Border agents seized a journalist’s laptop. It took 11 minutes to access everything.

Eleven minutes is how long it took from device seizure to full content access. The laptop was password protected. The password was seven characters.

The journalist had taken what they considered reasonable precautions. They were wrong about what reasonable means at a border crossing in 2026.

What the law actually says

In the United States, border agents can search electronic devices without a warrant, without probable cause, and without any articulable suspicion for both citizens and non-citizens at ports of entry. This authority has been upheld in federal court. It is not hypothetical.

In the UK, Schedule 7 of the Terrorism Act 2000 gives border agents the power to stop, question, and search any person at a port of entry for up to nine hours without suspicion. Multiple journalists have been stopped and had devices searched under this power.

In the European Union, the legal framework is more protective in theory. In practice, border control is exempted from many GDPR protections under national security provisions.

Knowing the specific legal framework for your destination, your transit countries, and your home country is not optional. It’s the first element of any serious border crossing protocol. Most travelers who think they have a threat model do not, until something like this happens. How to build your threat model in twenty minutes is the place to start before any high-risk crossing.

What actually happens during a device search

A border agent who decides to search your device will ask you to unlock it. For non-citizens entering the US: refusal likely means denial of entry. For citizens: possible detention and device seizure.

Once unlocked, an agent may conduct a manual review. scrolling through messages, photos, and email. Or they may connect the device to a forensic extraction tool. The eleven-minute access used a Cellebrite UFED device, standard equipment at many border crossings. What that device actually pulls off a phone is documented in what forensic tools can extract from a seized device. The eleven minutes was not because the device was weak. It was because the tools are that good.

What’s accessible beyond the device: any cloud account where the device is logged in. If your iCloud or Google account is authenticated, an agent with the device has access to your cloud storage and backup.

The travel device protocol

The answer is not clever settings or better encryption of your personal device. It’s separation.

A travel device is a phone or laptop that contains nothing sensitive before you cross a border. Reset to factory settings. No personal accounts linked to your identity. Only the tools you need for the specific trip.

For a journalist: the travel device has Signal, Proton Mail with a trip-specific address, a VPN. It does not have years of message history, contacts from previous source relationships, photos from previous trips, or any account linked to your real identity.

Proton Mail earns its place in this stack for two specific reasons. The provider operates under Swiss jurisdiction, which keeps US and UK production orders out of automatic reach. And it has been tested under actual legal pressure, not just claimed in a privacy policy. Trip-specific aliases mean the address that travels with the device is not the address tied to source relationships.

The travel device can be surrendered at a border without meaningful consequence. A device that contains nothing sensitive cannot reveal anything when searched.

The cost of a refurbished Pixel running GrapheneOS is under 100 euros. The cost of the information on most journalists’ personal phones, if accessed at a border, is not measurable in euros.

When you cannot use a travel device

For these situations: before crossing any border in a high-risk environment, review your device. Delete what you don’t need. Log out of cloud accounts. Review your Signal history and whether disappearing messages are enabled. The security checklist before traveling to a high-risk country is the long-form version of that paragraph. Worth running three weeks before departure, not three minutes.

This is not equivalent to a travel device. It’s the minimum viable approach when the full protocol isn’t available.

If your device is seized and returned

A device that has been in physical custody of any authority is not a clean device. Do not reconnect it to sensitive networks, work email, or password managers from it. Treat it as compromised until proven otherwise, which in practice means do not trust it again.

Forensic toolkits at the high end can install firmware-level implants that survive a factory reset. For high-value targets, the only defensible response is replacing the device entirely. The cost of a refurbished phone is always less than the cost of a compromised one being used against the people you work with.

The same applies to accessories. A USB-C cable is small enough to hide an implant and cheap enough to discard. Anything that crossed the border in physical custody falls in the same category as the device itself.

Frequently asked questions

Can US border agents search your phone without a warrant?

Yes. This authority has been upheld in federal court. Border agents can search electronic devices of both citizens and non-citizens at ports of entry without a warrant, probable cause, or suspicion. The correct response is a travel device that contains nothing sensitive.

What is Schedule 7 in the UK?

Schedule 7 of the Terrorism Act 2000 gives UK border agents the power to stop, question, and search any person at a port of entry for up to nine hours without needing suspicion. Multiple journalists and activists have been detained under this power. It has been criticised by press freedom organisations including Reporters Without Borders.

Can border agents access my cloud accounts through my phone?

Yes, if the device is unlocked and the cloud accounts are authenticated. Once an agent has access to an unlocked iPhone or Android with iCloud or Google Drive logged in, the cloud is accessible from the device. Logging out of cloud accounts before crossing reduces this exposure but does not remove what was synced before. A travel device with no cloud accounts authenticated is the only setup that closes this vector.

What does Cellebrite UFED actually extract from a laptop?

A full disk image when the device is unlocked. That includes deleted files in unallocated space, browser history, cached credentials, and any data the operating system has not yet overwritten. The eleven-minute timeline reflects extraction speed, not cracking time. The laptop in this case was already unlocked when extraction began.

A border crossing is not a communication event. It’s a physical access event. The threat model is different, and so is the response.

Proton Unlimited is the tool we recommend for encrypted email, VPN and secure storage. It’s what we’d use ourselves.

---

There’s no perfect setup. Anyone selling you perfect is selling fear. The goal is simple: make yourself a harder target than the person next to you.