In light of recent technological advances and the need to strengthen national security due to new challenges in terms of privacy and transnational crimes, the U.S. Customs and Border Protection Office (CBP) redesigned earlier this year the procedures for inspecting electronic devices at international crossings.
Now, the range of equipment that can be reviewed is broader, with stricter criteria for the retention and analysis of personal data.
Types of devices that authorities may inspect
Authorized by Directive 3340-049B, border agents, including those at airports, may examine computers, smartphones, smartwatches, flash drives, SIM cards, GPS systems, drones, in-vehicle entertainment systems, cameras and media players, and any other device capable of storing digital information.
The rule replaces and modernizes previous guidelines in force since 2018 in order to adapt them to technological progress. According to CBP, the objective is to clarify procedures and strengthen border control tools within the U.S. legal framework.
Thus, searches of electronic devices are now classified into two categories: basic inspections, which may be carried out without prior suspicion, and advanced inspections, which require a “reasonable suspicion” of legal violation and approval from a supervisory officer.
In both cases, travelers must allow access to their devices, provide passwords and fully cooperate with officers. Refusal to do so authorizes CBP to retain the device and record the incident, which may result in the loss of validity of the visa or the traveler’s immigration permit.
CBP is empowered to confiscate documents and cancel tourist visas (B1/B2) or residence permits if it detects content considered illegal, such as messages suggesting an intention to work or study in the country without the appropriate visa, or references to weapons or illegal drugs. The regulation affects both visitors and legal residents entering the country.
According to the agency, the presence of suspicious information may lead to denial of entry and subsequent legal action.
Those traveling to the United States must be prepared
At the same time, the directive also introduces limits to protect travelers’ privacy. Therefore, agents cannot deliberately access content stored exclusively in the cloud and, in case of suspicion, they may request that the device be disconnected from the internet before inspection. In the case of privileged materials (medical records, client information from lawyers, journalistic data or trade secrets), the regulation imposes additional restrictions on their review.
In addition, the retention time of devices is regulated: if custody exceeds five days, supervisory authorization is required. For periods longer than fifteen days, a higher hierarchical level must intervene. Extracted data may only be retained if there is probable cause and, if not relevant to an investigation, must be deleted within a maximum of 21 days.
It should be noted that inspections carried out by other agencies, such as Immigration and Customs Enforcement (ICE) or Homeland Security Investigations (HSI), are governed by their own protocols. The regulatory update reinforces the differentiation of competencies and procedures, consolidating the CBP legal framework in the face of technological and border security challenges.
The reality is that those traveling to the United States must be prepared to have their electronic devices subjected to thorough inspections at international ports of entry, under conditions that prioritize national security and limit the scope of digital privacy.