The CBP letter, which is attributed to Kevin McAleenan, the agency’s acting commissioner, is dated June 20, four months after Wyden asked the Department of Homeland Security (PDF), CBP’s parent agency, to clarify what he called the “deeply troubling” practice of border agents’ pressuring Americans into providing passwords and access to their social media accounts.
McAleenan’s letter cites several laws that he contends allow officers to search any traveler’s phone without probable cause when the traveler enters or leaves the United States. The agency says the practice protects against child pornography, drug trafficking, terrorism and other threats.
But the question of whether that broad authority extends to data linked to on remote servers but not physically stored on a phone had remained unclear, according to privacy advocates like the American Civil Liberties Union and the Electronic Frontier Foundation.
McAleenan’s letter says officers can search a phone without consent and, except in very limited cases, without a warrant or even suspicion — but only for content that is saved directly to the device, like call histories, text messages, contacts, photos and videos.