Consider the following scenario: your organization holds an annual meeting with all Research & Development employees for the purpose of having an open discussion between thought leaders and R&D regarding product-development capabilities. This year’s meeting is scheduled outside the United States and next year’s will be within the U.S. with all non-U.S. R&D employees traveling into the U.S. to attend. For each meeting, your employees may be subject to a search of their electronic devices, including any laptop that may contain your company’s trade secrets. Pursuant to a new directive issued in January 2018 by the U.S. Custom and Border Protection (“CBP”), the electronic devices of all individuals, including U.S. citizens and U.S. residents, may be subject to search upon entry into (or leaving) the U.S. by the CBP. CBP Directive No. 3340-049A (Jan. 4, 2018).

The directive allows for the warrantless border search of electronic devices without a showing of reasonable suspicion. It differentiates between a basic search and an advanced search. A basic search allows officers, with or without suspicion, to examine an electronic device, including an examination of the information that is resident and accessible on the device. Information that is solely stored remotely may not be accessed. An advanced search is one in which the officer connects external equipment, through a wired or wireless connection, to an electronic device in order to “review, copy, and/or analyze” the contents of the electronic device. Advanced searches are permitted where there is a “reasonable suspicion” of criminal activity or for national security concerns. While the directive states that “[m]any factors” may create a reasonable suspicion or a national security concern warranting an advanced search, it articulates examples particularly aimed at national security concerns but does not provide much color as to what may constitute reasonable suspicion of criminal activity.

By issuing the directive, the CBP appears to align its position with that of the majority of federal courts that held reasonable suspicion is not required for border searches of electronic devices. See, e.g., United States v. Ickes, 393 F.3d 501, 506-07 (4th Cir. 2005) (rejecting reasonable suspicion requirement for laptop computer searches at the border); United States v. Linarez-Delgado, 259 Fed. Appx. 506, 508 (3d Cir. 2007) (rejecting reasonable suspicion requirement for border search of electronic data). Thus, the CBP may have also sought to reject the statements by at least one other court suggesting a requirement for a showing of reasonable suspicion before search of an electronic device. See, e.g., United States v. Cotterman, 709 F.3d 952 (9th Cir. 2013) (implying that officers need reasonable suspicion to conduct a border search of complex personal computing devices).

Can’t your employees just encrypt everything before international travel? Under the directive, travelers are required to present the electronic device (and the information contained within the device) in a condition that allows for the inspection of the device and its contents. Therefore, under the directive, officers may request an individual’s assistance in accessing the device if it is encrypted or password protected, and officers are authorized to detain a device pending a determination as to its admissibility in to the U.S.; they may also exclude a device if access to it is prevented by encryption or password protection.

The directive provides officers with instructions regarding the handling of certain sensitive materials, including business information, medical records, and information protected under the attorney-client privilege. Upon encountering business or commercial information resulting from a search, such as confidential business information, officers are required to “protect that information from unauthorized disclosure[.]” Such confidential business information may only be shared with agencies or entities that have mechanisms in place to protect the information.

Companies should alert employees of the requirements under the new directive. Certain preventative steps should be considered to minimize the potential for disclosure of confidential information at the border, including: (1) minimizing the number of electronic devices with trade secret or confidential information; (2) minimizing the amount of confidential information on a device; (3) to the extent possible, using electronic devices that do not contain confidential information when international travel is required; and (4) considering whether confidential information on the device should be encrypted but with the knowledge that CBP may request that the device be unlocked. Companies should also be cognizant of other issues relating to encrypted devices, including U.S. export control requirements for traveling to certain countries and licenses that may be required for individuals traveling into certain countries with an encrypted device.

In the event of an inspection request by an officer, your employees should be prepared to alert the officer that the device contains confidential business information in order to protect against its disclosure. Employees should also carry company business cards to show officers requesting an inspection that they are an employee of your company.

Back to Trade Secrets & Employee Mobility Blog

Search This Blog

Blog Editors

Authors

Related Services

Topics

Archives

Jump to Page

Subscribe

Sign up to receive an email notification when new Trade Secrets & Employee Mobility posts are published:

Privacy Preference Center

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.

Strictly Necessary Cookies

These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.

Performance Cookies

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.