With the easing of COVID-19 restrictions, travel is increasing, and with it, concerns about searches of electronic devices at the Canadian border. Such searches can create a concern for business travellers, as they often travel with laptop computers, smartphones and other mobile electronic devices.[i]
Security searches of these devices may result in the inadvertent or forced disclosure of documents and information that is confidential in nature. In light of recently proposed Bill S-7, [ii] which would amend the Customs Act and the Preclearance Act to outline the circumstances under which border agents can validly search personal digital devices, business travellers need to be aware of the ever-changing risks of travelling with confidential information and should consider certain measures to minimize those risks.
The balancing act
The pursuit of national security and continued respect for the privacy of travellers presents a complex balancing act. Canadian courts have long established that people have very strong expectations of privacy interests for their personal digital devices. As was reiterated by the Alberta Court of Appeal in R v Canfield (Canfield), searches by Canada Border Services Agency (CBSA) agents of traveller’s personal electronic devices are one of the most intrusive invasions of privacy.[iii] The Canfield decision found section 99(1)(a) of the Customs Act[iv]– which imposed no threshold for cellphone searches -to be unconstitutional.[v] In the interest of national security, Parliament responded to Canfield (and the subsequent line of judicial consideration favouring privacy) by introducing Bill S-7 on March 31, 2022. The Bill amends the Customs Act and the Preclearance Act to outline the circumstances under which CBSA border agents can search personal digital devices of those entering Canada.[vi]
Among other things, the Bill would introduce a novel threshold of “reasonable general concern” for border agents to search electronic devices[vii]. However, the boundaries of what constitutes “reasonable general concern” are not defined in the Bill. Additionally, the Bill proposes the creation of an authority with the power to “examine documents, including emails, text messages, receipts, photographs or videos, that are stored on a personal digital device that has been imported or is about to be exported…”.[viii] This would provide clarity to the current Customs Act, which has no provision relating specifically to electronic devices. However, the Bill does not provide clarification for certain procedural requirements with respect to the search of digital devices and is silent regarding rules for password collection and preservation. Currently, CBSA agents may ask travellers for their passwords to access the information stored locally on a digital device.[ix] Failure to provide access to the digital device may result in the detention of the device. It is the CBSA’s position that passwords are not to be collected to gain access to any online account (including any social media, professional, corporate, or user accounts), files, or information stored remotely or online.
The Bill was recently reviewed by the Senate, and senators on the national security and defence committee passed an amendment to replace the proposed “reasonable general concern” standard with “reasonable grounds to suspect.” This effectively would raise the threshold for searches of personal electronic devices to a standard similarly used for the searches of personal mail. As of the date of this post, the Bill has completed its Senate review and will go to the House of Commons for further debate.
Going to the United States
Like Canadian border agents, United States, Customs and Border Protection (CPB) and Immigration and Customs Enforcement (ICE) agents have the power to conduct digital device searches without reasonable suspicion or probable cause. These broad powers allow agents to ask for the password to devices or even ask travellers to open them with voice recognition or fingerprint access. Once a device is open, border officials may review documents, copy files, and analyze data. Similar to CBSA agents, United States border officials may only look at the information that is stored locally on your device and are not permitted to use the device to examine remotely-stored information
What action should travellers consider?
In light of the changing regulatory landscape and uncertainty surrounding border searches, travellers should consider the below tips when traveling abroad.
- Consider leaving electronic devices at home. Whenever possible, avoid taking laptops and other unnecessary electronic devices on international travel. Consider traveling with a temporary phone or laptop.
- “Clean your device” before you go to an airport, port or border crossing. Remove all privileged and confidential data from the device. This data may instead be stored on a secure cloud server for later access or saved to a storage device.
- Backup your devices before you leave. Transfer all data stored on your devices to a device you are leaving at home or store files onto a cloud server.
- Protect sensitive information with enhanced encryption. Use different log-in credentials for your device and for access to cloud-stored information.
- Switch off your wireless connection when not in use. Put your device in airplane mode and sign out of sensitive applications when travelling to prevent confidential information from being sent to the device. Do not take your device off airplane mode until you complete border security screening.
In particular, legal professionals should consider the requirements of attorney-client privilege before engaging in international travel. The consequences of a disclosure of confidential client information or information protected by solicitor-client privilege include:
- Loss of client trust
- A client lawsuit for negligence
- An errors and omissions insurance claim
- Disciplinary action by the regulator
Lawyers stopped at a border by an agent who requests access to the lawyer’s electronic device may wish to identify themselves as a legal professional and advise the border agent that the device contains confidential or privileged information and object to the search on privilege grounds. A privilege objection, however, may be inappropriate or unnecessary at the borders of certain countries. The propriety of such an objection will depend on the facts and circumstances. Should a lawyer turn over their device containing sensitive client information or information covered by solicitor-client privilege to Canadian or US border officials, they may have a duty to notify their clients and professional regulatory body about the breach of confidentiality.
The developments surrounding travellers’ expectations of privacy in their digital information are noteworthy in Canadian privacy law, especially when considered against the public safety interests that are advanced through the ability to search these devices at the border. The final implementation of Bill S-7 may result in the creation of a clear threshold for border agents’ authority to search personal electronic devices, or it could result in further litigation for years to come.
Dentons will continue to monitor these and other developments relevant to the privacy industry and provide additional updates to our clients and the public. For more information, please reach out to the authors Kirsten Thompson or Stewart Maier, or see our Transformative Technologies and Data Strategy page and our unique Dentons Data suite of data solutions for every business, including enterprise privacy audits, privacy and technology program reviews and implementation, and training in respect of personal information and COVID-19 programs.
[i] “Device” includes a computer, laptop, tablet, mobile phone, thumb drive, portable hard drive, tapes, cameras and media players.
[ii] Bill S-7, An Act to amend the Customs Act and the Preclearance Act, 2016, 1st Sess, 44th Parl, 2022 (first reading March 31, 2022).
[iii] R v Canfield, 2020 ABCA 383 at para 30 [Canfield].
[iv] Ibid s 99(1)(a)
[v] Canfield at para 24.
[vi] Supra, note i.
[vii] Ibid c 1.