A border agent (US: CBP officer, Customs and Border Protection; UK: Border Force officer; equivalent agencies elsewhere) is the law-enforcement officer with broad authority at ports of entry, including warrantless device search. Distinct from immigration enforcement (ICE in the US), distinct from local police, distinct from federal investigators. The actor in every device-at-the-border scenario.
What it means in practice
The legal posture at the US border is structurally hostile to digital privacy. The Fourth Amendment’s warrant requirement does not apply at ports of entry under the border search exception (United States v. Ramsey, 1977; reaffirmed multiple times since). CBP officers can demand devices, demand passcodes, copy device contents, and detain travelers for non-cooperation. The Ninth Circuit’s United States v. Cano (2019) imposed some limits on forensic-grade searches absent reasonable suspicion, but the rule is jurisdiction-dependent and the practical experience at most ports of entry is that the officer’s discretion exceeds whatever the case law strictly requires.
Who it affects, and how
Affects every traveler entering the US, with operational asymmetry between US citizens (who cannot be denied entry but can be detained for hours and have devices retained for months), legal permanent residents (similar but with marginally weaker political pressure), visa holders (can be denied entry for refusing to unlock), and Visa Waiver Program travelers (subject to ESTA revocation as the structural penalty). The CBP can copy the device, retain the device for forensic analysis at a regional lab (typical retention: 5 to 21 days, sometimes longer), and pass the contents to other federal agencies under standard data-sharing agreements. Journalists, lawyers handling sanctioned-country matters, and NGO staff returning from adversarial jurisdictions are documented as receiving secondary-screening treatment more frequently than the baseline.
What you can change today
Three preparation actions before any US border crossing if your threat model justifies it. First, travel with a clean device that carries no source-contact history, no privileged client material, no operational identity sign-ins (see the clean-device fiche). Second, switch from biometric unlock to alphanumeric passphrase of 10+ characters and power the device fully off so it lands in BFU state at the border (where forensic extraction tools have markedly less success). Third, know your status: US citizens cannot be denied entry for refusing to unlock, but detention is possible; non-citizens face entry refusal as the primary leverage. Plan accordingly with counsel before the trip, not at the booth.
Related articles
- Digital security for lawyers: protecting client data in 2026.
- Client confidentiality in the digital age: the tools lawyers actually need.
- Digital security for journalists in 2026: the complete operational guide.
- A journalist was arrested in Kuwait for reposting a CNN video. The law used to charge him didn’t exist yet when he posted it.
