While proposals announced by the United States government earlier this year requiring those travelling to the US to provide details of all social media accounts caught the media's attention here, a different, and altogether more significant, US policy seems to have slipped totally under the radar.

A US Customs and Border Protection (CBP) Directive first introduced in August 2009, and reviewed and updated in January 2018, allows US CBP agents to search, without warrant, the electronic devices of anyone entering or exiting the US. Given that all information stored on a traveller's smart phone, laptop or other electronic device may be examined or even copied, this is much more troubling and a far greater invasion of one's privacy than a requirement to provide details of social media accounts.

The US Supreme Court has upheld the constitutionality of border searches, stating that control of the border is a fundamental principle of sovereignty. The Court has also noted that the expectation of privacy is reduced at the border.

Border searches of electronic devices, while rare, are increasing. CBP conducted 8,500 such searches in 2015, 19,000 in 2016, rising to 30,200 last year. CBP claims these numbers amount to just 0.007% of arriving travellers, but the numbers are increasing. It is not clear if these searches have occurred in the six countries where US pre-clearance is permitted, Ireland being one such country. In 2016, CBP pre-cleared 18 million travellers, representing over 15% of commercial air travellers to the US.

If a non-US citizen refuses to consent to a search of his or her electronic device, he or she may be denied entry and the CBP agent may detain the device.

The CBP Directive provides for both basic and advanced searches. A basic search, whereby a CBP agent manually reviews and analyses information on an electronic device, may be carried out without any reasonable suspicion. To carry out an advanced search the CBP agent must have a reasonable suspicion that the traveller is involved in illegal activity or that there is a national security concern. In these circumstances, the agent may connect the traveller's electronic device to external forensic equipment, allowing him or her to not only review and analyse, but to also copy  the information stored on that device. Travellers are obliged to provide any passwords required to access the device or any encrypted data, so having a pass code on your phone or password protected files on your laptop won't save you from being searched. However, CBP agents are prohibited from accessing information stored remotely, or 'in the cloud'. The CBP Directive requires agents to switch the device to airplane mode prior to carrying out any search in order to prevent access to information stored remotely.

The CBP Directive refers to the possibility of encountering sensitive information such as medical records or journalists' work, but does not provide any exemption from search.

A border search of one's phone or laptop containing legally privileged information or confidential communications is troubling. Concerned travellers should take reasonable steps to protect privileged and confidential information when travelling to and from the US. This might include asserting privilege in an attempt to refuse a search request or deleting confidential information from a device prior to travelling or storing it remotely if it needs to be accessed upon arrival.

The CBP Directive contains certain checks and balances. A CBP agent may detain electronic devices or copies of information for up to five days. However, supervisory approval is required to do this. In addition, if after reviewing the information there is no probable cause to seize the device or the information, any copies of the information must be destroyed within seven days and any electronic device must be returned.

While the latest version of the CBP Directive introduces certain safeguards for travellers and their privacy, it is nonetheless being questioned and challenged. In May, the US District Court in Boston refused to dismiss a lawsuit challenging the US Government's authority to search electronic devices at the border. The Government argued that it has a paramount interest in protecting its territorial integrity, and that the expectation of privacy is less at the border than it is in the interior. The Court acknowledged that this may be true, but stated that electronic searches are more intrusive and invasive than searches of a traveller's personal effects, and it is allowing the challenge to proceed. We await the outcome of this case, and the implications, positive or negative, that it will have on an individual's right to privacy and on travellers to the US.

This article contains a general summary of developments and is not a complete or definitive statement of the law. Specific legal advice should be obtained where appropriate.