In February, Senator Ron Wyden sent a letter to Homeland Security asking for an explanation as to why US Customs and Border Protection (CBP) has been conducting an increasing number of searches recently. On June 20, acting CBP commissioner Kevin McALeenan finally replied but did not address the surge in border searches. However, in his letter, which was obtained by NBC News (PDF), he revealed the limits of CBP’s power.
CBP has the authority to conduct warrantless searches on anyone who enters the country to determine if a device contains child pornography or anything that would be a threat to national security. However, he also revealed that CBP officials are only allowed to look at the data stored on the device itself and not cloud data that is stored on remote servers:
CBP's authority to conduct border searches extends to all merchandise entering or departing the United States, including information that is physically resident on an electronic device transported by an international traveler. Therefore, border searches conducted by CBP do not extend to information that is located solely on remote servers.
The use of the word “solely” suggests that CBP officials are allowed to look at things like e-mails, social media posts and files on cloud storage apps, which are stored both on the device itself and remotely.
Besides the limits of CBP’s power, McALeenan also clarified that travelers can refuse to unlock their devices or hand over their passwords, but if they do so, CBP officials have the right to detain the device.