If you do comply with a search and need to enter a password, do it yourself rather than supplying it to an agent, and be sure to change it as soon as your device is returned.

Finally, while tempting, wiping your device completely may raise suspicion if you are searched, and attempting to hide data may be interpreted as lying to border agents, which can be a crime.