If you buy something using links in our stories, we may earn a commission. Learn more.
When Ryan Lackey has traveled to countries like Russia or China, he has taken certain precautions: Instead of his usual gear, the Seattle-based security researcher and chief security officer of a cryptocurrency insurance firm brings a locked-down Chromebook and an iPhone that's set up to sync with a separate, nonsensitive Apple account. He wipes both before every trip and loads only the minimum data he'll need. Lackey has gone so far as to keep separate travel sets for each country, so that he can forensically analyze the devices when he gets home to check for signs of each country's tampering.
Now, Lackey says, the countries that warrant that paranoid approach to travel might include not just Russia and China but also the United States—if not for Americans like him, then for anyone with a foreign passport who might come under the increasingly draconian and unpredictable scrutiny of US Customs and Border Protection (CBP). "All of this applies to America more than it has in the past," says Lackey. "If I thought I were likely to be a targeted person, I would go through this same level of protection."
Since the start of the second Trump administration, there appears to be an uptick in foreign visitors to the US being denied entry, resulting in people being sent back to their original destinations or being held in detention. Citizens from Germany, the UK, and France have all reported being detained, in some cases for weeks, or denied entry when attempting to enter the US—including several individuals who say they are legal residents with Green Cards. France’s education minister said one French scientist was denied entry after immigration officials searched his phone and found conversations where “he expressed a personal opinion on the Trump administration’s research policy.” The stricter enforcement of visa and travel permit regulations has led to officials in Germany and Britain to change their travel guidance, with Britain warning that rules are enforced “strictly.”
That de facto border crackdown is set to become far more explicit if the Trump administration follows through on a plan to enact a new “travel ban” on more than 40 countries, which would reportedly bar entry entirely from at least 10 nations and subject visitors from another five to new scrutiny and automatic interviews at the border. Another 26 countries would fall into a third category where their status will be decided in the 60 days after the policy goes into effect.
All of these changes suggest that US borders are about to become far less friendly places to foreigners and even to Americans returning from abroad. And these new border enforcement measures will no doubt be accompanied by aggressive attempts at surveillance extending to travellers’ electronic devices—a threat to digital privacy and free expression that extends to foreigners and US residents alike.
“We’re seeing extraordinarily disturbing examples of retaliatory action based on people's speech and political opinions,” says Nathan Wessler, the deputy director of the American Civil Liberties Union’s Speech, Privacy, and Technology Project. “When that’s combined with really sweeping authority to mine the contents of our phones and laptops, looking at things we've written, things people have sent us, it should be a particular cause for concern for people across the political spectrum—and people with all kinds of citizenship and immigration statuses.”
In fact, Customs and Border Protection has long considered US borders and airports a kind of loophole in the US Constitution's Fourth Amendment protections, one that allows them wide latitude to detain travelers and search their devices. For years, the agency has used that opportunity to hold border-crossers on the slightest suspicion and demand access to their computers and phones, with little formal cause or oversight.
Citizens are far from immune. CBP detainees from journalists to filmmakers to security researchers have all had their devices taken out of their hands by agents.
As those intrusions become more common and aggressive in the second Trump era, WIRED has assembled the following advice from legal and security experts to help preserve your digital privacy while crossing American borders. But take all of these strategies with caution: Given CBP’s unpredictable—and in many areas undocumented—practices, none of the experts WIRED spoke to claimed to have a privacy panacea for the American border.
This article was first published in February 2017 and updated in March 2025 to reflect changes in technology and the second Trump administration. WIRED’s guide to protecting yourself against government surveillance includes more security and privacy advice.
Phone Home
First, if you have any reason to think you could be detained or questioned at the border, alert a lawyer or a loved one who can contact a lawyer before going through customs, and contact them again when you get out. If you are detained, you may not be able to access your devices or otherwise have the opportunity to reach the outside world. And in the worst-case scenario of a lengthy detention, you'll want someone advocating for your release and legal representation.
Lock Down Devices
If customs officials do take your devices, don't make their intrusion easy. Encrypt your hard drive with tools like BitLocker, Veracrypt, or Apple's Filevault, and choose a strong passphrase. On your phone, set a strong PIN. Using hard-to-crack alphanumeric code to unlock your phone rather than a four digit PIN or biometrics is the strongest approach to securing the device. On an iPhone, disable Siri from the lock screen by switching off Allow Siri When Locked under the Siri menu in Settings.
Remember also to turn your devices off before entering customs: Hard-drive encryption tools offer full protection only when a computer is fully powered down. If you use FaceID, your iPhone is safest when it's turned off, too, since it requires a PIN rather than a face scan when first booted, resolving any ambiguity about whether border officials can compel you to unlock the device with your biometrics.
In recent years, Apple and Google have made it possible to separate sensitive apps from being shown with others on your phone—placing them in a separate folder from other apps and protecting them with another layer of authentication. Android’s Private Spaces can be turned on in the Security and privacy settings menu, while long pressing an app on iOS will bring up the option to place it in a hidden folder.
Finally, Wessler recommends that travelers be sure to update their operating systems on both laptops and phones before crossing the border. That’s because CBP could, in some cases, use tools like Cellebrite or GrayKey to exploit unpatched vulnerabilities in those devices, accessing them without the user unlocking them. “It may be that if your operating system is six months out of date, your device is vulnerable,” Wessler says. “The newest version may not be.”
Keep Passwords Secret
This is the tricky part. American citizens can't be deported for refusing to give up passwords for social media accounts or encrypted devices, says the ACLU's Wessler. That means if you stand your ground and don't reveal passwords or PINs, you may be detained and your devices confiscated—even sent off to a forensic facility—but you'll eventually get through with your privacy far more intact than if you divulge secrets. "They can seize your device, even for months while they try to break into it," says Wessler. "But you’re going to get home." (Despite the Trump administration’s shocking treatment in some cases of foreign permanent residents, this protection applies to green card holders too, Wessler says.)
Be warned, however, that denying customs officials access can at the very least lead to hours of uncertain detention in a bleak, windowless CBP office. At some US airports and in various states, court rulings have put limitations and restrictions on what CBP officials can do to access your devices, but there’s little guarantee those restrictions will be followed in practice if border agents have your computer or phone in their custody without oversight.
Broadly, the CBP outlines two types of device searches: basic, where an officer “manually” reviews a device’s content; and an advanced search where a device is connected to external equipment and its contents can be reviewed, copied, or analyzed. The latter search requires a “reasonable suspicion” of a crime, CBP says. The agency’s official guidance avoids explicitly saying people are required to hand over passwords, skirting around the issue by saying devices should be presented “in a condition that allows for the examination.”
“If the electronic device cannot be inspected because it is protected by a passcode or encryption or other security mechanism, that device may be subject to exclusion, detention, or other appropriate action or disposition,” the agency says online.
For non-Americans coming to the US on a visa or from a visa-waiver country, Wessler warns that they face a far starker dilemma: Refuse to give up a passcode or PIN and you may be denied entry. “There’s a very practical assessment people have to make about what's most important to them,” he says. “Getting into the country but sacrificing privacy or protecting your privacy—but risking that you may be turned around at the border.”
Minimize the Data You Carry
For the most vulnerable travelers, there’s one clear solution to that dilemma: The best way to keep customs away from your data is simply not to travel with it. Instead, like Lackey, set up travel devices that store the minimum of sensitive data. Don't link those "dirty" devices to your personal accounts, and when you do have to create a linked account—as with an Apple ID for iOS devices—create fresh ones with unique usernames and passwords. "If they ask for access and you can’t refuse, you want to be able to give them access without losing any sensitive information," says Lackey.
(Social media accounts, admittedly, can't be so easily ditched. Some security experts recommend creating secondary personas that can be offered up to customs officials while keeping a more sensitive account secret. But if CBP agents do link your identity with an account you tried to hide, the result could be longer detention and, for noncitizens, even denial of entry.)
If you can’t create a separate travel device, the Electronic Frontier Foundation also suggests logging out of apps and cloud services—such as Google Drive, or MicrosoftOne Drive—so that border agents can’t access documents or data you are storing remotely. Backing up data, such as photos or files, to the cloud services before you travel can help to remove data from the phone.
“The only sure way to protect yourself is to not carry information with you or to carry as little as possible,” says the ACLU’s Wessler. “As long as you have a device and there's stuff on it, that's potentially vulnerable to search.”
That vulnerability to search comes in part from the fact that privacy rights for digital devices at the border remains troublingly unsettled in US law, says UC Davis law professor Elizabeth Joh. While the Supreme Court decision in Riley v. California in 2014 declared warrantless searches of devices at the time of arrest unconstitutional, no case has set such a precedent for the American border—much less for non-Americans seeking those same privacy rights.
Since 2014, several federal appeals courts have come to conflicting opinions about when it’s constitutional for customs and border agents to search electronic devices, but the Supreme Court has yet to weigh in. Until it does, the border zone will remain in a kind of legal limbo.
The government, after all, has the power to open bags crossing into its territory or even dismantle cars to search for contraband, Joh points out. "What does that mean in an age when people bring their digital devices across borders? The Supreme Court hasn’t spoken to that issue," Joh says. "The real problem here is there's still no good set of protections for a portal into your private life."
