US may force travellers to unlock their devices
Business travellers and tourists may face password demands at US borders
The Trump administration may adopt new measures that will allow border authorities to force foreign travellers to hand over their phones and passwords, including those from countries part of the visa waiver programme such as the UK and France.
Foreigners may be expected to reveal mobile phone contacts, social media passwords and financial data in order to enter the country, said the Wall Street Journal.
Gene Hamilton, the senior counselor to homeland security secretary John Kelly, told the WSJ: "If there is any doubt about a person's intentions coming to the United States, they should have to overcome - really and truly prove to our satisfaction - that they are coming for legitimate reasons."
US citizens have established rights against unlawful searches at the border, but foreign travellers' rights are not yet clear.
The Center for Democracy & Technology (CDT), a coalition of human rights and civil liberties organisations, trade associations and experts in security, technology and the law expressed its concerns over Hamilton's comments.
"We recognise the important role that DHS plays in protecting the United States' borders and the challenges it faces in keeping the US safe, but demanding passwords or other account credentials without cause will fail to increase the security of US citizens and is a direct assault on fundamental rights," the CDT said.
It added: "This proposal would enable border officials to invade people's privacy by examining years of private emails, texts, and messages. It would expose travellers and everyone in their social networks, including potentially millions of US citizens, to excessive, unjustified scrutiny. And it would discourage people from using online services or taking their devices with them while traveling, and would discourage travel for business, tourism, and journalism."
The US Customs and Border Protection agency told the Guardian: "All international travellers arriving to the US are subject to US Customs and Border Protection (CBP) inspection. This inspection may include electronic devices such as computers, disks, drives, tapes, mobile phones and other communication devices, cameras, music and other media players and any other electronic or digital devices."
The Electronic Frontier Foundation recommends that travellers carry less data by not taking non-essential devices, deleting sensitive information, and potentially shifting some data to cloud services. Other measures also recommended include turning on two-factor authentication, which prevents devices or services from being accessed with just a password. However, using these methods may arouse suspicion in border agents and could be used as a reason to delay or deny entry to the US.
Trump has already tried to impose a travel ban on travellers coming from various Muslim-majority countries in the past, although these attempts have been waylaid by various court actions.
The UK already has the power to enforce similar border entry searches, according to the Open Rights Group, under Schedule 7 of the Terrorism Act 2000. There is no need for specific reasons for suspicion under the general powers of the Schedule and "travellers can be asked to provide the passwords for the electronic devices they are carrying, and in most cases they comply. There is generally no indication about the kind of information that the police are seeking".
In the year ending 31 March 2016, the UK examined 26,167 people using this power, a fall of 18% on the previous year, but the number of travellers detained as a result increased from 1,311 the previous year to 1,821.
"The increase in the number of detentions follows the introduction of the Anti-social Behaviour, Crime and Policing Act 2014 in August 2014, which amended the powers under Schedule 7 to TACT 2000 to ensure that a mandatory detention takes place where an examination lasts for more than an hour," the government said.
Rights groups like Liberty have criticised Schedule 7 for many reasons and advocacy organisation Cage has created a "Know your Rights" factsheet that states that the government can ask for passwords to devices.
The essential guide to cloud-based backup and disaster recovery
Support business continuity by building a holistic emergency planDownload now
Trends in modern data protection
A comprehensive view of the data protection landscapeDownload now
How do vulnerabilities get into software?
90% of security incidents result from exploits against defects in softwareDownload now
Delivering the future of work - now
The CIO’s guide to building the unified digital workspace for today’s hybrid and multi-cloud strategies.Download now