The Protecting Data at the Border Act establishes warrant requirements for U.S. government searches of digital data on electronics and online accounts at the border, while setting strict limits on data retention and use in legal proceedings.
Ted Lieu
Representative
CA-36
The Protecting Data at the Border Act establishes strict new rules requiring U.S. government agencies to obtain a warrant based on probable cause before searching the digital contents of U.S. persons' electronic devices at the border. The bill prohibits coercion for access credentials and mandates detailed annual reporting on all digital searches conducted by the Department of Homeland Security. Furthermore, any digital evidence obtained in violation of these new procedures is inadmissible in any legal proceeding.
New Border Data Act Requires Warrants for Digital Searches, Limits Agent Delays to 4 Hours
If you’ve ever crossed a border with your phone or laptop, you know that little moment of anxiety when an agent asks to look at your device. The Protecting Data at the Border Act is designed to change that interaction, largely by requiring border agents to get a warrant before digging through your digital life.
This bill starts from a straightforward premise: your phone is private. Citing Supreme Court precedent, the Act finds that if you’re a U.S. person (citizen or resident), searching the digital contents (texts, photos, files) on your electronic equipment at the border is unreasonable unless the government has a warrant based on probable cause. Think of it as extending the Fourth Amendment protection you have at home to the digital contents you carry with you. This is a big shift from current practices, which often allow for searches without specific suspicion.
Your Data, Your Rules: No Forced Access
One of the most practical changes for the average traveler concerns consent. Under Section 4, agents cannot force you to hand over your access credentials (passwords, PINs, biometrics) just because you’re crossing the border. Even more importantly, if you refuse to consent to a search, they cannot hold you up for more than four hours trying to pressure you into giving up your data. For the busy traveler, that four-hour limit provides a clear boundary and prevents indefinite detention based solely on digital privacy refusal.
If agents do ask for voluntary access, they have to give you written notice stating clearly that you don't have to comply. If you do consent, the paperwork must specify exactly what data they can look at. This is key: it makes voluntary consent truly voluntary and documented, not coerced.
The Emergency Carve-Out and the Clean-Up Crew
Of course, there are exceptions. If an agent reasonably believes there is an immediate danger of death or serious injury, or a threat to national security, they can perform a warrantless search (Section 4(c)). However, this isn't a loophole. If they use this emergency power, they have to apply for a warrant within seven days. If the warrant is denied, or if they searched but never applied for one, they must immediately destroy any data copies they made and notify you that the data was destroyed. This mechanism ensures that even emergency powers are subject to judicial review and accountability.
Furthermore, the bill introduces a strong exclusionary rule (Section 5). If any digital content is collected in violation of this Act—without a proper warrant, consent, or valid emergency—it is immediately deemed inadmissible as evidence in any official proceeding, whether it's a criminal trial, immigration hearing, or legislative inquiry. This provides a powerful disincentive against illegal searches.
New Rules for Seizing Gear and Tracking the Trackers
Beyond searching, the bill also tightens rules on seizing your hardware. Agents can only seize electronic equipment (like your phone or laptop) if they have probable cause to believe the device contains evidence of a felony (Section 6). They can’t just grab your device over a minor customs violation.
Perhaps the biggest win for transparency is the massive new reporting requirement (Section 7). Every year, the Department of Homeland Security (DHS) must publish a detailed public report breaking down every single time they accessed digital data at the border. They have to categorize searches by warrant, consent, or emergency, and even include aggregate data on the nationality, country of origin, and perceived race and ethnicity of the people whose data was accessed. This level of mandatory public scrutiny is designed to keep agents honest and accountable.
The Fine Print: Where Existing Powers Remain
While this Act creates strong new protections, it’s not a complete overhaul of every government power. Section 8, the savings provision, makes two important points. First, agents can still perform physical inspections of your device—turning it on, checking the exterior—to look for weapons or contraband. Second, and more critically, this Act does not limit or change the authority of government entities under the Foreign Intelligence Surveillance Act (FISA). This means that while standard border agents now need a warrant for your personal data, intelligence agencies operating under FISA still retain their existing surveillance powers, which could create a complex overlap in practice.