The scope of CBP’s digital raid is staggering. In fiscal year 2019, CBP conducted nearly 41,000 searches for electronic devices without requesting a warrant. For fiscal year 2021, that number reached 37,450 searches on devices by international travelers. These aren’t just quick glances at your home screen: CBP has active contracts worth at least $1.3 million for sophisticated extraction software from companies like Cellebrite, Grayshift, PenLink, and Magnet Forensics.
What makes dark data so different?
Traditional phone searches focus on what you can see: text messages, photos, call logs, and installed apps. But hidden data mining goes several layers further, targeting information that your device’s operating system deliberately hides or automatically buries.
Think of it as the difference between searching through your desk drawers and scanning every fiber of the wood for invisible ink. This includes steganographic data, essentially digital messages hidden within innocent-looking files. Research shows that criminals are increasingly using steganography to hide information in other messages, creating serious challenges for investigators trying to uncover original evidence.
For ordinary users, this means that the vacation photo you took could, in theory, contain hidden data that you never knew about. Steganography app studies found seven Google Play store apps with between 1,000 and 100,000 downloads each, many of which use least significant bit embedding techniques. The Bronze Butler malware demonstrated how malicious code could be inserted into seemingly harmless JPG images, turning any image file into a potential hiding place for data you didn’t even know existed.
But it’s not just about steganography. Academic research has developed “multi-approach methods” for automated extraction of hidden evidence from audio files, demonstrating clear improvement in coverage and accuracy, particularly in large MP3 and WAV files. The problem? Manual forensic analysis is complex, time-consuming, and requires significant expertise—exactly what CBP wants to automate.
The technology behind CBP digital investigations
CBP’s current toolset reads like a who’s who of digital forensics heavyweights. Cellebrite’s Universal Forensic Extraction Device allows authorities to extract data from mobile devices, including encrypted, password-protected and deleted data. GrayKey offers “unparalleled device unlocking and rapid data extraction capabilities,” while XRY Physical allows examiners to completely bypass the operating system to dump the entire system and deleted data.
Recent leaked documents revealed that GrayKey can only recover partial data from modern iPhones running iOS 18 or iOS 18.0.1. But here’s where it gets worrying for border crossers: When the FBI needed to decrypt Trump’s shooter’s phone in July 2024, Cellebrite provided new software that was still in development and worked in just 40 minutes.
This rapid extraction capability means that what once took forensic laboratories weeks can now happen during a prolonged border detention. If cutting-edge software can unlock a phone in less than an hour, the idea of ”quick device searches” takes on a whole new meaning for travelers.
How deep can these searches really go?
The technical capabilities are truly impressive and worrying. CBP searches can access any information stored directly on your device, and upon reasonable suspicion, agents may conduct “advanced searches” using external equipment to “review, copy, and/or analyze” the contents of the device.
But this is where hidden data mining becomes part of a much larger surveillance landscape. Detection tools like StegSpy achieved an 85% success rate in identifying steganographic content, while Hiderman extracted hidden messages with 100% accuracy from 18 test files.
This capability now operates alongside CBP’s commercial telemetry data program, which purchases location data from advertising IDs. Studies show that just four data points are enough to uniquely identify 95% of people. The agency spent $3.8 million on Babel Street subscriptions in 2021, with policies allowing query results to be stored for 75 years.
What this means: CBP doesn’t just extract hidden data from your phone: it combines it with years of location tracking and then stores the entire digital profile for decades. Your hidden data becomes part of a comprehensive surveillance file that follows you long after you’ve cleared customs.
What this means for your next border crossing
The Ninth Circuit’s decision in United States v. Cano established that border officials can only conduct warrantless forensic searches when they reasonably suspect the devices contain contraband. However, manual searches still do not require any suspicion.
But here’s what travelers need to understand: CBP’s expanded capabilities mean that even a “basic” search can now access far more data than ever before. CBP’s latest Privacy Impact Assessment shows that the agency is now using facial recognition technology and storing sonar images for up to ten hours on agents’ devices. Combined with hidden data mining tools, this represents a comprehensive digital surveillance apparatus that activates the moment you approach the border.
What you can do:
- Completely turn off before approaching the border: it is more difficult to access turned off devices
- Use strong passwords, not PINs or patterns—CBP tools can decipher simple numerical codes
- Consider traveling with a clean device for international travel if you handle sensitive data
- Know your rights—You can refuse to provide passwords for cloud services, but device passwords are currently required
The ACLU and EFF continue to file lawsuits challenging warrantless searches of the devices, arguing that phones contain “massive amounts of information that can provide a detailed picture of our personal lives.” But until the legal framework catches up with technology, CBP’s expanded search capabilities will remain largely unchecked.
The final result? If you are crossing the border with a device, assume that everything on it, including data you thought was hidden, deleted, or inaccessible, could be available to CBP. The agency’s push for more sophisticated extraction tools means the cat-and-mouse game between device security and law enforcement capabilities is far from over, and right now, the house is winning.