Homeland Security details new tools for extracting device data at US borders

The agency says it can now obtain details including your phone's location history, social media information, and photos and videos.

Alfred Ng Senior Reporter / CNET News
Alfred Ng was a senior reporter for CNET News. He was raised in Brooklyn and previously worked on the New York Daily News's social media and breaking news teams.
Alfred Ng
3 min read

Border agents are able to pull data from devices and keep it for 75 years, according to the assessment.

Angela Lang/CNET

Travelers heading to the US have many reasons to be cautious about their devices when it comes to privacy. A report released Thursday from the Department of Homeland Security provides even more cause for concern about how much data border patrol agents can pull from your phones and computers.

In a Privacy Impact Assessment dated July 30, the DHS detailed its US Border Patrol Digital Forensics program, specifically for its development of tools to collect data from electronic devices. For years, DHS and border agents were allowed to search devices without a warrant, until a court found the practice unconstitutional in November 2019

In 2018, the agency searched more than 33,000 devices, compared to 30,200 searches in 2017 and just 4,764 searches in 2015. Civil rights advocates have argued against this kind of surveillance, saying it violates people's privacy rights. 

The report highlights the DHS' capabilities, and shows that agents can create an exact copy of data on devices when travelers cross the border. According to the DHS, extracted data from devices can include:

  • Contacts 
  • Call logs/details 
  • IP addresses used by the device 
  • Calendar events 
  • GPS locations used by the device 
  • Emails
  • Social media information
  • Cell site information
  • Phone numbers
  • Videos and pictures
  • Account information (user names and aliases)
  • Text/chat messages
  • Financial accounts and transactions
  • Location history
  • Browser bookmarks
  • Notes
  • Network information
  • Tasks list

The policy to retain this data for 75 years still remains, according to the report. 

That data is extracted and saved on the DHS' local digital forensics network, and transferred to PenLink PLX, a phone surveillance software that helps manage metadata taken from devices. 

"Collection of this data will be based on a law enforcement/investigative purpose related to authorities [US Customs and Border Protection] is responsible for enforcing. Legal authorities such as a Search Warrant, Consent, Border Search or other Fourth Amendment exceptions will be used to gather the data that will be inputted into PLX," a DHS spokesman said in a statement.

PenLink is used by police across the US to intercept text messages, phone calls and GPS data from devices.

But it also analyzes data from social media and tech platforms, according to its website. 

On its free trial offer, PenLink tells potential customers that it can map collected data including Snapchat geolocations, Facebook logged locations and Google's geofenced data. The company didn't respond to a request for comment. 

"USBP uses the information it gathers using these tools to develop leads, identify trends associated with illicit activity, and further law enforcement actions related to terrorism, human and narcotic smuggling, and other activities posing a threat to border security or national security or indicative of criminal activity," the DHS report stated. 

The detailed list of how much information your phone can give about you came several days before the National Security Agency advised its staffers of the best practices for keeping their device data private. They include turning off location services and advertising permissions, and deactivating Bluetooth and Wi-Fi. 

The DHS said the privacy risks of using the tools are low because only trained forensics technicians will have access to the tools, and only data relevant to investigations will be extracted. 

That assurance is in stark contrast from what lawyers from the American Civil Liberties Union and the Electronic Frontier Foundation found, after a lawsuit revealed that agents had searched through travelers' devices without any restrictions, and often for unrelated reasons like enforcing bankruptcy laws and helping outside investigations.