Don't Forget the Return Trip
Re-entry is often the higher-risk crossing. What to do if your device is seized, how to treat a returned phone, and the post-incident response that actually matters.
Most of the advice in this series — and most of the existing guidance from organizations like EFF and CPJ — focuses on the outbound crossing. You prepare before you leave. You carry less. You power down at the checkpoint. You know what you will say if you are asked to unlock your device.
The return trip gets less attention. It deserves more.
For U.S. travelers, re-entry is in some respects the higher-risk crossing, not the lower one. CBP's authority applies to people and goods arriving at U.S. ports of entry. The cases that have shaped border device search law — Alasaad, Bikkannavar, Kolsuz — almost all involve travelers entering or returning to the U.S., not departing. The searchable population at a U.S. border is the arriving population.
There is also a practical problem with the return crossing that does not exist on departure: your phone is probably more sensitive when you come back than when you left.
How your device changes during a trip
When you depart, you have (ideally) prepared. You have audited what is on the device, vaulted sensitive content, reduced cloud sync, and powered off before the checkpoint.
During the trip, you use the phone. You reconnect to email. You take photos. You have conversations. If you are traveling for work, you may have sent or received documents, communicated with sources or clients, accessed sensitive accounts, and done everything a working phone is for. By the time you are heading home, your device may contain a week or more of content that was not there when you left.
The return crossing requires its own preparation, not just the preparation you did before departure. A clean outbound crossing followed by an unprepared return crossing is like locking your front door when you leave and then forgetting to lock it when you come home.
Before you leave your destination — ideally the day before your departure, not at the airport — do the same audit you did before you left home. What is now on your device that was not there before? What needs to be vaulted? What can be removed?
If you have been using UltraLocked during the trip to store sensitive documents and files, the return crossing is the moment to verify that everything sensitive has been moved into the vault and nothing sensitive remains in unprotected app storage or in your camera roll.
The device seizure scenario
CBP can seize your device for further examination and return it later. This is not hypothetical; it happens. CBP's policy states that device detentions should generally not exceed five days absent exceptional circumstances — though "exceptional circumstances" is not precisely defined, and there is no independently enforced hard limit on how long a device can be held.
During the period your device is held, its contents may be copied to a CBP forensic system. CBP agents will likely conduct an extraction using the tools described in Part 2. The copy CBP retains may be stored in the Automated Targeting System for up to fifteen years and shared with other agencies.
When you get the device back, you may receive a form — typically Form 6051D — documenting the search. Ask for this if you are not given one. It should include the name and badge number of the officer and a description of what was done. EFF recommends filing a complaint with CBP or DHS TRIP if you believe your device was searched without proper legal basis.
The more important question: what should you assume about the device you get back?
Treating a returned device as potentially compromised
If your device was taken from your sight — even briefly — the safest assumption is that it may have been tampered with. Not because border agents routinely install spyware on travelers' devices — there is no evidence of this as a CBP practice — but because you cannot verify what was done while the device was out of your hands.
This stands in contrast to what has been documented at China's Xinjiang border, where officials were shown to install a surveillance application on tourists' Android devices. That is a categorically different and documented threat that warrants treating any device that passed through that crossing as compromised regardless of what you were told.
For U.S. re-entry or other lower-risk crossings where device seizure occurred, a graduated response is appropriate:
Immediately after the device is returned: Write down everything you remember: the port, the date and time, the officer's name and badge number, whether the device left your sight, how long it was held, what accounts were open on the device, and whether you unlocked it and what you showed the officer.
Within 24 hours: From a separate, trusted device, change the passwords for your most sensitive accounts — starting with your primary email, then Apple ID or Google account, then password manager, then banking and financial accounts, then work SSO and any professional platforms. Do not use the seized device to change passwords; if the device was compromised, an attacker could intercept anything you type on it.
Revoke active sessions and tokens for your cloud accounts. Apple's Settings > [Your Name] > iCloud allows you to see devices with active sessions and sign out remotely. Google's security settings show active sessions. Slack, Dropbox, and most other cloud platforms allow you to revoke all active sessions from their web interfaces. Signal and WhatsApp allow you to remove linked devices.
If you have elevated risk: Run Apple's Safety Check (Settings > Privacy & Security > Safety Check) to review apps and people with access to your information. Review your device's configuration profiles (Settings > General > VPN & Device Management) for any profiles you did not install. Review trusted computers in your iTunes/Finder settings. Consider a full device erase and restore from a pre-travel backup — a backup made before the trip, not after. For high-risk cases involving journalists, lawyers, or researchers with source or client exposure, some security advisors recommend replacing the device entirely rather than attempting to verify its integrity.
Report the encounter: If you are a journalist, report the search to your newsroom security contact or to the U.S. Press Freedom Tracker. If you are a lawyer with concerns about client privilege, document the encounter for potential privilege-protection purposes. If you are connected to a university or research institution, report to your institution's security or legal team.
Foreign departure searches
While the focus in this series has been on U.S. border crossings, a note on departure from other countries: UC guidance for faculty traveling internationally warns that devices have been searched at foreign ports of departure in Europe and Asia. Departure from certain countries — particularly those with active surveillance programs and known interest in specific research areas, political activities, or journalistic work — may involve as much risk as arrival.
If you are traveling through or departing from a country with documented border surveillance practices, treat that departure crossing with the same preparation you bring to a U.S. re-entry.
The through-line
The goal of preparing for the return crossing is not anxiety. It is the same thing the rest of this series is about: making deliberate decisions about what you carry, understanding what the realistic exposure is, and not being caught unprepared when something happens that you could have anticipated.
Border crossings are a known, documented risk. The tools, the legal framework, the statistics, and the cases are all part of the public record. None of this is secret. What is uncommon is travelers who have read it and prepared accordingly.
Previously: Part 5 — It's not your photos you should worry about.
Final installment: Part 7 — Your complete border-crossing checklist. Everything in this series, consolidated and ready to use.