Have you ever experienced that moment at U.S. customs where the officer stares at you and says, “Please unlock your phone”? Admit it, that sends a chill down your spine. Yet, it’s a reality that increasingly affects travelers. If you cross U.S. borders, you might be wondering just how far the powers of customs agents extend. Well, hold on to your passport because it goes very far.

For several years now, when applying for your ESTA form, you are required to provide your usernames for all your social media accounts. Yes, it’s officially “optional,” but won’t leaving it blank raise suspicion? It’s the kind of “choice” that isn’t truly a choice at all.

And of course, at the border check, CBP (Customs and Border Protection) officers can demand that you grant them access to your phone, your computer, your Facebook, Gmail, Dropbox accounts… everything! The official statistics are startling: last year, U.S. customs conducted no less than 47,000 electronic device searches, which is ten times more than a decade ago. Their objective is to make it clear who is in charge. And, incidentally, to root out individuals who might want to stay in the U.S. illegally or potentially commit criminal acts.

But if you’re not particularly thrilled at the idea of a complete stranger reading your love texts, your professional emails, browsing your vacation photos, and copying all your personal data, the EFF (Electronic Frontier Foundation) has published a guide with some simple advice.

Total Strip Search: What Customs Agents Can Really Do

The first important point to understand is that there are two types of searches according to U.S. authorities themselves (and neither is pleasant). The basic search, where the agent simply scrolls through your photos, emails, and files manually, like your curious cousin at Christmas, but with a badge. And the advanced search, which is significantly more intrusive, where your device is connected to specialized NSA-style equipment that copies and analyzes all your data. This last one theoretically requires “reasonable suspicion” and the approval of a supervisor… except in cases of national security concerns (let’s just say they have quite a margin of maneuver, roughly that of a 38-ton truck on an empty highway).

A Concrete Example to Make It More Tangible?

In 2023, a French researcher from CNRS had his phone and computer confiscated and was denied entry into the United States after a digital search at Houston airport. His crime? Sensitive photos found in his gallery. A similar scenario played out for a Lebanese professor who was expelled after her phone was inspected. Thankfully, these cases are still rare when considering the millions of travelers (don’t panic, most visitors pass through without incident), but they clearly illustrate the extensive powers of American customs agents. At the border, your privacy protection is as thin as a roll of bargain-brand toilet paper.

Your (Very Limited) Rights Against Customs Agents — or How to Feel Exposed While Keeping Your Clothes On

A crucial point to remember is that your rights vary significantly depending on your status. If you are a U.S. citizen, they cannot deny you entry even if you refuse a digital search… that’s the privilege of the blue passport. But do expect temporary detention (a few hours contemplating the fluorescent lights of an interrogation room) and confiscation of your devices. On the other hand, if you are a foreign visitor (with a visa or ESTA), a refusal could result in a one-way ticket back to your home country… and your trip to the U.S. will be limited to a great view of the airport terminal.

Another important clarification that even customs officers sometimes “forget” to mention: in theory, agents may only access data stored locally on your device, not data only accessible online (emails on a server, cloud, etc.). That’s why putting your device in airplane mode before crossing the border is not paranoia but a basic precaution. It prevents any automatic downloading of new data in front of agents, thus limiting the intrusion to what is already on your phone, not the entirety of your digital life.

Mission Impossible: Preparing Before Traveling (Without Tom Cruise)

I recommend reading the EFF’s complete guide (yes, it’s 50 pages and a bit outdated, but it’s less boring than the latest report from the Court of Auditors), but if you’re in a hurry or allergic to reading, here’s a summary. Before your trip, try to minimize the amount of digital information you will carry, as if you had to cross a digital border in your underwear.

The most effective strategy? Use a phone, computer, USB drive, camera, etc., that’s dedicated solely to your trip. Cybersecurity experts call this the “burner phone” technique — a tactic used by drug dealers in HBO series but also by many executives in sensitive industries when traveling internationally. If possible, bring an old reset device that contains only the bare essentials. Ideally, this device should be as clean as a blank page but not too clean, otherwise, it seems suspicious (the modern traveler paradox).

If you absolutely must bring your primary device (because you don’t have an old Nokia 3310 lying around), do a major digital spring cleaning: back up your important data to a secure cloud (with end-to-end encryption if possible), then delete it from your device, log out of your accounts as if you were leaving a toxic social network, uninstall sensitive apps or those that could raise questions, and meticulously clear your cache, cookies, and saved passwords more thoroughly than you would your apartment before your mother-in-law’s visit. And don’t forget to also empty the deleted folders in your apps… yes, I’m talking about those pictures you thought you deleted but are probably still there, taunting you.

Also, opt for full encryption of your devices. This has become standard on most modern smartphones (thanks, Apple and Google, for this small gesture towards our privacy), but still check your settings. On a computer, activate tools like BitLocker (Windows) or FileVault (Mac) which transform your data into indecipherable gibberish without a password. And most importantly, make sure to completely power down your devices before arriving at the checkpoint because a powered-off device has its data encrypted “at rest” and makes extraction much more difficult. A turned-off phone is a safer phone (and it saves battery as a bonus).

Also disable fingerprint unlock or facial recognition and use a real password, like in spy movies. Why? Because an agent can easily point your phone at your face in “smile for the photo” mode or force your finger onto the sensor but can’t as easily compel you to give a complex PIN. The self-incrimination law is complex, but it generally better protects what you know (a password) than what you are (your pretty face or your fingerprint).

For journalists, lawyers, and others handling sensitive information, your level of preparation should be even higher. Seriously consider contacting an immigration lawyer before your trip and keep their number handy… and not on the device you present to customs, obviously ^^. Some professional information also theoretically enjoys additional protections, but it’s better not to test the theory at your own expense.

However, keep in mind that you may be required to provide your passwords, so think about changing them before you leave (and changing them back afterward). And remember, if you’re traveling with a company-provided device, check the corporation’s policy first, as some have specific guidelines for these situations, and you don’t want to be the one who compromised your company’s trade secrets.

But beware of falling into the other extreme… Don’t be too “clean” either, as that would seem as suspicious as a teenager without social media. Use your computer like an average Joe with a regular email account, standard saved items (like your LeBonCoin account), some non-vital data, etc. The idea is to appear like a regular traveler, not like Edward Snowden on the run or someone who meticulously erased every digital trace (which would raise even more suspicion). Yes, it’s a delicate balance between “too clean” and “not clean enough.” Welcome to the absurdity of modern border control.

On the Day of the Border Check: To Smile or Not to Smile, That Is the Question

Once you arrive at the border, the moment of truth approaches. You may be asked to unlock your electronic devices, to provide your passwords or social media credentials. If you comply, the customs agent will be able to view and potentially copy whatever they want — your vacation photos, your love messages, your dubious political memes, everything is fair game. If you refuse (a tempting option, I know), they can seize your devices, detain you for hours in a windowless room with minimalist furniture, or even send you straight back to your country if you are not a U.S. citizen. “Welcome to the USA,” as they say…

My Advice?

In theory, you have the right to refuse. In practice, in most cases, don’t refuse outright unless the protection of your data is worth more than your trip itself. And definitely don’t lie (it’s a federal crime, and U.S. prisons are not known for their comfort). Stay calm and respectful even if it feels like you’re talking to a RoboCop crossed with an IRS agent. Take a deep breath and remember that the agent is just doing their job, however intrusive it may be. However, try to document what is happening to you by politely asking the agent for their name, the name of their government agency, their badge number, etc. These details could prove crucial if you want to contest the process later or write your memoirs.

If you’re coerced into unlocking your device, try to do it yourself rather than divulging your passwords. It’s like letting someone into your home instead of handing them your key. And if you must provide a password, change it as soon as possible after the check, just like you would change your lock after losing your keys.

An important point for journalists, lawyers, activists, or people transporting sensitive information: you are in a different category and theoretically more protected, but also potentially more targeted. Seriously consider making arrangements with an immigration lawyer in advance and keeping their number handy (memorized or written down on paper, not on the phone you present). In these specific cases, even if it’s more risky, you may have good legitimate reasons to refuse access to certain information protected by professional secrecy or press freedom laws.

After the Check: Life (Digital) Resumes Its Rights

Phew, you made it through! Once the damage is done (or miraculously avoided), don’t think it’s all over. If you believe your rights have been violated or if you simply want to report an abusive inspection, you can contact the EFF, the ACLU (American Civil Liberties Union, the main civil rights advocacy group), or other rights advocacy organizations. No, that won’t restore your dignity lost during the search, but it could help improve practices for future travelers.

If your devices have been seized (bad luck), you can generally recover them later, but assume that all data has been copied and analyzed, that your beach photos are now in a government folder, and that somewhere in Washington, an agent now knows your dubious music tastes. Change your passwords as soon as possible for all your accounts (even those you might not think of), and seriously consider a complete reset of your devices once recovered. Treat them as contaminated until proven otherwise.

Key Takeaways (Other Than the Desire to Travel Somewhere Other Than the USA)

What you should remember is that once at the border, you are completely exposed… and not in a comfortable way, but rather in a way that feels transparent and small. So don’t give them any ammunition by going in as light as possible. I still find it completely crazy that to preserve a bit of privacy while traveling, you have to act like a genuine CIA secret agent. It’s quite annoying, but hey, that’s the world we live in.

Let’s remember that the majority of travelers pass customs without a digital search. Those 47,000 annual inspections I mentioned at the beginning of the article represent less than 0.01% of entries into the U.S. But it’s like lightning: rare, but devastating when it strikes you. And knowing that your privacy depends essentially on the goodwill of an agent who might not have slept well is not particularly reassuring.

Caught between the protection of our personal data and ever more intrusive security demands, the modern traveler finds themselves once again in a bind.

In any case, stay vigilant and remember: what happens in Vegas doesn’t necessarily stay in Vegas when it goes through U.S. customs.

You can download the complete EFF guide here.

Did you enjoy this article? Feel free to share it on social media and subscribe to our newsletter so you never miss a post!And if you'd like to go a step further in supporting us, you can treat us to a virtual coffee ☕️. Thank you for your support ❤️!
⚠️ Legal Disclaimer: This website is an informational and educational tech blog. The content provided aims to help users better understand technologies, software, online tools, and digital practices.

We do not support or promote any form of piracy, copyright infringement, or illegal use of software, video content, or digital resources.

Any mention of third-party sites, tools, or platforms is purely for informational purposes. It is the responsibility of each reader to comply with the laws in their country, as well as the terms of use of the services mentioned.

We strongly encourage the use of legal, open-source, or official solutions in a responsible manner.

Categorized in:

Cybersecurity