- New CBP Directive 3340-049B clarifies warrantless search powers for smartphones, laptops, and various digital devices at borders.
- Basic searches require no suspicion, while advanced forensic examinations need supervisory approval and reasonable suspicion.
- Device searches increased 17% in Fiscal Year 2025, reaching over 55,000 inspections despite affecting few total travelers.
(UNITED STATES) — U.S. Customs and Border Protection officers can search travelers’ phones, laptops and other electronic devices at the border without a warrant under the border search exception, and the agency’s January 2026 Directive 3340-049B now spells out more clearly how far that power reaches.
The policy leaves in place broad authority for basic device checks at airports, land crossings and other ports of entry, while setting firmer rules for more invasive forensic examinations, cloud data access and how long copied information may be kept.
That authority sits at the center of a growing fight over privacy and security. CBP searched 55,318 devices in Fiscal Year 2025, up 17% from 47,000 in 2024, even though those searches affected less than 0.01% of roughly 420 million travelers.
January 2026 Directive 3340-049B updated the agency’s 2018 policy and widened the list of devices that officers may inspect. The directive covers smartphones, laptops and tablets, but also flash drives, SIM cards, drones, vehicle infotainment systems, smartwatches and GPS units.
For travelers, that means border inspections can reach into devices that hold messages, photographs, financial records, health information and work documents. CBP argues such searches help detect terrorism, child exploitation materials, smuggling and immigration violations.
The legal basis is the border search exception to the Fourth Amendment, which allows warrantless inspections at the border and its functional equivalents. That doctrine developed around physical goods, but it now applies to digital devices as well.
Courts have not settled where the line should be. Some judges have treated electronic searches as different from checking a suitcase, while others have allowed broad inspections under long-standing border powers.
How CBP Searches Devices
Under the directive, officers can conduct what CBP calls a basic search without any suspicion. In practice, that means manually reviewing content visible on the device, such as photos, emails, contacts and call logs.
A basic search can happen during a routine inspection. An officer may ask a traveler to unlock the device so it can be placed in an inspectable state.
Advanced searches face a higher threshold. Those searches use forensic software to copy, extract or analyze data, including full device imaging, and they require supervisory approval plus either reasonable suspicion of a CBP law violation or a national security concern.
Officers may connect a device to external equipment for an advanced search, including off-site. That distinction between basic and advanced reviews is one of the clearest features of January 2026 Directive 3340-049B.
The directive also limits access to cloud-based information. Officers may examine data stored locally on the device, but iCloud, Google Drive and Dropbox content falls outside the search unless that data is already stored on the device itself.
To prevent access to remote material, devices must be disconnected from the network or placed in airplane mode. CBP cannot force travelers to log in to online accounts.
Social media can still come under review during a basic search. Officers may look at apps such as Facebook, Instagram and X for recent posts, profiles and information tied to a traveler’s purpose for entering the country, especially in visa vetting.
The rules also address sensitive professional material. Attorney-client communications, journalistic work, medical files and trade secrets trigger special handling, including segregation, legal consultation and non-disclosure.
Data retention limits appear tighter on paper than in the older policy. Copies may be held only with probable cause and otherwise must be deleted within 21 days.
Device detention also requires approvals as time passes. Holding a device beyond five days needs supervisory approval, while keeping it for more than 15 days requires higher approval.
What Happens If a Traveler Refuses
What happens if a traveler refuses to unlock a device often depends less on search authority than on immigration status. CBP’s legal power to inspect applies broadly, but the consequences of non-compliance differ sharply.
U.S. citizens cannot be denied re-entry, though they may face delays, device detention and possible referral to law enforcement if suspicion develops. Their devices may be returned promptly, but data can still be shared with other agencies.
Lawful Permanent Residents generally retain stronger entry protections than non-immigrants, though they can face long delays and, in some cases, removal proceedings if border officers view non-compliance as evidence of fraud or another problem. Their devices may also be held.
Visa holders face greater risks. Refusing to unlock a device can lead to visa revocation, denial of entry or future ineligibility.
Visitors and undocumented travelers face the least protection. For them, refusal can bring immediate exclusion, detention or expedited removal.
That gap in consequences shapes the real-world pressure at the inspection point. A U.S. citizen may weigh privacy against delay, while a non-citizen may weigh privacy against losing entry altogether.
Travelers may be asked for passcodes, which officers delete after the search. Officers may also compel biometric unlocking, such as fingerprints, while strong alphanumeric passwords can offer more resistance, especially when a powered-off device has recent security updates.
The Privacy Debate and the Courts
The debate over those searches has intensified as device examinations rise and digital storage holds more of daily life. Critics argue that modern phones reveal far more than luggage ever could and that the Fourth Amendment should offer stronger protection.
That argument draws heavily on the Supreme Court’s 2014 ruling in Riley v. California, which held that warrantless cell phone searches incident to arrest violate the Fourth Amendment. Privacy advocates say the same logic should apply at the border, or at least to advanced forensic searches.
The judicial picture remains fractured. In the Eastern District of New York, U.S. v. Sultanov has carried ongoing influence for the view that device searches are nonroutine and should require warrants.
Other courts have gone the other way. The Seventh Circuit in U.S. v. Mendez upheld suspicionless searches.
The Ninth Circuit took a narrower middle path in U.S. v. Cano in 2019. That ruling limited advanced searches to suspicion of digital contraband and restricted their scope.
Across the country, the split is stark. The First, Fourth and Ninth Circuits require reasonable suspicion for advanced searches, while the Eleventh does not.
Those divisions can matter to travelers depending on where they enter the country. The same phone search may face a different legal test at one airport than at another.
New litigation is pressing the issue further. Chavarria v. DHS, filed in December 2025, challenges the directives under the Fourth Amendment and the Administrative Procedure Act after a school official said officers coerced a device handover.
The Electronic Frontier Foundation also filed a March 2026 amicus brief in U.S. v. Roggio in the Third Circuit. The group urged the court to apply a Riley-style warrant rule to all border device searches and pointed to the 55,318 searches in FY 2025 as evidence of how invasive the practice has become.
Congress has not stepped in. Bipartisan bills from Sens. Ron Wyden and Rand Paul sought warrant requirements for all device searches, drawing on Riley, but those measures stalled in the 2025-2026 sessions.
That leaves January 2026 Directive 3340-049B as the operating framework for officers and travelers alike. It broadens the list of searchable devices while trying to draw lines around forensic methods, cloud accounts and retention.
How Travelers Can Prepare
For travelers, the practical effect is that preparation matters before a trip begins. Reducing the amount of sensitive material carried across the border can lower exposure if a search occurs.
Some travelers delete apps or data before departure and rely on encrypted cloud backups left at home. Others use secondary devices, separate traveler profiles or keep work devices out of their luggage.
Airplane mode on arrival can help keep remote data outside the inspection. Strong passwords matter too, especially because biometric unlock methods may be harder to resist.
Professionals carrying intellectual property, journalists and travelers with politically charged online posts face added concerns because social media and locally stored files may come under review. For visa applicants, online content that conflicts with stated travel plans can also attract scrutiny.
Once a search begins, travelers may try to document the encounter for later records by noting officer details and badge information. They may also assert privilege if protected legal, medical, journalistic or trade secret material is on the device.
Afterward, travelers can ask for receipts or logs and monitor for signs of data misuse. Citizens and green card holders also have options to seek records through public filings or challenge a seizure in court.
CBP maintains that device searches remain a small fraction of total crossings and are needed to stop threats. Privacy advocates answer that even a small percentage can amount to tens of thousands of highly intrusive searches when modern devices contain years of personal life.
With search totals rising, that clash is unlikely to fade soon. Until the Supreme Court or Congress redraws the boundary, border officers will continue to rely on the border search exception, and travelers will continue to make decisions in a narrow space between the government’s security powers and the privacy promises of the Fourth Amendment.
