UK tourists to US may get asked to hand in passwords or be denied entry
Although mitigation options exist, lawyers warn attempts to protect personal data may be seen as ‘probable cause’ for searching
By Alex Hern
Apr 9 2017
British travellers to the United States face the uncomfortable choice of handing over personal information, including social media passwords and mobile phone contacts, or running the risk of being denied entry to the country, under a new “extreme vetting” policy being considered by the Trump administration.
Tourists from the UK and other US allies including Germany and France, could be forced to reveal personal data, as well as disclose financial information and face detailed ideological questioning, according to Trump administration officials quoted by the Wall Street Journal. While US citizens have established rights against unlawful searches at the border, the extent to which foreign travellers can resist requests to hand over personal information is unclear.
The US customs and border patrol told the Guardian: “All international travellers arriving to the US are subject to US Customs and Border Protection (CBP) inspection. This inspection may include electronic devices such as computers, disks, drives, tapes, mobile phones and other communication devices, cameras, music and other media players and any other electronic or digital devices.
“Keeping America safe and enforcing our nation’s laws in an increasingly digital world depends on our ability to lawfully examine all materials entering the US,” it added. The CBP said it strives to process arriving travellers as efficiently and securely as possible while ensuring compliance with laws and regulations governing the international arrival process. It did not answer specific questions about social media accounts and devices.
The UK Foreign Office declined to provide any advice to British travellers, referring the Guardian only to its general foreign travel advice page for the US, which contains no information on digital privacy at the border.
The Electronic Frontier Foundation, a US nonprofit which campaigns for digital civil rights, advises travellers: “Border agents cannot deny a US citizen admission to the country. However, if a foreign visitor declines, an agent may deny them entry.
The group’s digital privacy guide continues: “If a foreign visitor refuses a border agent’s demand to unlock their digital device, provide the device password, or provide social media information, and the agent responds by denying entry, the foreign visitor may have little legal recourse.”
Nate Wessler, a staff attorney with the American Civil Liberties Union, explained: “A lot of the difficulties here come from the burden of proof. For US citizens, they have an absolute right to enter; for permanent residents, the burden is on the government to prove they have become inadmissable for entry.
But for visa holders, the burden is on the traveler to show that they are admissible to the US. That means there’s a risk that if someone is asked for a device and refuses, the agent may deem that refusal a failure to meet that burden of proof.”
Mitigation efforts may help limit the exposure of individual travellers. The EFF recommends travellers minimise the data they carry across the border, by not carrying non-essential devices, deleting sensitive information before travelling, and shifting some data to cloud services. Changing any passwords after they have been handed over, and securely resetting devices after they have been accessed and potentially compromised by CBP, can also prevent long-term data insecurity. Wessler adds: “The best protections will be practical ones rather than legal ones, and travellers should think about how much data and what devices they’re carrying with them.”