Welcome to Opt Out, a semi-regular column in which we help you navigate your online privacy and show you how to say no to surveillance. The last column covered what to do with your 23andMe account after the company filed bankruptcy. If you’d like to skip to a section about a particular tip, click the “Jump to” menu at the top of this article.
If you’re a visa or green card holder with plans to travel to the US, reports of people being turned away at airports over messages found on their devices might be prompting you to second-guess your travel plans. You might be asking whether Customs and Border Protection (CBP) can search your phone, whether you can opt out and what you should do to minimize your risks.
The short answer is that yes, CBP can search your devices. Constitutional protections are generally weaker at US borders, including airports. You can try to opt out, but depending on your specific circumstances, you might not be willing to risk the potential ramifications of not complying, which can include the confiscation of your devices.
Privacy experts say everyone should conduct a personal risk assessment – which should include your immigration status, travel history and what data you might have on your phone. There’s not a one-size-fits all solution because data that may seem sensitive to some may not be to others, depending on your circumstances. That assessment might affect your calculus of whether to push back if CBP attempts to search your phone, for instance, or how much you want to lock down your devices before heading to the airport.
While CBP said it only searched about 47,000 devices of the 420 million people who crossed the US border in 2024, experts the Guardian spoke to say border enforcement has been unpredictable under the Trump administration, so figuring out whether you’re at risk of a device search is not as straightforward as it once was. French officials said a French scientist was recently turned away at an airport in Texas because immigration officers found texts that were critical of Trump on his phone.
“The super-conservative perspective is to assume they are completely unhinged and that even the most benign reasons for travel are going to subject non-citizens to these device searches,” said Sophia Cope, a senior staff attorney at the Electronic Frontier Foundation (EFF), a non-profit digital rights group.
If you’re a US citizen, you must be admitted into the country. That said, some jurisdictions allow CBP to work with the FBI or local police to advance domestic investigations, so there are still some risks of your devices being searched for domestic reasons.
There are steps you can take to make it harder for CBP officers to access your device and the data on it. So what should you do to protect the data on your phone from being searched? The main thing is to prepare ahead of heading to the airport. Here is what you should be thinking about:
Decide if you will comply with a phone search
Before you travel, start to prepare for the possibility of being pulled into secondary screening. First, you should decide if you’re going to comply if an immigration officer asks if they can search your device. They may ask for your phone password or for you to unlock the device. Ideally, you would unlock the device yourself and not share your password. You can decide not to give your consent, but that does come with its own risks.
From a guide to the border from the EFF: “This presents a no-win dilemma. If a traveler complies, then the agents can scrutinize and copy their sensitive digital information. If a traveler declines, then the agents can seize their devices and subject the traveler to additional questioning and detention.”
It’s possible that, if you refuse the search, the officer might decide that you are not worth the trouble because you do not present a high risk. They might let you go. On the flip side, though, declining could make the process longer or could result in border agents confiscating your device. If they do confiscate your device, make sure you ask for a property receipt so you can document that they have your device when you try to get it back. Even if you don’t give up your password, immigration officials can use various tools on your device to unlock it themselves. They can also try to guess your password, so make sure you have a strong and long password.
There are a lot of reasons you might not want to risk being held back longer than you already have been or risk having your device confiscated – including that you don’t know how long border agents will keep your phone.
If you plan to comply with a phone search to avoid any further complications, your phone might be searched either manually or with forensic tools. It is worthwhile to prepare for both types of searches.
Turn your phone and Face ID off before entering the US
The EFF recommends turning your devices completely off before entering the US. This could return your phone or laptop to a heightened security state and, as a result, could make it harder for anyone to break the encryption on your device.
Privacy advocates also recommend making sure your device requires a password to decrypt or unlock. If you use Face ID or a fingerprint to unlock your phone, for instance, it would be easier for an officer to use it to gain access to your device.
Do not wipe your phone
You might think the most protective options are to completely wipe your phone before traveling, use a burner or travel without a phone. But the EFF’s Cope said that could actually raise suspicions.
“People are damned if they do and damned if they don’t,” Cope said. “If you cross the border with no data on your device, that itself can be seen as suspicious.”
Instead, if you want to seem cooperative but do have data or texts stored on your phone that you wouldn’t want to be accessed, Cope suggests deleting that information selectively rather than wiping your whole device.
after newsletter promotion
Encrypt your data and use a strong password
The most important step to take before you travel is to encrypt the data on your device, which is different than using encrypted messaging services like Signal. Device encryption can make it harder for CBP officers to access files on your phone or laptop or recover deleted files, even if they confiscate the device and subject it to sophisticated forensic tools.
Fortunately, all recent models of both iPhones and most Android phones come with full-device encryption automatically turned on. On an Android, double check that yours is on in the “advanced settings” tab of your “Security” menu. You will want to choose a strong password that is not easy to guess so CBP can’t walk in the front door to your device. Here’s a good primer on how to make a strong password.
“This encryption is only as good as the encryption passphrase someone uses on their device, though,” said EFF senior staff technologist Bill Budington. “So the best advice is to choose a strong, nine- to 12-random-character (or four- to five-word) passphrase for the device, and make sure that biometric unlocks like Face ID or Touch ID are turned off when going through sensitive areas like checkpoints or somewhere your device could be confiscated.”
Laptops, on the other hand, do not all come with full-device encryption. You can use the encryption tools some of them offer to encrypt your data. MacOS has a tool called FileVault, which you can access by searching for it in the top right corner of your screen, and some Windows computers come with a tool called Bitlocker, which can be used to encrypt your device. The EFF has a full list of tools you can use on various operating systems here.
For those of you traveling with a device owned by your employer or someone else, you will want to make sure to have a conversation with them before you travel to ensure your device is sufficiently protected.
How to securely delete your data
In addition to encrypting your devices, you should delete any specific texts, apps, photos, etc that you feel are sensitive or you wouldn’t want a government agent to see.
Securely deleting this data requires a few steps and comes with limitations. If you are not wiping your phone entirely, as that may raise suspicions, you will probably opt to delete specific files. That more practical option may be effective for a manual or cursory search but may not be sufficient in the event of a more advanced search by US immigration personnel. Files may not be fully deleted, or there may be references to these files that remain on your device.
On top of ensuring your device is encrypted, you will want to make sure that you’ve deleted your files from any trash folders as well. On iMessage, for instance, if you click on “filters” in the top left corner you’ll find a “recently deleted” folder. Make sure you’ve cleared texts from there as well. On iPhones, once a file is deleted from both the main iMessage interface and the “recently deleted” file, it is permanently deleted, according to the company.
Cope suggests pre-emptively deleting some apps your don’t want to be searched. This protective method is imperfect because an advanced search could reveal that an app was installed, but it would be a way to avoid having your WhatsApp messages searched, for instance, in the case of a manual search.
Move things on to a cloud storage server
During law enforcement searches inside the boundaries of the US, a cloud storage server is not more protected than your devices. At the border, however, there are currently policies in place that prohibit CBP from searching online cloud services. In practice, that means that immigration officers will have to put your phone in airplane mode before searching it.
“They do specifically say officers are only authorized to look at data that are ‘resident on the device’,” Cope said. “So that is data that is actually on the hard drive of your phone, laptop or camera. They’re supposed to disconnect it from the internet, if it’s an internet-connected device.”
If you have data that you don’t want to or can’t delete permanently for any reason, you can delete it off your device and store it on your cloud storage like iCloud, Google Drive or Microsoft One Drive.
This is a high-level guide that may not touch on the specifics of your situation. For a full comprehensive guide on how to protect your devices at US borders, please visit the Electronic Frontier Foundation.
