When Buffalo, New York couple Akram Shibly and Kelly McCormick returned to the U.S. from a trip to Toronto on Jan. 1, 2017, U.S. Customs & Border Protection officers held them for two hours, took their cellphones and demanded their passwords.
“It just felt like a gross violation of our rights,” said Shibly, a 23-year-old filmmaker born and raised in New York. But he and McCormick complied, and their phones were searched.
“One of the officers calls out to me and says, ‘Hey, give me your phone,'” recalled Shibly. “And I said, ‘No, because I already went through this.'”
The officer asked a second time.
Watch Cynthia McFadden on Nightly News for More
Within seconds, he was surrounded: one man held his legs, another squeezed his throat from behind. A third reached into his pocket, pulling out his phone. McCormick watched her boyfriend’s face turn red as the officer’s chokehold tightened.
Then they asked McCormick for her phone.
“I was not about to get tackled,” she said. She handed it over.
Shibly and McCormick’s experience is not unique. In 25 cases examined by NBC News, American citizens said that CBP officers at airports and border crossings demanded that they hand over their phones and their passwords, or unlock them.
The travelers came from across the nation, and were both naturalized citizens and people born and raised on American soil. They traveled by plane and by car at different times through different states. Businessmen, couples, senior citizens, and families with young kids, questioned, searched, and detained for hours when they tried to enter or leave the U.S. None were on terror watchlists. One had a speeding ticket. Some were asked about their religion and their ethnic origins, and had the validity of their U.S. citizenship questioned.
What most of them have in common — 23 of the 25 — is that they are Muslim, like Shibly, whose parents are from Syria.
Data provided by the Department of Homeland Security shows that searches of cellphones by border agents has exploded, growing fivefold in just one year, from fewer than 5,000 in 2015 to nearly 25,000 in 2016.
According to DHS officials, 2017 will be a blockbuster year. Five-thousand devices were searched in February alone, more than in all of 2015.
“That’s shocking,” said Mary Ellen Callahan, former chief privacy officer at the Department of Homeland Security. She wrote the rules and restrictions on how CBP should conduct electronic searches back in 2009. “That [increase] was clearly a conscious strategy, that’s not happenstance.”
“This really puts at risk both the security and liberty of the American people,” said Senator Ron Wyden, D-Oregon. “Law abiding Americans are being caught up in this digital dragnet.”
“This is just going to grow and grow and grow,” said Senator Wyden. “There’s tremendous potential for abuse here.”
What CBP agents call “detaining” cellphones didn’t start after Donald Trump’s election. The practice began a decade ago, late in the George W. Bush administration, but was highly focused on specific individuals.
The more aggressive tactics of the past two years, two senior intelligence officials told NBC News, were sparked by a string of domestic incidents in 2015 and 2016 in which the watch list system and the FBI failed to stop American citizens from conducting attacks. The searches also reflect new abilities to extract contact lists, travel patterns and other data from phones very quickly.
DHS has published 24 reports detailing its extensive technological capability to forensically extract data from mobile devices, regardless of password protection on most Apple and Android phones. The reports document its proven ability to access deleted call logs, videos, photos, and emails to name a few, in addition to the Twitter, Facebook, and Instagram apps.
But the officials caution that rhetoric about a Muslim registry and ban during the presidential campaign also seems to have emboldened federal agents to act more forcefully.
“The shackles are off,” said Hugh Handeyside, a staff attorney with the ACLU’s National Security Project. “We see individual officers and perhaps supervisors as well pushing those limits, exceeding their authority and violating people’s rights.”
And multiple sources told NBC News that law enforcement and the Intelligence Community are exploiting a loophole to collect intelligence.
Under the Fourth Amendment, law enforcement needs at least reasonable suspicion if they want to search people or their possessions within the United States. But not at border crossings, and not at airport terminals.
“The Fourth Amendment, even for U.S. citizens, doesn’t apply at the border,” said Callahan. “That’s under case law that goes back 150 years.”
Customs and Border officers can search travelers without any level of suspicion. They have the legal authority to go through any object crossing the border within 100 miles, including smartphones and laptops. They have the right to take devices away from travelers for five days without providing justification. In the absence of probable cause, however, they have to give the devices back.
CBP also searches people on behalf of other federal law enforcement agencies, sending its findings back to partners in the DEA, FBI, Treasury and the National Counterterrorism Center, among others.
Callahan thinks that CBP’s spike in searches means it is exploiting the loophole “in order to get information they otherwise might hot have been able to.”
On January 31, an engineer from NASA’s Jet Propulsion Laboratory was pulled into additional screening upon his return to the U.S. after a two-week vacation in Chile. Despite being cleared by the Global Entry program, Sidd Bikkannavar received an “X” on his customs form. He is not Muslim, and he is not from any of the seven countries named in President Trump’s original “travel ban” executive order. Half his family comes from India but he was born and raised in California.
Bikkannavar was brought into a closed room and told to hand over his phone and passcode. He paid particular notice to the form CBP handed him which explained it had the right to copy the contents of the phone, and that the penalty for refusal was “detention.”
“I didn’t know if that meant detention of the phone or me and I didn’t want to find out,” said Bikkannavar. He tried to refuse but the officer repeatedly demanded the PIN. Eventually he acquiesced.
“Once they had that, they had everything,” Bikkannavar said. That access allowed CBP officers to review the backend of his social media accounts, work emails, call and text history, photos and other apps. He had expected security might physically search any travelers for potential weapons but accessing his digital data felt different. “Your whole digital life is on your phone.”
The officers disappeared with his phone and PIN. They returned 30 minutes later and let him go home.
CBP also regularly searches people leaving the country.
On February 9, Haisam Elsharkawi was stopped by security while trying to board his flight out of Los Angeles International Airport. He said that six Customs officers told him he was randomly selected. They demanded access to his phone and when he refused, Elsharkawi said they handcuffed him, locked him in the airport’s lower level and asked questions including how he became a citizen. Elsharkawi thought he knew his rights and demanded access to legal counsel.
“They said if I need a lawyer, then I must be guilty of something,” said Elsharkawi, and Egyptian-born Muslim and naturalized U.S. citizen. After four hours of questioning in detention, he unlocked his smartphone and, after a search, was eventually released. Elsharkawi said he intends to sue the Department of Homeland Security.
The current policy has not been updated since 2009. Jayson Ahern, who served in CBP under both Bush and Obama, signed off on the current policy. He said the electronic searches are supposed to be based on specific, articulable facts that raise security concerns. They are not meant to be random or routine or applied liberally to border crossers. “That’s reckless and that’s how you would lose the authority, never mind the policy.”
The Customs & Border Patrol policy manual says that electronic devices fall under the same extended search doctrine that allows them to scan bags in the typical security line.
“As the threat landscape changes, so does CBP,” a spokesperson told NBC News.
Since the policy was written in 2009, legal advocates argue, several court cases have set new precedents that could make some CBP electronic searches illegal.
Several former DHS officials pointed to a 2014 Supreme Court ruling in Riley v California that determined law enforcement needed a warrant to search electronic devices when a person is being arrested. The court ruled unanimously, and Chief Justice John Roberts wrote the opinion.
“Modern cellphones are not just another technological convenience. With all they contain and all they may reveal, they hold for many Americans ‘the privacies of life,'” wrote Roberts. “The fact that technology now allows an individual to carry such information in his hand does not make the information any less worthy of the protection for which the Founders fought.”
Because that case happened outside of the border context, however, CBP lawyers have repeatedly asserted in court that the ruling does not apply to border searches.
For now a Department of Justice internal bulletin has instructed that, unless border officers have a search warrant, they need to take protective measures to limit intrusions, and make sure their searches do not access travelers’ digital cloud data. The ‘cloud’ is all content not directly stored on a device, which includes anything requiring internet to access, like email and social media.
Former DHS officials who helped design and implement the search policy said they agreed with that guidance.
Wyden Pushes to Change the Policy
On February 20, Sen. Wyden wrote to DHS Secretary John Kelly demanding details on electronic search-practices used on U.S. citizens, and referred to the extent of electronic searches as government “overreach”. As of publication, he had yet to receive an answer.
Now Sen. Wyden says that as early as next week he plans to propose a bill that would require CBP to at least obtain a warrant to search electronics of U.S. citizens, and explicitly prevent officers from demanding passwords.
“The old rules … seem to be on the way to being tossed in the garbage can,” said Senator Wyden. “I think it is time to update the law.”
Asked about the Shibly case, a CBP spokesperson declined to comment, but said the Homeland Security Inspector General is investigating. The spokesperson said the agency can’t comment on open investigations or particular travelers, but that it “firmly denies any accusations of racially profiling travelers based on nationality, race, sex, religion, faith, or spiritual beliefs.”
Explaining the sharp increase in electronic searches, a department spokesperson told NBC News: “CBP has adapted and adjusted to align with current threat information, which is based on intelligence.” A spokesman also noted that searches of citizens leaving the U.S. protect against the theft of American industrial and national security secrets.
After repeated communications, the Department of Homeland Security never responded to NBC News’ requests for comments. Nonetheless, the Homeland Security Inspector General is currently auditing CBP’s electronic search practices.
The Council on American-Islamic Relations (CAIR) also has filed two dozen complaints against CBP this year for issues profiling Muslim Americans. CAIR and the Electronic Frontier Foundation are considering legal action against the government for what they consider to be unconstitutional searches at the border.