Congressional inquiry reveals secret Customs and Border Protection database of U.S. phone records

Customs and Border Protection is conducting warrantless searches of the phones and other electronic devices of up to 10,000 Americans each year and uploading information from those devices to a massive government database, according to information shared by the agency with Sen. Ron Wyden, D-Ore.

The database, which retains records for up to 15 years, includes text messages, call logs, contact lists, photos and other sensitive records, according to a letter from Wyden’s office to the agency Tuesday.

“Innocent Americans should not be tricked into unlocking their phones and laptops,” Wyden said in a press release accompanying the letter. “CBP should not dump data obtained through thousands of warrantless phone searches into a central database, retain the data for fifteen years, and allow thousands of DHS employees to search through Americans’ personal data whenever they want.”

CBP did not detail the exact number of Americans included in the database, but said in a June briefing with Wyden’s office that it examines and saves data from “less than 10,000” devices a year.

According to agency data, CBP processed more than 179 million travelers at U.S. ports of entry in fiscal year 2021. During that same period, CBP conducted approximately 37,000 border searches of electronic devices, representing less than 0.02 percent of international travelers.

“At this time, no additional statistics have been publicly available due to law enforcement sensitivities and national security implications,” CBP spokesperson Lawrence Payne wrote in an email to CyberScoop. “CBP is currently reviewing whether additional information specific to border searches of electronic devices, may be made publicly available without negative impacts to law enforcement operations and national security.”

Based on the information available, the database is easily one of the most significant sources of electronic surveillance for the U.S. government, says Jake Laperruque, deputy director of the Center of Democracy and Technology’s Security and Surveillance Project. He compared it to the former National Security Agency surveillance program revealed by Edward Snowden that collected millions of Americans phone records each year.

Searches at the border have long been exempt from the warrant process, though agents are still expected to have “reasonable suspicion” before conducting the search. According to CBP guidelines, a device cannot be intentionally used to access information that is “solely stored remotely.”

According to Laperruque, the database is a clear abuse of a loophole for border searches. “It really is just a clear example of how different the system is from the justification,” he said. “This is about creating a mass surveillance apparatus, not border security.”

Other surveillance experts agreed the search exploits a lapse in oversight.

“CBP is abusing this constitutional loophole to do an end-run around the 4th Amendment,” Albert Fox Cahn, executive director for the Surveillance Technology Oversight Project, said in a statement. “This sprawling database proves that CBP’s searches were never about finding contraband, but were always just a way to avoid the Constitution. The Biden Administration and Congress must act to stop these searches and purge this database.”

The Washington Post first reported the Wyden letter. CBP’s director of field operations Aaron Bowker told the Post that other agencies do not have access to the data but can request information on a case-by-case basis. He put the number of CBP officials with access to the database at 3,000.

“CBP has imposed certain policy requirements, above and beyond prevailing legal requirements, to ensure that the border search of electronic devices is exercised judiciously, responsibly, and consistent with public trust,” CBP’s Payne wrote.

Wyden has pushed for the passage of his legislation, the Fourth Amendment is Not for Sale Act, which would require law enforcement to get a warrant to obtain Americans’ personal data. His letter requests a response from CBP no later than Oct. 31 with a plan for addressing the issues raised in the letter.

Updated 9/15/2022: To include additional information from CBP.