'The fear is real': How to protect your devices and digital life from U.S. border agents

"I don't bring my work laptop. I'm a lawyer with sensitive client communications, including stuff involving lawsuits against the very agency that would be searching me." — ACLU's Nathan Freed Wessler

and

Jul 22, 2025

Customs and Border Protection agent checks identification at the San Luis Port of Entry in Arizona; Rebekah Zemansky / shutterstock.com

This is Part Two of our three-part post on how U.S. citizens and green-card holders can protect themselves at the border, in which we interviewed deputy director of ACLU's Speech, Privacy, and Technology Project, Nathan Freed Wessler.

In Part One, we covered the rights of U.S. citizens reentering the country, including advice on what to do if U.S. Customs and Border Protection agents decide to interrogate. In this second part, we dive into what border agents are legally allowed — and not allowed — do with your phone and laptop. We also discuss how to protect your data, and why a burner Chromebook might not be such a crazy idea after all.

“The fear is real,” Wessler warned us. But he said the risk is higher for some citizens over others. Read on to determine how far you, as an American or green-card holder, might want to go in protecting yourself and your digital privacy before your next international trip.

Let's talk about your devices. If CBP [Customs and Border Protection] wants to search your phone or computer, and you're a U.S. citizen, do they have the right to do so?

Wessler: They claim the right to do that. Of course, if you're inside the country, the basic rule is that when the government wants to search your private things or private space, they need to go to a judge first, demonstrate probable cause, and get a warrant.

At the border, the government can search your stuff — no warrant requirement, not even a requirement of individualized suspicion. The government takes the position that cell phones and laptops are just like suitcases, and they should have exactly the same latitude to search them. They can do it to everybody. They can do it because it's a Tuesday. They can do it because they're picking all gray-haired travelers today, whatever it is.

What do they actually do when they search your phone or laptop?

Wessler: The government distinguishes between two different kinds of searches: what they call basic searches and what they call advanced searches.

A basic search, which more colloquially is often called a manual search, is when you have a border officer holding the device there and manually going through it — thumbing through the phone, looking around in the laptop. With those searches, there's no time limit. They can be very invasive. It can include keyword searches on the operating system. The government says for those, no limitations at all. Just like searching a suitcase, anytime they want for as much as they want.

For so-called advanced searches, which are also known as forensic searches, it means they're plugging a forensic search tool into the device and sucking out all the data and running a forensic search against it. The government says that they will only do that if they have reasonable suspicion or a national security concern. They don't define that very narrowly. They also don't limit what it's reasonable suspicion of, so it could include reasonable suspicion of some totally non-border-related things. It could be the FBI calls them up and says, "Hey. We're investigating Nate. If he ever comes across the border, could you please suck all the data out of his device for us? That would be great."

So it's very broad latitude. And then once they have that data, they can sort of do whatever they want with it.

What about wiping your phone before you enter the country? Is that illegal?

Wessler: No. Nothing illegal at all. I don't have good advice at a practical level about whether that looks suspicious and what that might subject you to.

Again, if you're a U.S. citizen, you're getting in. To the extent that the border officials want to search your phone, [if they] look at it, and they see just a call app and a few text messages and nothing else, maybe that will cause them to ask questions. Maybe things get unpleasant for a while. But you're getting home.

It's really about people just making an assessment for themselves, what they're comfortable with. But you have no obligation to bring anything across the border or not across the border. You can travel with a phone that is clean of everything. You can take your normal device and upload all your sensitive stuff to the cloud and wipe it from your device, travel back, and then when you get home, download it again. That's all perfectly legal.

Do you have to unlock your phone for a CBP agent?

Wessler: You do not have to unlock your phone. Here's where your citizenship status, your immigration status, is going to make a practical difference. Although border agents sometimes tell people that they are obligated to unlock their phones, you are not obligated. They have no legal way to literally compel you to.

However, as a practical matter, if you don't unlock your phone and they are really set on searching it, for a U.S. citizen or a lawful permanent resident — I should say, both green card holders and U.S. citizens have a right to come back in the country, so a lot of this advice I'm talking about for citizens is also true for green card holders — for someone in those statuses, the practical implication of refusing to unlock your phone may be that the government says, "Okay. You can continue on home. We're taking your phone. We're holding it. We're going to try to get into it ourselves."

And when they do that, they send it to one of their forensic search facilities. It sits in a queue until an examiner can try to get into it, and then they try to break through the password. Sometimes they can do that. Sometimes they can't. But I've had clients whose phones have been held for weeks, and had people whose phones were held for months — seven, eight months. So you may be without your device for quite a while.

Can they hold your phone to your face to open it using biometrics or force your finger on the fingerprint unlock button?

Wessler: Yeah. This is why you are safer turning off the biometric unlock before you hit the border and using a strong passcode or password. The law around this — to the extent there is law — is really the Fifth Amendment to the Constitution and not the Fourth Amendment. And the Fifth Amendment is about the right to not be forced to incriminate yourself, not to testify against yourself.

And courts have drawn a distinction (mostly in the domestic law enforcement context; it hasn't really been litigated at the border) between the government trying to force you to tell them your passcode or enter it versus using your thumbprint or your face. And what courts have generally said is it's only a Fifth Amendment violation if they're forcing you to tell them the passcode — that's requiring you to divulge the contents of your mind, basically. Like, testifying, so to speak, against yourself.

If it's just your thumbprint or your face, that's a public attribute of yours. It's not testimony. And so it doesn't, as a technical matter, implicate that. Logically, it's a dumb rule, but that's kind of how courts have parsed it. The more secure thing is to turn off those biometrics.

If you put your phone into airplane mode, is the CBP officer allowed to take it out of airplane mode?

Wessler: By their policy, they are not. In fact, they are required to put it into airplane mode before they start searching. They recognize that even the outer bound of authority they claim can only extend to data that's actually on the device when it hits the border. Stuff that's saved in the cloud is not traveling on the device. That's saved on some server in Washington State or Illinois or wherever it is. That's already sitting in the country.

They themselves even recognize that they need to put it in airplane mode and only search stuff that's stored there. Best practice is you should put it in airplane mode yourself, and actually probably turn it off before you step up to the border checkpoint. That will make sure that they don't blunder into stuff that's sitting in a cloud-connected account. But they're not supposed to take it out of airplane mode.

And if you shut your phone off, because when you turn it back on, the biometrics don't work. You have to enter the passcode to unlock it.

Wessler: That's right. And at least with some phone operating systems and versions, it also makes it harder for them to break into it with their forensic tools.

When you travel abroad, do you do anything differently now with electronics?

Wessler: Yeah. I'm careful. If I'm traveling really just for vacation, not for work purposes, then I really try to limit what I bring. I don't bring my work laptop. I'm a lawyer with very sensitive client communications, including stuff involving lawsuits against the very agency that would be searching me, against DHS, against the Trump administration. So I try to be very careful about that stuff for sure.

Because not only is it private, but I have an ethical obligation as an attorney to not let the government get access to that confidential material. And as to my personal device, I try to minimize the really sensitive stuff on there. And there are different ways to do that. People are going to make their own choices.

For some people, it's turning on disappearing messages in your sensitive chats on Signal or whatever. For other people, it's deleting an entire app. Delete WhatsApp or Signal or your email app before you cross the border, and then just restore them later. And the ability to back things up to the cloud pretty easily makes that a low-risk endeavor in terms of losing your data.

Everyone's going to have to make their own decision about what's most sensitive. Do you have just a lot of intimate family photos that you would really rather — they're not incriminating, but sure would be embarrassing for some government agent to be poking through them. Okay. Delete them. You can redownload them from your cloud storage later.

And then some people, of course, just leave their phone at home and travel with a so-called burner, which is not really the accurate name, but a travel-only device.

And I should say that there are good reasons to do that independent of the U.S. government. There are lots of places in the world where pickpocketing risk is really high, or where even government-sponsored hacking is really high. There are lots of U.S. corporations that require these very same measures of their employees when they go to any number of countries because of the risk of trade secrets being stolen from their devices, etc. So those very same protections can be prudent at the U.S. border, too.

You can buy a decent refurbished Chromebook for around $50 and then use it while traveling. When you're done, wipe it clean and donate it to a charity.

Wessler: Totally. The other nice thing about a Chromebook is that really nothing's stored locally. Very little. The entire design is to be working in the cloud, which means that even if you carry it back with you, the risk should be very low. I don't know what is cached locally for a short period of time. Probably there's something that it does to make things quicker, but it's probably not much. And if you just delete stuff and come back, then you're pretty safe.

There's so much in the media right now about all this stuff and the administration poking into people's personal lives. Do you think it's overblown or do you think that the fear is real?

Wessler: I think the fear is real. Again, I don't think that everybody is at the same risk. And I think that there are lots of white U.S. citizens who don't do anything professionally or socially or activism-wise that would actually bring them to the government's attention, who are probably at very low risk as a practical matter.

You can't know, and part of what's so pernicious about these kinds of searches is that it is very destabilizing to people. And people start to wonder: “Is the fact that I made a social media post criticizing the president last week going to bring me to the government's attention?” This is exactly what the government wants. They want people to be chilled in the exercise of their First Amendment rights. And that's not good. And we don't want them to win at that.

People should take precautions if they can. And there are some people who actually do have a lot to worry about: visa holders who were involved in any kind of protesting activity, people engaged in litigation against the Trump administration, politicians who are speaking out, activists, journalists. Those are real fears there. Anyone in those categories are really prudent to take some precautions.

Next week, in Part Three of our interview with Nathan, we'll explore his thoughts on the future of American civil liberties under the Trump regime and what legal challenges lie ahead. To be sure not to miss it, subscribe to the It Is Happening newsletter.