Cody Anderson was one of millions of Americans who cast his vote on election day last November.
But unlike most Americans, he decided to watch the results come in from the other side of the border — “a little cheap joke,” he recalled, what with the number of Americans claiming they would move to Canada if Donald Trump won.
He doesn’t know what was examined on his phone, but in the end, the border agent let him in.
U.S. and Canadian border agents have the right to search travellers’ personal belongings without a warrant and say that right applies to digital devices, too.
While CBSA says its agents will only search information stored locally on the device, U.S. Customs and Border Protection has a much wider latitude to comb through social media apps installed on the device, remotely stored emails or files stored in the cloud.
“Officers are not to read emails or consult social media accounts on the traveller’s digital device unless the information is already downloaded and has been opened (usually marked as read) and is therefore stored on the device,” said CBSA spokesperson Patrizia Giolti in a statement sent to CBC News last month.
And while border agents can’t force you to give up passwords, you could have your devices seized, your trip delayed or even be denied entry if you’re not a citizen of the country you’re trying to enter.
There, the border agent asked Wu where he was staying and Wu showed the agent the details of his Airbnb reservation on his phone. The agent then asked to see Wu’s phone — which, by that point, Wu had voluntarily unlocked. He handed over the phone.
“It felt insulting and invasive,” Wu said. “He looked through it for a few minutes and we were silent during that time. I did catch a glimpse of him looking through my text messages.”
Micheal Vonn, policy director for the British Columbia Civil Liberties Association, has fielded numerous questions in recent weeks about border searches of smartphones, laptops and other electronic devices.
‘But that doesn’t necessarily mean scrubbing or wiping your device is the best way to go.
‘Think long and hard before [crossing] if there are other people’s information on your device that you are legally or ethically obliged to protect.’ – Micheal Vonn
The internet is rife with suggestions that travellers delete files or uninstall apps before they leave, make backups of devices and wipe them clean for travel or even buy new devices with temporary accounts that are only used while travelling abroad.
“So now we’re kind of caught in the catch-22 that privacy advocates have known for a very long time, which is asserting your right to privacy should not make you a target, but that doesn’t mean it couldn’t be construed in that fashion. And I don’t know any surefire way to assist with that paradox.”
One thing you can do before your trip is think critically about the data you have on your device, how much you’re willing or able to share and the consequences for refusing to hand over your phone.
In Canada, CBSA confirmed to CBC News that it will not arrest travellers for refusing to provide the password to a device — even though the agency believes it has the legal right to do so.
This has been the agency’s policy since at least 2015 when interim guidelines were released — guidelines that “are still in force with respect to examinations of electronic goods as well as for arrest,” said CBSA spokesperson Nicholas Dorion.
Previously, these guidelines were only available via an Access to Information document published by the BCCLA, but CBSA released its own copy of the guidelines to CBC News.
While Canadians citizens can’t be detained or denied entry to Canada, those travelling to the U.S. can be detained, interrogated or ultimately denied entry for not co-operating — in addition to having a device seized and forensically examined, a power that can also be exercised by CBSA.
“CBSA may only collect data for customs purposes and may only disclose customs information if authorized to do so under section 107 of the Customs Act,” Giolti wrote, declining to answer questions about where data is stored or how long it’s retained.
Encryption is also strongest when the phone is powered down, and doing so disables the fingerprint reader until you enter your password as well.
“You protect your privacy before you get to the border, not at the border,” Vonn says. “Think long and hard before [crossing] if there are other people’s information on your device that you are legally or ethically obliged to protect.”