What CBP Can (and Can't) Do With Your Devices at the U.S. Border

TLDR: Under CBP’s updated January 2026 directive, U.S. Customs and Border Protection has broad authority to search your phone, laptop, or any other electronic device at the U.S. border, and no warrant is required. A “basic” manual review of your device can happen without any suspicion at all, while a deeper forensic extraction requires reasonable suspicion and supervisor approval. Importantly, CBP’s reach stops at your device itself: agents cannot remotely access cloud storage like iCloud or Google Drive unless that data is already saved locally on your phone. You can decline to hand over your password, but doing so may lead to device seizure or extended inspection. For non-citizens, this can affect admissibility. These rules apply equally to U.S. citizens, green card holders, and foreign nationals.

A New Directive, the Same Broad Authority

If you’ve ever crossed a U.S. border, whether at an airport, a land crossing, or a seaport, you may have wondered: can CBP really look through my phone? The short answer is yes. And a newly updated directive from January 2026 (CBP Directive 3340-049B) clarifies exactly how that authority works.

The good news: the directive also outlines real limitations. CBP’s power is broad, but it isn’t unlimited. Understanding the rules can help you travel smarter, and know your rights if you’re ever stopped.

What CBP’s Updated Directive Actually Says

CBP relies on the “border search exception” to the Fourth Amendment. In short, the government has long held that the rules governing searches inside the United States don’t fully apply at its borders. Courts have generally upheld this exception, and the new directive formalizes how CBP agents should use it.

Basic Searches: No Suspicion Required

A basic search is exactly what it sounds like, a manual review of what’s on your device. An officer might scroll through your photos, check your text messages, review call logs, or open stored documents and emails. No external equipment is involved.

The critical point: CBP does not need any suspicion to conduct a basic search. They can do it to anyone, at any time, at the border. This applies to phones, laptops, tablets, cameras, USB drives, external hard drives, and any other digital storage media.

Advanced Searches: Reasonable Suspicion Required

An advanced search is a different matter. This involves connecting your device to external equipment; think forensic imaging software or full data extraction tools. It’s a much deeper dive.

To conduct an advanced search, CBP officers must have:

1. Reasonable suspicion of a legal violation or a national security concern, and
2. Supervisory approval before proceeding.

This is a meaningful safeguard, forensic extraction can’t simply happen on a whim.

What CBP Cannot Do

The directive isn’t just a permission slip. It also draws clear lines around what CBP agents are not allowed to do. These are important protections worth knowing.

No Access to Cloud Data

CBP officers may only search data that is physically stored on your device. They cannot remotely access your iCloud account, Google Drive, Dropbox, or any other cloud-based storage unless that data has already been downloaded and is sitting locally on your phone or laptop.

Practical tip: If you’re concerned about privacy during international travel, logging out of cloud apps and removing locally cached files before you travel can limit what’s accessible during a border search.

No Forensic Search Without Cause

Advanced searches require reasonable suspicion. CBP can’t run your device through forensic software simply because an agent feels like it. There must be an articulable reason, and a supervisor must sign off.

Passwords: Asked, Not Compelled

CBP agents may ask you to unlock your device. However, there is no federal statute that legally requires you to hand over your password. That said, refusing comes with potential consequences:

• Your device may be temporarily seized for further review.
• The inspection may take significantly longer.
• For non-citizens, refusal can factor into admissibility decisions, a serious consideration for visa holders or those seeking entry.

U.S. citizens cannot be denied re-entry for refusing to unlock a device. But the practical reality is that refusing may lead to a longer and more stressful experience at the port of entry.

What About Attorney-Client Privilege or Sensitive Materials?

The directive does include procedures for handling privileged or sensitive information  including attorney-client communications, work product, medical records, and journalistic materials. If you assert privilege during a search, the officer is supposed to pause the review and follow a special protocol, often involving review by agency legal counsel.

Important caveat: asserting privilege does not automatically prevent seizure. It triggers a process, not an immediate stop. If you carry professionally sensitive materials and travel frequently, it may be worth speaking with an attorney about how to organize and protect that information before you travel.

How Common Are These Searches, Really?

If this all sounds alarming, it’s worth putting the numbers in perspective. CBP processed approximately 420 million travelers in fiscal year 2024. Of those, roughly 47,000 had their electronic devices searched. That’s less than 0.01% of all travelers.

Device searches are not random sweeps, they’re targeted. Factors like travel history, flags in CBP databases, or behavior at the port of entry typically play a role. The average traveler is extremely unlikely to encounter one.

That said, certain travelers may face a higher likelihood of inspection: individuals with prior immigration issues, those traveling from high-risk countries, or those flagged for secondary inspection for other reasons.

Practical Guidance for Travelers

Whether you’re a U.S. citizen returning from a business trip or a foreign national applying for entry, here are a few steps to consider before international travel:

• Back up and then delete sensitive data you don’t need during travel. You can restore it when you’re back.
• Log out of cloud apps so locally cached data isn’t sitting on your device.
• Be cooperative and calm. Basic searches are legal and arguing with a CBP officer at the port of entry rarely ends well.
• If privilege is at stake, carry a clear privilege log or a letter from counsel identifying protected materials.
• Non-citizens should understand that refusing to cooperate carries real risks to admissibility. Consult an immigration attorney if you have concerns before traveling.

Know Your Rights Before You Travel

CBP’s updated 2026 directive doesn’t change the fundamental landscape, but it does clarify it. At the U.S. border, digital privacy protections are reduced compared to what applies inside the country. Basic searches can happen without any suspicion. Deeper forensic searches require reasonable cause and oversight.

Knowing the rules is the best way to protect yourself. If you have specific concerns about an upcoming trip, whether related to sensitive business data, immigration status, or prior interactions with CBP, the attorneys at Berardi Immigration Law are here to help you navigate the process with confidence. Schedule a consultation with us online today!

Frequently Asked Questions

Q: Can CBP search my phone if I’m a U.S. citizen?

Yes. CBP’s authority under the border search exception applies to everyone entering or exiting the United States, including U.S. citizens. However, citizenship does offer one important protection: U.S. citizens cannot be denied re-entry for refusing to unlock a device, though refusal may lead to device seizure and a longer inspection.

Q: Can CBP access my iCloud or Google Drive?

No, not directly. The directive explicitly limits searches to data stored on the device itself. CBP cannot remotely access cloud accounts. However, if cloud data is downloaded and stored locally on your device (such as photos synced to your camera roll), that data is fair game for a basic search. Logging out of cloud apps before travel reduces this risk.

Q: What happens if CBP seizes my device?

CBP has the authority to temporarily detain a device for further forensic review. They may copy data they consider relevant to a potential legal violation. You won’t necessarily get the device back immediately. If your device is seized and you’re a non-citizen, or if you believe the seizure is improper, contact an immigration attorney as soon as possible.