The measures, which also apply to visitors from other US allies in Europe, including Germany and France, will force tourists and other visitors to reveal personal data, as well as disclose financial information and face detailed ideological questioning, according to Trump administration officials quoted in an article by the Wall Street Journal, which has been picked up by several global media outlets since its publication.
US citizens have established rights against unlawful searches at the border, but the extent to which foreign travellers can resist requests to hand over personal information is unclear.
In an article published in the Guardian US customs and border patrol said:
“All international travellers arriving to the US are subject to US Customs and Border Protection (CBP) inspection. This inspection may include electronic devices such as computers, disks, drives, tapes, mobile phones and other communication devices, cameras, music and other media players and any other electronic or digital devices.”
The agency’s justification for picking through personal information belonging to British tourists is part of efforts to ‘keep America safe’ and enforcement of its laws in an increasingly digital world depends on the CBP’s ability to lawfully examine all materials entering the US.
The UK Foreign Office has declined to provide any advice to British travellers, referring to its general foreign travel advice page for the US, which contains no information on digital privacy at the border.
The Electronic Frontier Foundation, a US non-profit that campaigns for digital civil rights, publishes a digital privacy guide, which states: “If a foreign visitor refuses a border agent’s demand to unlock their digital device, provide the device password, or provide social media information, and the agent responds by denying entry, the foreign visitor may have little legal recourse.”
For US citizens, the burden of proof is on the government as US citizens have an absolute right to enter and where permanent residents are concerned, the government has to prove they have become inadmissible for entry.
However for visa holders, the burden of proof is on the traveller to show that they are admissible to the US. That means if someone is asked for a device and refuses, the agent may deem that refusal a failure to meet that burden of proof.
Practical measures, such as leaving behind non-essential devices, may help limit the exposure of individual travellers as well as deleting sensitive information before travelling, and shifting some data to cloud services. Changing any passwords after they have been handed over, and securely resetting devices after they have been accessed and potentially compromised by CBP, can also prevent long-term data insecurity.
More complex mitigation efforts have similarly been proposed by information security experts.
However, there is a risk that border agents may see any such mitigation attempts as suspicious actions in themselves, that may be cited as a reason to delay or deny entry.
Travellers can also fill in a US Citizenship and Immigration Services form G-28, which allows a traveller to nominate an attorney to represent them if they are detained. Without the form, it can be difficult for travellers to access legal representation while held at the border.
