The Protecting Data at the Border Act bars federal agents from accessing the digital contents of electronic devices or online accounts belonging to United States persons at the border unless they obtain a warrant supported by probable cause. The bill also prohibits denying entry or exit or holding a U.S. person for refusing to disclose access credentials, limits seizure to cases with probable cause of a felony, and imposes strict rules for consent, retention, and destruction of unlawfully obtained data.
This matters for border and national-security operations, privacy compliance, and litigation risk. The bill formalizes procedural protections — written notice and documented consent, a four‑hour time cap for voluntary processing, emergency-access pathways with post-hoc warrant applications, and comprehensive annual reporting by DHS — all of which create operational, training, and oversight implications for agencies and raise new evidentiary rules for prosecutions and immigration proceedings.
At a Glance
What It Does
The bill requires agents to obtain a warrant under the Federal Rules of Criminal Procedure before accessing the digital contents of electronic equipment or online accounts of a United States person at the border, subject to limited emergency and public‑safety exceptions. It also conditions consensual searches on written, informed consent and restricts retention or use of data obtained at the border unless probable cause supports seizure or retention.
Who It Affects
Customs and Border Protection, Immigration and Customs Enforcement, other DHS components, federal prosecutors, and courts will change procedures and training; U.S. travelers, journalists, attorneys, and business travelers will gain stronger safeguards; and technology vendors may face new compliance or disclosure requests.
Why It Matters
The bill treats device and account searches of U.S. persons at the border as subject to the same probable‑cause warrant standard that governs most domestic searches, narrowing longstanding border search practices. It also creates civil‑liberty oriented evidence exclusions and public reporting that increase transparency and potential legal exposure for agencies that fail to comply.
More articles like this one.
A weekly email with all the latest developments on this topic.
What This Bill Actually Does
The Act draws a bright line: for United States persons (a FISA‑derived definition), agents at the international border or its functional equivalents generally need a judicial warrant supported by probable cause under the Federal Rules of Criminal Procedure to access the contents of phones, laptops, or online accounts. That warrant requirement applies whether the data are stored on a device or retrieved from a service, and it carries explicit limits on how long an agent can detain or delay someone to seek voluntary cooperation.
The bill creates structured exceptions and procedures. In genuine emergencies that pose immediate danger to life, national‑security conspiracies, or organized‑crime conspiracies, designated officers may access device contents without a prior warrant but must seek a warrant as soon as practicable and not later than seven days; if a warrant is not later obtained, the agency must destroy copies and notify the individual.
A separate, narrow public‑safety exception permits access when necessary to provide emergency services unrelated to criminal investigation.Consent at the border must be informed and written: agents must give a plain‑language notice explaining rights and limits (including that refusal cannot be used to deny entry, exit, or be held beyond a short period), and any written consent must specify what data and access the individual agrees to. The bill caps consensual delay at four hours for determining whether the person will voluntarily provide credentials or access.If data are obtained lawfully under the Act, agencies may not copy or retain the content unless they have probable cause to believe the material contains evidence or the fruits of a crime.
Evidence obtained in violation of the Act is inadmissible in federal, state, and immigration proceedings to the maximum extent practicable. The Act also requires DHS to keep detailed logs of each access and publish an annual public report with specific aggregate metrics and demographic breakdowns.
The Five Things You Need to Know
The bill requires a judicial warrant under the Federal Rules of Criminal Procedure to access digital contents of devices or online accounts of a United States person at the border, absent narrow exceptions.
A designated officer may use an emergency exception to access device contents without a warrant but must apply for a warrant within 7 days and destroy copies if a warrant is not obtained.
Consent must be written and informed; agencies must provide plain‑language notice and may not deny entry, exit, or hold someone beyond a 4‑hour window for refusing to provide credentials or access.
Agencies may not seize a device unless there is probable cause that it contains evidence related to a felony, and may not retain or copy accessed contents absent probable cause linking the contents to a crime.
DHS must publish an annual public report with counts of warrant searches, emergency searches, consent requests, unlawful accesses, nationality and departure country aggregates, and perceived race/ethnicity data.
Section-by-Section Breakdown
Every bill we cover gets an analysis of its key sections.
Definitions
Section 3 sets the statutory vocabulary the rest of the bill uses: ‘‘digital contents,’’ ‘‘electronic equipment’’ (tied to the Computer Fraud and Abuse Act’s definition of computer), ‘‘online account’’ and ‘‘online account information,’’ ‘‘United States person’’ (using the FISA definition), and ‘‘border.’’ These definitions shape scope: the bill covers stored and transmitted data, credentials and biometrics used to unlock devices, and accounts hosted by electronic‑communication and remote‑computing services. Relying on FISA’s ‘‘United States person’’ may import complexities around residency and status that agencies must parse when applying the law at ports of entry.
Warrant requirement and limits on coercion
Subsection (a) makes the core substantive change: Governmental entities may not access digital contents of devices or online accounts of U.S. persons at the border without a warrant issued under the Federal Rules. It also expressly forbids denying entry or exit or holding someone longer than necessary (capped by later provisions) for refusal to disclose credentials or provide access. Operationally, agencies must integrate warrant workflows with port‑of‑entry processes and ensure personnel don’t use coercive rhetoric or informal pressure that amounts to de facto compulsion.
Emergency and public‑safety exceptions
Subsection (b) provides two narrow exceptions. First, designated investigative officers may access contents without a prior warrant if they reasonably determine an emergency exists (immediate danger to life, national‑security conspiracies, or organized‑crime conspiracies), but then must apply for a warrant within seven days and destroy copies if the warrant is denied or not obtained. Second, unrelated to criminal investigations, agencies may access data necessary to provide emergency services. These provisions allow time‑sensitive action, but they also build in concrete oversight points (designation of officers, seven‑day filing, destruction requirement) that courts and auditors can examine.
Written notice and consent mechanics
Subsection (c) requires clear, written notice in a language the traveler understands before any request for consent, and that written consent specify what the individual agrees to. Notice must state the protections (no compelled disclosure without warrant; refusal won’t be used to deny entry/exit) and that DHS may seize a device if probable cause of a felony exists. The four‑hour cap for delay to seek voluntary cooperation is a practical constraint that will force ports to redesign interview timelines and processing queues.
Retention limits and exclusion of unlawfully obtained data
The bill forbids making or keeping copies of accessed data unless probable cause exists that the data contain evidence or the fruits of a crime; unlawfully obtained copies must be destroyed and cannot be shared. Section 5 extends this protection into court proceedings by excluding evidence and derivative material obtained in violation of the Act, applying exclusion principles akin to criminal wiretap law. That creates litigation incentives to ensure procedural compliance and increases the stakes for agents handling device searches.
Seizure standard for electronic equipment
Section 6 raises the bar for seizing devices at the border: agents may only seize a U.S. person’s electronic equipment if there is probable cause that the device contains information relevant to an allegation of a felony. This shifts many routine temporary seizures into probable‑cause determinations and will affect how officers document articulable facts on the spot.
DHS auditing and public reporting
Section 7 requires annual, public reporting by DHS with itemized counts (warranted searches, emergency searches, consent requests and outcomes, unlawful accesses), aggregates by nationality and departure country, and perceived race/ethnicity statistics. It also mandates internal recordkeeping fields for each access (reason, immigration status, extent of access, whether a copy was made, sharing). The dual record and public disclosure requirements institutionalize oversight and create datasets that will inform litigation, policy debates, and congressional oversight.
Savings clauses and limits
Section 8 clarifies two preserved authorities: agencies may still inspect external components of devices for contraband and activate items to confirm they are electronic, and the Act does not curtail FISA authorities. That carve‑out highlights the bill’s attempt to balance routine border security needs and classified foreign‑intelligence operations, but it also creates interaction points where agencies will need policy guidance to avoid overreach.
This bill is one of many.
Codify tracks hundreds of bills on Privacy across all five countries.
Explore Privacy in Codify Search →Who Benefits and Who Bears the Cost
Every bill creates winners and losers. Here's who stands to gain and who bears the cost.
Who Benefits
- United States travelers (citizens, lawful permanent residents, and other U.S. persons) — gain a presumptive warrant requirement for device and account searches, protections against compelled disclosure of passwords/biometrics, and notice/consent safeguards.
- Journalists, lawyers, and activists — receive stronger procedural protections for source materials and privileged communications when crossing borders, reducing the risk that sensitive professional data are accessed without judicial review.
- Civil‑liberties organizations and privacy compliance officers — gain statutory evidence exclusion and public reporting that increase transparency and provide leverage for oversight and reform.
Who Bears the Cost
- Department of Homeland Security components (CBP, ICE) — must create warrant workflows, train personnel on notice/consent rules, implement recordkeeping and data‑destruction procedures, and absorb operational disruptions at ports of entry.
- Federal law enforcement and prosecutors — will face tighter evidentiary constraints and may need to seek more warrants, produce probable‑cause bases earlier, and adjust investigation timelines for cross‑border cases.
- Courts and magistrates — increased workload from warrant applications tied to border searches and emergency post‑hoc warrant reviews; judges will need to adjudicate frequent disputes over exigency and destruction determinations.
Key Issues
The Core Tension
The central dilemma is balancing the constitutional and privacy interests of U.S. persons in the vast amounts of personal data carried across borders against the government’s need to detect and respond quickly to threats: the bill shifts the balance toward privacy by imposing a warrant presumption, but doing so risks slowing time‑sensitive investigations and increasing operational burdens — the emergency exceptions and FISA savings try to bridge that gap, yet they introduce oversight and definitional challenges that determine whether the law protects privacy without unduly impairing security.
The bill builds an enforceable protection around device and account searches at the border, but its operational details create friction points. The emergency‑access pathway allows after‑the‑fact warrants within seven days and mandates destruction if no warrant follows; this relies on agencies to make accurate, contemporaneous exigency determinations and on oversight to detect abuses.
In practice, agencies must precisely document why an emergency existed, who was designated to make the call, and why a later warrant was or was not obtained — gaps or inconsistent recordkeeping will be fertile ground for litigation.
Recordkeeping and public reporting increase transparency but also raise privacy and mission‑security questions. The requirement to record perceived race/ethnicity and immigration status alongside access events could aid oversight of discriminatory use but also creates sensitive datasets that DHS must protect.
The Act’s savings clause preserving FISA and external‑component inspections leaves open how classified intelligence operations and low‑risk contraband checks will be coordinated with the warrant rule; operational guidance and interagency protocols will be necessary to prevent either under‑protection of privacy or inadvertent back‑door searches under intelligence authorities.
Try it yourself.
Ask a question in plain English, or pick a topic below. Results in seconds.