Travellers to the US face the uncomfortable choice of handing over personal information, including social media passwords and mobile phone contacts, or running the risk of being denied entry to the country under a new “extreme vetting” policy being considered by the Trump administration.
Tourists from Australia, New Zealand, the UK and other US allies including Germany and France could be forced to reveal personal data, as well as disclose financial information and face detailed ideological questioning, according to administration officials quoted by the Wall Street Journal.
Citizens from these countries are currently covered by the US Visa Waiver Program.
While US citizens have established rights against unlawful searches at the border, the extent to which foreign travellers can resist requests to hand over personal information is unclear.
The US customs and border patrol told the Guardian: “All international travellers arriving to the US are subject to US Customs and Border Protection (CBP) inspection.
“This inspection may include electronic devices such as computers, disks, drives, tapes, mobile phones and other communication devices, cameras, music and other media players and any other electronic or digital devices.
“Keeping America safe and enforcing our nation’s laws in an increasingly digital world depends on our ability to lawfully examine all materials entering the US,” it added.
The border protection agency said it strives to process arriving travellers as efficiently and securely as possible while ensuring compliance with laws and regulations governing the international arrival process.
It did not answer specific questions about social media accounts and devices.
The UK Foreign Office declined to provide any advice to British travellers, referring to its general foreign travel advice page for the US, which contains no information on digital privacy at the border.
The Electronic Frontier Foundation, a US non-profit which campaigns for digital civil rights, advises travellers: “Border agents cannot deny a US citizen admission to the country. However, if a foreign visitor declines, an agent may deny them entry.
“If a foreign visitor refuses a border agent’s demand to unlock their digital device, provide the device password, or provide social media information, and the agent responds by denying entry, the foreign visitor may have little legal recourse.”
Nate Wessler, a lawyer with the American Civil Liberties Union, explained: “A lot of the difficulties here come from the burden of proof.
“For US citizens, they have an absolute right to enter; for permanent residents, the burden is on the government to prove they have become inadmissable for entry.
“But for visa holders, the burden is on the traveller to show that they are admissible to the US. That means there’s a risk that if someone is asked for a device and refuses, the agent may deem that refusal a failure to meet that burden of proof.”
The foundation recommends travellers minimise the data they carry across the border, by not carrying non-essential devices, deleting sensitive information before travelling, and shifting some data to cloud services.
Changing any passwords after they have been handed over, and securely resetting devices after they have been accessed and potentially compromised by CBP, can also prevent long-term data insecurity.
However, the civil rights advisers point out that changing passwords and other privacy protection measures could be interpreted as suspicious and lead to longer detention at the border or being preventing from entering the US.
Wessler adds: “The best protections will be practical ones rather than legal ones, and travellers should think about how much data and what devices they’re carrying with them.”