The report, released on Monday, also found that the number of electronic device searches at ports of entry increased in fiscal year 2017 by 18,400, with a total of 29,000 devices searched.
Despite the massive increase, CBP officials told the Associated Press that less than 1 percent of travelers have their devices searched.
"It's important to note that CBP considers the US border to be not just ports of entry but a 100-mile area inland from the border, an area covering nearly two-thirds of the US population," web developer and technologist Chris Garaffa told Sputnik News. "This includes entire states in New England and the mid-Atlantic region as well as the District of Columbia. CBP can stop people in this zone, and have done so on buses and trains, and demand documentation of citizenship or access to their devices."
Officers are permitted by law to search travelers' devices after they have been referred for a secondary inspection. Prior to that, only travel documents and passports are to be searched.
During the second inspection, officers can look through cell phones, computers, tablets, USB drives and more for evidence of a crime and to determine if a person should be admitted into the US.
But according to the government watchdog, some searches were not documented properly, and data wasn't acquired in an orderly manner.
"There are many risks with having this data in the hands of agents or the government. Release of the copied data, whether intentionally or through third-party hackers, could have devastating effects on the people impacted," Garaffa said. "Rogue agents could use the data gathered for themselves, to target, harm or stalk people who they deem to have been uncooperative to them."
The "idea that the US government is collecting this data in the first place is an outrage… In fact, this type of data collection should be considered a violation of the Fourth Amendment," he said.
The Fourth Amendment to the United States Constitution protects citizens from "unreasonable searches and seizures" by the government.
"A Muslim woman named Rejhane Lazoja sued Customs and Border Patrol after they took her phone in February and made copies of the data on it. In October, she won the case on Fourth Amendment grounds, forcing CBP to delete copies of the data they made," Garaffa pointed out.
CBP officers are required to take devices offline before they are searched because it is not permitted for officers to search what is on a person's cloud, merely what is stored directly on their device. However, some devices remained online while they were searched.
Officers can also conduct an "advanced search" and exfiltrate data under a Homeland Security pilot program, but the system wasn't properly maintained, according to AP. Officers failed to renew software licensing, and data that was supposed to be deleted was instead retained.
The report recommended that searches be better documented by CBP officers, further compliance with rules on disabling data connection prior to searches, that equipment be renewed and that data be deleted from thumb drives immediately.
The watchdog also recommended that the pilot program be evaluated for effectiveness.
CBP officials reportedly agreed with the recommendations and said they have already begun addressing the data connection issue and working on a review process.
"As a security precaution, people who feel they could be at risk of their devices being searched and seized, especially those entering or leaving the country or taking mass transit near points of entry, should take steps to secure their devices," Garaffa said, recommending simple steps like making sure the device is up to date and that biometric authentication options used to unlock devices, like fingerprint and facial recognition, be turned off.
"Current case law allows law enforcement to force you to give your fingerprint or use your face to unlock a device, but protects you from having to give up a password," Garaffa said.