In recent weeks, airport Customs and Border Protection (CBP) agents have drawn public outcry for denying travelers US entry based on searches of their phones. A doctor on an H-1B visa was deported to Lebanon after CBP found “sympathetic photos and videos” of Hezbollah leaders. A French scientist was turned away after a device search unearthed messages criticizing the Trump administration’s cuts to research programs, which officers said “conveyed hatred of Trump” and “could be qualified as terrorism.” As the administration ratchets up pressure to turn away even legal immigrants, its justifications are becoming thinner and thinner — but travelers can still benefit from knowing what are supposed to be their legal rights.

Your ability to decline a search depends on your immigration status — and, in some cases, on where and how you’re entering the country. Courts across the country have issued different rulings on device searches at ports of entry. But no matter your situation, there are precautions you can take to safeguard your digital privacy.

CBP device searches have historically been relatively rare. During the 2024 fiscal year, less than 0.01 percent of arriving international travelers had their phones, computers, or other electronic devices searched by CBP, according to the agency. That year, CBP officers conducted 47,047 device searches. But even before this recent wave of incidents, inspections were on the rise: eight years earlier, during the 2016 fiscal year, CBP searched only 19,051 devices.

The “border search” exception

The Supreme Court ruled in 2014 that warrantless searches of people’s cell phones violated the Fourth Amendment. But there’s one exception to that rule: searches that happen at the border. The courts have held that border searches “are reasonable simply because they occur at the border,” meaning in most cases, CBP and Border Patrol don’t need a warrant to look through travelers’ belongings — including their phones. That exception applies far beyond the US’s literal borders, since airports are considered border zones, too.

“Traditionally, the border search exception to the Fourth Amendment allowed customs officers to search things like luggage. The idea was whatever you’re taking with you is pertinent to your travel,” Saira Hussain, a senior staff attorney at the Electronic Frontier Foundation, told The Verge. The point was to look for people or things that were inadmissible into the country.

These days, most travelers are carrying a lot more in their pockets — not only information stored on a phone’s hardware, but anything that’s accessible on it with a data connection. “When you look at devices, the data that you carry with you isn’t just pertinent to your travel. This data can precede your travel by over a decade because of how much information is stored on the cloud,” Hussain said. “It can show every facet of your life. It can show your financial history, your medical history, your communications with your doctor and your attorney. It can reveal so much information that is not analogous at all to the notion of a customs officer looking through your luggage.” Privacy advocates have warned of this issue for years, but in an environment where officers are seeking any pretext to turn someone away, it’s an even bigger problem.

If you’re a US citizen, “you have the right to say no” to a search, “and they are not allowed to bar you from the country,” Hussain said. But if you refuse, CBP can still take your phone, laptop, or other devices and hold onto them.

Permanent residents can similarly refuse a search, but with complicating factors. If someone with a green card leaves the US for more than 180 days, they’re screened for “inadmissibility” — reasons they may be barred from entry — upon returning to the country. Green card holders who have certain offenses on their record may also be deemed inadmissible. That appears to have been the case with Fabian Schmidt, a permanent resident whose family said he was “violently interrogated” by CBP agents at Boston Logan Airport after returning from a trip to Europe. Because of these factors, permanent residents may not feel comfortable refusing a search, even if doing so wouldn’t bar them from entering the country.

Visa holders have fewer rights at ports of entry, and refusing a search could lead to them being denied entry to the country.

There are two types of device searches CBP officers can conduct: basic and forensic, or advanced. “There’s a distinction that the government draws between searching your phone and just looking at whatever is on it, versus connecting your phone to external equipment to search it using advanced algorithms or to copy the contents of your phone,” Hussain said.

The government maintains that it doesn’t need a warrant to conduct “basic” searches of the contents of a person’s phone. During these searches, Hussain explained, agents are supposed to put your phone on airplane mode and can only look at what is accessible offline — but that can still be a lot of information, including any cloud data that’s currently synced.

“While forensic inspections are powerful, a lot of mischief can happen through the physical, ‘thumbing-through’ inspections that law enforcement can engage in,” Tom McBrien, counsel at the Electronic Privacy Information Center, also told The Verge.

For the most part, courts have avoided the question of whether CBP can conduct warrantless basic searches of a person’s phone or laptop, effectively allowing the agency to do so. But there’s one geographic exception to this rule. Last year, a federal judge in New York’s Eastern District ruled that CBP can’t conduct any warrantless searches of travelers’ devices. That ruling doesn’t apply anywhere else in the country, but the district includes John F. Kennedy Airport in Queens — the sixth-busiest airport in the US. That ruling applies to both basic and forensic inspections.

Elsewhere in the country, judges have imposed some limitations on advanced searches. Warrantless forensic searches are allowed in some places and prohibited in others, depending on how different federal circuit courts rule. The Supreme Court could clear this up with a ruling that applies nationwide, but it’s avoided the question for years.

“Your rights will be different depending on whether you’re on a flight landing in Boston Logan in the First Circuit or Reagan/Dulles in the Fourth Circuit,” McBrien said. “Similarly, your rights would be different if you’re crossing the border in Arizona (Ninth Circuit) or New Mexico (Tenth Circuit). This does not make a lot of sense, but the Supreme Court has consistently declined to address these disparities by consistently denying petitions for certiorari in cases that have teed the question up.”

Some courts have been more permissive than others. The Ninth Circuit — which includes Alaska, Arizona, California, Hawaii, Idaho, Montana, Nevada, Oregon, and Washington — prohibits warrantless forensic searches unless officers are looking for “digital contraband,” such as child sexual abuse material. The Fourth Circuit — covering Maryland, North Carolina, South Carolina, Virginia, and West Virginia — prohibits warrantless forensic searches unless officers are looking for information related to ongoing border violations, such as human smuggling or drug trafficking.

In 2023, a federal judge in the Southern District of New York ruled that the border search exception doesn’t extend to forensic searches, for which warrants are needed. (Oddly, the case in question involved a phone search at Newark Liberty Airport in New Jersey, a state that is in a different federal circuit from New York.) These searches, judge Jed Rakoff wrote, “extend the Government’s reach far beyond the person and luggage of the border-crosser — as if the fact of a border crossing somehow entitled the Government to search that traveler’s home, car, and office.”

Not all judges agree. In 2021, Adam Malik, an immigration lawyer, sued CBP after agents at Dallas Fort Worth International Airport seized his phone and searched the contents without a warrant. According to the lawsuit, Malik’s phone was taken even though he’s enrolled in Global Entry, CBP’s trusted traveler program. Because the agents couldn’t bypass Malik’s password, they sent the phone to a forensics lab, which extracted all the phone’s data.

A federal court ruled in favor of DHS, saying the warrantless search hadn’t violated Malik’s rights. When Malik appealed to the Fifth Circuit — which covers Louisiana, Mississippi, and Texas — the judges held that the search didn’t require a warrant. But the court also expressed “no view on how the border-search exemption may develop or be clarified in future cases.”

In other words, the constitutionality of these searches is still an open question — and CBP won’t stop conducting them until and unless it’s expressly forbidden from doing so.

These distinctions matter because they determine a person’s basis for challenging device inspections in court. But given the Trump administration’s recent track record of ignoring the law and flouting judicial orders, limiting what can be found on your phone is a safer bet than suing the government over an unlawful search after the fact.

Instead of trying to game out what rights you have depending on your immigration status and what airport you’re flying into (or what land border you’re crossing), the best way to keep your devices safe from CBP is to limit what’s on them.

“We always encourage data minimization when crossing the border; you want to travel with the least amount of data possible,” Hussain said.

Before traveling, you should encrypt your devices and make sure you’re using secure passwords. Travelers should disable biometric logins like Face ID, since some courts have ruled that police can’t compel you to tell them your password but they can use biometrics to unlock your phone.

The EFF recommends that travelers limit what can be found during basic phone or laptop searches by uploading their data onto the cloud and deleting it off their device — and ensuring that it’s fully been removed, since agents can also look through your phone’s “recently deleted” files during basic searches. Customs agents are supposed to keep your phone on airplane mode while they conduct a basic search, but that still lets them see any cached emails, text messages, and other communications. The best way to safeguard this information is to back it up onto the cloud and then wipe your phone or laptop entirely.

Backing up sensitive or personal data doesn’t just prevent others from accessing your device; it also ensures you don’t lose that data if CBP seizes your phone or computer. McBrien also suggests that people turn their phones off when they’re crossing the border or at the airport. “Turning the phone off means that when you turn it back on, it requires a passcode whether or not you use FaceID or other biometric measures,” McBrien said.

In a better legal environment, these precautions wouldn’t be the only meaningful shield between you and a border search. “Without strong constitutional and statutory protections, personal choices about how to configure one’s device and apps can only mitigate — not eliminate — the dangers that border device searches pose to their privacy and speech rights,” McBrien said. For now, if CBP really wants to look through your phone, they’ll likely find a way. But you can still protect yourself as much as possible.