When it comes to crossing the US border, we used to worry about the simple things—too many souvenirs to avoid paying import duties, lines short enough to get to a bathroom in a reasonable timeframe, maybe concerns about which fruits and vegetables could be kept from the last grocery run.

Today, we’ve got one more thing to worry about—invasive searches of our data by the Customs and Border Protection (CBP) agents. Every week brings a new story of a traveler forced to choose between giving up their passwords or having their devices confiscated.

You might be wondering what your organization’s policy might be for employees travelling with important data. Suppose you want your employees to refuse the search—are there any legal options or court decisions that are in your favor?

There are thirteen US courts of appeal, or “circuit courts”. The circuit courts are the primary decision makers for legal precedent, based on appeals from the district courts within their territories. The decisions of the circuit courts are influential and often considered “law of the land”, if there isn’t a Supreme Court case.¹ Unfortunately, a decision in one circuit may have nothing in common with that of another. Circuit courts often follow their own prior opinions and may not follow those of other circuits, which leads to the practice of “forum shopping”—choosing to pursue your case where there are favorable prior opinions.

United States v. Cotterman² stems from the case of a registered sex offender found to be in possession of child pornography. The judge in Cotterman not only recognized the normalcy of password protection of data, the court pointed out: