According to a new report, US Customs and Border Protection can’t search travellers’ cloud data at the border.
The statement was provided in advance of acting commissioner Kevin McAleenan’s Senate confirmation hearing, in response to a set of questions by Sen. Ron Wyden. In the letter, he draws a sharp distinction between data stored locally on the device and cloud data stored on remote servers.
Customs has a fundamental mandate to search cargo as it enters the country, a mandate that McAleenan says extends to local disk drives. However, the letter also makes it clear that authority does not extend to data on remote servers.
He also reserves the right to request passwords from travellers, as part of commissioning their assistance in conducting a search. In the letter, McAleenan said:
“This assistance may occur by CBP requesting that the traveler open the manual lock on his or her suitcase, or unlock or otherwise make accessible the traveler’s accompanying electronic device. It is important to understand that CBP does not condition entry of U.S. citizens based on the provision of a password.”
McAleenan also describes an agency-wide communication sent out in April reminding border agents of this policy, although the precise contents of the document are classified.