Image: Joe Raedle/Getty Images

Every year, thousands of Americans have their phones and other devices searched at the border before they travel abroad. Now, a US senator has revealed that when it searches these devices, US Customs and Border Protection (CBP) downloads their contents -- which can include text messages, pictures, and other personal information -- into a massive database where it's all held for 15 years. That database is accessible to thousands of Department of Homeland Security employees. 

Recommends

The best encrypted messaging apps

End-to-end encryption is an important feature in messaging, as it's the first step in protecting users from surveillance.

Read now

In a letter to CBP, Sen. Ron Wyden, D-Oregon, urged the agency "to focus on suspected criminals and security threats, rather than allowing indiscriminate rifling through Americans' private records without suspicion of a crime." 

He added: "Such changes will better protect national security and respect the rights of Americans who travel overseas for business and leisure."

SEE: What does the iPhone 14's eSIM mean for privacy, security, and travel?

Wyden said that his office learned of "egregious" CBP practices during agency briefings. The agency, he said, is "pressuring travelers to unlock their electronic devices without adequately informing them of their rights." After that, content is downloaded to a central database that's accessible to roughly 2,700 DHS employees for basically any reason. When a government employee accesses that database, they're not required to record why they're doing so. 

CBP has yet to tell Wyden the total number of Americans whose data has been stored in this database, or how frequently it's accessed. In June, however, the agency did estimate that it saves data from fewer than 10,000 phones per year.

While law enforcement typically needs to get a warrant to conduct such searches, CBP has used a "border search" loophole that allows its officers to search any international traveler's phone or laptop.   

However, Wyden noted that US travelers have so far stopped these searches by keeping their device data encrypted or refusing to give the CBP their password.   

SEE: EV boost: Biden approves network of 500,000 charging stations across 35 states

"CBP has never attempted to issue a fine against anyone for refusing to disclose their password or to unlock their phone or laptop," the senator wrote. "Indeed, the agency has not even issued a written policy or procedure guidance related to the assessment of fines in this situation."

Wyden asked the CBP to submit a written plan by Oct. 31 for addressing these issues.

Government

Microsoft adds 'Cloud for Sovereignty' to its line-upNo backup: Why cyberattacks are a big risk for the government in BrazilThe EU AI Act: What you need to knowUkrainian coders share their stories, photos from the war zone

• Microsoft adds 'Cloud for Sovereignty' to its line-up
• No backup: Why cyberattacks are a big risk for the government in Brazil
• The EU AI Act: What you need to know
• Ukrainian coders share their stories, photos from the war zone