Your Phone Is the Most Searchable Thing You Carry
Border crossings are a legal space unlike anywhere else in modern life. A grounded look at how many device searches happen, what authority enables them, and why it matters for ordinary travelers.
There is a version of international travel most people imagine: show your passport, answer a few questions, collect your bag, and go. Your phone is in your pocket the whole time. Nobody asks about it.
That version is still the most common one. But it is not guaranteed, and the gap between "most common" and "guaranteed" is where serious exposure lives.
Border crossings occupy a legal space unlike almost anywhere else in modern life. The protections that apply inside your home — the Fourth Amendment's warrant requirement, the presumption that your private communications are yours — do not apply in the same way at a port of entry. At the border, the government's interest in controlling what crosses is treated by courts as strong enough to override many of the normal rules. This has always been true for physical goods. Over the last decade, it has become true for the computers in our pockets too.
Understanding what actually happens at a border device search — not the worst-case paranoid version, but the documented, sourced, legally grounded version — is the foundation for making good decisions before you travel. This series is that foundation.
How common are border device searches?
The United States Customs and Border Protection agency publishes annual statistics on electronic device searches. The trend is unambiguous.
In fiscal year 2015, CBP conducted 8,503 device searches. By FY2017, that number had risen to 30,200 — roughly 0.007% of arriving international travelers that year, CBP noted in its own release. By FY2023 it was over 41,000. In FY2024, CBP reported 47,047 total searches, broken down as 42,725 basic searches and 4,322 advanced searches; of those, 36,506 involved non-U.S. citizens and 10,541 involved U.S. citizens. In FY2025, CBP's current public page reports searches of 55,318 international travelers' devices, though some contemporaneous reporting cited a slightly different preliminary figure of 55,424.
The percentage remains small. The absolute number is not. Over 55,000 is not an abstraction — it represents tens of thousands of people who had a stranger examine the contents of their phone, often without warning, often without being able to refuse without consequence.
And that is only the United States.
What legal authority makes this possible?
In the United States, border searches are authorized by the "border search exception" to the Fourth Amendment. Courts have long held that the government's sovereign interest in controlling the border justifies searches of persons and goods entering the country without the warrant or probable cause that would normally be required. For decades this applied to luggage and physical containers. The question of whether it applies to phones — and how — has been actively litigated since smartphones became ubiquitous.
The Supreme Court's landmark 2014 ruling in Riley v. California held that police generally cannot search a phone seized incident to arrest without a warrant. Chief Justice Roberts, writing for a unanimous Court, recognized that phones are not ordinary containers: they hold "the privacies of life" in a way that a wallet or a briefcase does not. But Riley was not a border case. Whether its logic applies to the border search exception remains contested and has produced a circuit split.
The Ninth Circuit, covering the West Coast and several western states, requires reasonable suspicion for forensic device searches at the border, and after United States v. Cano (2019) limits those searches to looking for digital contraband specifically — not just any evidence of any crime.
The Fourth Circuit, covering the mid-Atlantic, has imposed limits in specific forensic-search contexts. In United States v. Kolsuz (2018) it required individualized suspicion for off-site forensic analysis of an iPhone. In United States v. Aigbekaen (2019) it held that a warrant is required when a forensic border search is used primarily to advance a preexisting domestic criminal investigation. These are meaningful constraints, though narrower than the Ninth Circuit's broader Cano rule.
The Eleventh Circuit, in United States v. Touset (2018), went the other direction entirely and held that no suspicion is required for forensic searches at the border.
The First Circuit in Alasaad v. Mayorkas (2021) — a case brought by the ACLU on behalf of eleven travelers whose devices were searched without any suspicion — upheld CBP's policy of allowing suspicionless basic searches and reasonable-suspicion advanced searches.
The Supreme Court has not resolved the circuit split. That means the legal standard you face at a border crossing depends, in part, on which circuit you are in — which is to say, which airport you land at.
What does CBP's own policy say?
CBP's current electronic-device-search policy is Directive 3340-049B, issued in January 2026, which superseded the 2018 Directive 3340-049A. Like its predecessor, it distinguishes two types of searches. A basic search is manual — an officer looks at the device without connecting external equipment. An advanced search involves connecting the device to external tools to review, copy, or analyze its contents; this requires reasonable suspicion of a legal violation or a national-security concern, plus supervisory approval.
The policy also states that officers should disable network connectivity — put the device in airplane mode — before conducting a search, so they are reviewing locally stored content rather than pulling from cloud accounts in real time. As we will discuss in later parts of this series, the practical implications of that limitation are more complicated than they appear.
What about other countries?
The United States is not unusual in claiming this authority. It is unusual in how much public data it releases about exercising it.
In the United Kingdom, Schedule 7 of the Terrorism Act 2000 gives officers at ports and borders broad powers to stop, question, and search travelers to determine whether they are involved in terrorism. Unlike U.S. border searches, which CBP frames as largely voluntary in terms of providing the passcode, the Schedule 7 framework creates explicit legal consequences for noncompliance.
In Australia, the Australian Border Force has broad authority under the Customs Act to examine goods, including electronic devices. The Guardian reported that ABF obtained passcodes from nearly 10,000 travelers over two years, copied data from roughly one in four searched devices, and that fewer than 800 devices were referred for deeper technical examination. Reporting on ABF practice has described both broad device-examination powers and contested limits around compelled passcode disclosure. In practice, travelers have reported strong pressure to provide access, and ABF has retained devices when access was refused.
In Canada, the Canada Border Services Agency describes its approach as examining devices only when officers have indicators that border laws may have been violated. Canadian civil-liberties organizations note that the legal framework treats device files as "goods" under the Customs Act, giving CBSA broad authority even without explicit digital-search legislation.
China's Xinjiang border provides one of the clearest documented examples of aggressive border device inspection. In 2019, an investigation by The Guardian, Motherboard/Vice, Süddeutsche Zeitung, The New York Times, and NDR documented that Chinese border officials at a Xinjiang crossing were installing an Android surveillance app called BXAQ (also known as Fengcai) on tourists' phones. The app downloaded personal data and scanned for flagged content. This is categorically different from what CBP claims to do: it involved installing software on the device, extracting personal data, and scanning for flagged content at the border — not merely inspecting what was already there.
Why this matters for ordinary travelers
The impulse is to assume that border device searches happen to other people — journalists, activists, people who have done something to draw attention. The data does not support that comfort.
Of the 47,047 searches CBP conducted in FY2024, 10,541 involved U.S. citizens. Citizens are not a small minority of those searched; they are about 22% of the total. The plaintiffs in the Alasaad case included a NASA engineer, a student, a business owner, and a journalist — people whose profiles ranged from entirely ordinary to professionally notable.
The question is not whether you have something to hide. The question is whether you have something on your phone that you would not want copied by a stranger, stored in a government database, and retained for fifteen years — which is the documented retention period for some CBP records.
If the answer is yes, which it almost certainly is, then preparing for a border crossing is not paranoia. It is the same ordinary prudence you apply when you back up your computer before a trip.
The rest of this series is the practical guide to what that preparation actually looks like. If you want to skip ahead, the complete checklist is in Part 7 — but the reasoning that makes the checklist make sense is in Parts 2 through 6.
Next: Part 2 — What actually happens when a border agent searches your phone. The tools they use, what "Before First Unlock" state means in practice, and what an extraction actually contains.