US Customs and Border Protection (CBP) agents being allowed to search travelers’ mobile devices without probable cause has long been a contentious issue. But we now know a little bit more about what officers can and can’t do. Trawling through data stored locally on a phone is allowed, but anything found solely on the cloud is off limits – and that includes your social media accounts.

Acting US Customs and Border Protection Commissioner Kevin McALeenan revealed the rules in a letter, sent in response to questions submitted to the CBP by Sen. Ron Wyden earlier this year.

The agency stated that: “CBP’s authority to conduct border searches extends to all merchandise entering or departing the United States, including information that is physically resident on an electronic device transported by an international traveler. Therefore, border searches conducted by CBP do no extend to information that is located solely on remote servers.”

Wyden had asked Homeland Security to explain the increase in the number of electronic devices being searched - there were only about 4,500 searches in 2015, but in 2016 this jumped to 23,000 searches. CBP maintains that searching travelers’ phones without probable cause protects against child pornography and threats to national security.

While agents don’t have the authority to access remote server data – Facebook and Twitter accounts are safe - the use of the word "solely" means they could examine recent emails and social media messages that are also stored on the device itself at the time of the search.

The letter goes on to state that anyone entering the country can refuse to hand over passwords to their phones and laptops when asked, but border officials may detain the devices for ‘further examination’, and any non-citizens risk being denied entry if they do so.