U.S. government officials are adding data from as many as 10,000 electronic devices each year to a massive database they've compiled from cellphones, iPads and computers seized from travelers at the country's airports, seaports and border crossings, leaders of Customs and Border Protection told congressional staff in a briefing this summer.
The rapid expansion of the database and the ability of 2,700 CBP officers to access it without a warrant - two details not previously known about the database - have raised alarms in Congress about what use the government has made of the information, much of which is captured from people not suspected of any crime. CBP officials told congressional staff the data is maintained for 15 years.
Details of the database were revealed Thursday in a letter to CBP Commissioner Chris Magnus from Sen. Ron Wyden (D-Ore.), who criticized the agency for "allowing indiscriminate rifling through Americans' private records" and called for stronger privacy protections.
The revelations add new detail to what's known about the expanding ways that federal investigators use technology that many Americans may not understand or consent to.
Agents from the FBI and Immigration and Customs Enforcement, another Department of Homeland Security agency, have run facial recognition searches on millions of Americans' driver's license photos. They have tapped private databases of people's financial and utility records to learn where they live. And they have gleaned location data from license-plate reader databases that can be used to track where people drive.
Related video: How to use 'burners' to protect your personal information
CBP's inspection of people's phones, laptops, tablets and other electronic devices as they enter the country has long been a controversial practice that the agency has defended as a low-impact way to pursue possible security threats and determine an individual's "intentions upon entry" into the U.S. But the revelation that thousands of agents have access to a searchable database without public oversight is a new development in what privacy advocates and some lawmakers warn could be an infringement of Americans' Fourth Amendment rights against unreasonable searches and seizures.
CBP spokesman Lawrence "Rusty" Payne said in a statement Thursday that the agency conducts "border searches of electronic devices in accordance with statutory and regulatory authorities" and has imposed rules to ensure the searches are "exercised judiciously, responsibly, and consistent with the public trust."
The database, known as the Automated Targeting System, is used "to further review, analyze, and assess information CBP obtained from electronic devices associated with individuals who are of a significant law enforcement, counterterrorism" or national security concern, he said.
CBP officials declined, however, to answer questions about how many Americans' phone records are in the database, how many searches have been run or how long the practice has gone on, saying it has made no additional statistics available "due to law enforcement sensitivities and national security implications."
A 2018 CBP directive establishing rules for the searches said officers should only retain information relating to immigration, customs or "other enforcement matters" unless they have probable cause that could justify saving more of the phones' contents.
In the briefing this summer, however, CBP officials said their default configuration for some of the searches had been to download and retain all contact lists, call logs and messages, a Wyden aide said.
CBP officials retain people's phone data in a very small fraction of searches and only when "absolutely necessary," Aaron Bowker, CBP's director of office of field operations, said in an interview Thursday.
CBP conducted roughly 37,000 searches of travelers' devices in the 12 months ending in October 2021, according to agency data, and more than 179 million people traveled that year through U.S. ports of entry. The agency has not given a precise number of how many of those devices had their contents uploaded to the database for long-term review.
A Wyden aide said their office was told 2,700 DHS officials had access to the data. Bowker said that number is incorrect and that 5 percent of CBP's 60,000-employee operational workforce, or 3,000 officials, is given access.
Bowker said those authorized officials are trained, audited and supervised, and that the level of data access is appropriate given the size of the task. Bowker said no other government agency has direct access to this data but that officials can request information on a case-by-case basis.
"You have to have enough operational personnel who are able to do this properly around the clock," Bowker said. "We have 328 ports of entry. We are a 24/7 operation. You don't know who's going to show up where and when."
Law enforcement agencies must show probable cause and persuade a judge to approve a search warrant before searching Americans' phones. But courts have long granted an exception to border authorities, allowing them to search people's devices without a warrant or suspicion of a crime.
CBP officials have relied on that exception to support their collection of data from travelers' phones. Sens. Wyden and Rand Paul (R-Ky.) introduced a bill last year that would require border officials to get a warrant before searching a traveler's device.
The CBP directive gives officers the authority to look and scroll through any traveler's device using what's known as a "basic search," and any traveler who refuses to unlock their phone for this process can have it confiscated for up to five days.
In a 2018 filing, a CBP official said an officer could access any device, including in cases where they have no suspicion the traveler has done anything wrong, and look at anything that "would ordinarily be visible by scrolling through the phone manually," including contact lists, calendar entries, messages, photos and videos.
If officers have a "reasonable suspicion" that the traveler is breaking the law or poses a "national security concern," they can run an "advanced search," connecting the phone to a device that copies its contents. That data is then stored in the Automated Targeting System database, which CBP officials can search at any time.
Faiza Patel, the senior director of the Liberty and National Security Program at the Brennan Center for Justice, a New York think tank, said the threshold for such searches is so low that the authorities could end up grabbing data from "a lot of people in addition to potential 'bad guys,'" with some "targeted because they look a certain way or have a certain religion."
DHS investigators have increasingly used analytical and machine-learning tools to map out relationships and behaviors from vast reserves of phone data, meaning that even people whose phones have not been accessed could get swept up in a database search.
"It's not just what you say or do that's of interest to DHS, it's what everybody you know says and does," Patel said. "You may become suspicious just because someone you're only tangentially related to says something on your timeline or is on your call log. ... And when you have 2,700 people having access, you have very little control over the uses to which they put this information."
The CBP directive on device searches was issued several years after a federal appeals court ruled that a forensic copying of a suspect's hard drive had been "essentially a computer strip search" and said officials' concerns about crime did "not justify unfettered crime-fighting searches or an unregulated assault on citizens' private information."
The Wyden aide also said that the CBP database does not require officers to record the purpose of their search, a common technical safeguard against data-access misuse. CBP officials said all searches are tracked for later audit.
DHS' Office of Inspector General said in a 2018 report that officers had not always fully documented their device searches, making it hard to verify whether they had been properly run. CBP officials said then that they would conduct closer monitoring.
But in a follow-up report last year, the inspector general's office said the agency was continuing to "experience challenges" in sufficiently managing searches of people's phones. CBP said it was working to address the issues.
The "advanced search" program, which began in 2007 as a project known as Document and Media Exploitation, has expanded to cover more than 130 ports of entry, the inspector general's office said in its report last year.
CBP has over the years referred information from people's devices to Immigration and Customs Enforcement, local police agencies and the FBI for further investigation, the report said.
CBP officials give travelers a printed document saying that the searches are "mandatory," but the document does not mention that data can be retained for 15 years and that thousands of officials will have access to it.
Officers are also not required to give the document to travelers before the search, meaning that some travelers may not fully understand their rights to refuse the search until after they've handed over their phones, the Wyden aide said.
CBP officials did not say which technology they used to capture data from phones and laptops, but federal documents show the agency has previously used forensic tools, made by companies such as Cellebrite and Grayshift, to access devices and extract their contents.
A CBP officer who runs a search of the system will only see phone data that was extracted from checkpoints in their part of the country, agency leaders told Wyden's office. But officers will be told that a hit was found in the data from another region, and they are allowed to ask for permission to review that data. CBP did not say how many of those kinds of requests have been made, fulfilled or denied.
The CBP revelations have echoes of a National Security Agency program, first revealed in 2013 by Edward Snowden, that once captured millions of Americans' phone records as part of a surveillance initiative targeting suspected terrorists. Because officials could follow, or "hop," from one phone's records to the next, the system was found to have exposed the records of millions of people not suspected of any crime.
The NSA ended the program in 2019, saying some of the data had been collected in error and that the system had not been all that useful in tracking terrorists or fighting crime.