The rules that regulate the inspection of electronic devices at U.S. border entry points are changing. As noted by ABC News, almost 20,000 devices were inspected by border agents in 2016, and that figure rose nearly 60 percent to just over 30,000 devices last year.

Not surprisingly, the increased scrutiny and seizure of devices has digital privacy groups worried. How much power is too much when it comes to accessing personal electronic devices? A new directive from U.S. Customs and Border Protection (CBP) has redrawn basic data handling rules and placed restrictions on how agents manage specific searches.

CBP Intensifies Inspection of Electronic Devices

Under the old rules, agents were allowed to conduct device searches, which involved physically examining devices, viewing photos and messages, copying data and accessing information stored in the cloud, with or without suspicion.

According to Threatpost, the new directive divides such searches into two categories: basic and advanced. Basic searches can still be conducted without suspicion but are limited to viewing photos and messages and physically examining the devices. Advanced searches now require reasonable suspicion. Agents are allowed to “review, copy and analyze a digital device’s contents,” but not to access cloud data.

As noted by Lexology, while this is a significant change from prior policy, it is largely a reflection of a recent Federal Court of Appeals finding, which confirmed that “officers needed reasonable suspicion of criminal activity before they could justify a forensic search of a laptop seized at the border.”

It also doesn’t affect agents’ ability to seize devices with supervisor approval and hold them for a “reasonable period of time.” Typically, this period is no more than five days, but if CBP claims “extenuating circumstances,” the seizure could be extended indefinitely.

The Traveler’s Dilemma

There’s a real and growing need to manage the influx of digital data across U.S. points of entry, but tech-savvy travelers are understandably reticent to hand over their mobile devices. Travelers are used to having bags and briefcases searched, but digital devices often contain personal and business data that many are unwilling to share with anyone, including customs agents. Even under the new rules, basic searches are permitted without suspicion, and officers typically ask travelers to provide their passcodes to simplify access and speed evaluation.

As noted by the Electronic Frontier Foundation (EFF), travelers can limit their risk by leaving some devices at home and deleting data on devices they carry. It’s also worth noting that U.S. citizens cannot be denied entry to the country if they refuse to consent to device searches, but foreign visitors can be turned away.

Even with redrawn lines of authority, CBP agents still possess broad powers when it comes to the inspection of electronic devices. The requirement for reasonable suspicion and restrictions on accessing cloud data are solid starting points, but more work is required to balance the need for data security against the digital privacy of citizens.