U.S. Customs and Border Protection agents are not allowed to look into a person’s cloud services, including social media data, when they check a U.S. traveler’s smartphone, officials said in a letter uploaded by NBC News.

The letter from the CBP attributed to acting commissioner Kevin McAleenan, dated June 20, was in response to inquiries from Sen. Ron Wyden, D-OR. In February, Wyden sent a letter to the Department of Homeland Security saying he found reports about agents asking travelers for their smartphone pins and access to social media accounts “deeply troubling.”

Read: Blocked By Trump: Twitter Users File First Amendment Rights Lawsuit Against President

The CBP claimed several laws gave agents the right to search traveler’s smartphones.

“In this digital age CBP must also conduct limited and targeted inspections of electronic devices to determine whether they contain contraband (such as child pornography), information indicating inadmissibility, or information that could present a threat to national security (such as counter proliferation concerns),” the letter said.

Officials added it did not need the traveler’s permission to check their devices.

“As any other aspect of the border search process, CBP’s inspection of an electronic device transported by an international traveler does not require the consent of that traveler,” the letter said.

Read: How Private Is Your iPhone, WhatsApp Chat? EFF Downgrades Apple In Privacy Practices Report

However, the CBP said it searches data that is “physically resident on the device and does not extend to information that is solely located on remote servers.” Officials added that they do not deny the entry of U.S. citizens based on provision of a password. Travelers don’t have to unlock their smartphones or give up their passwords when agents ask, but if they refuse officials may “detain” the device, the letter said.

The CBP failed to disclose statistics requested by Wyden, which show how many borders searches of electronic devices are made by officials.

"CBP is assessing whether further data collection can assist in administering the careful use of this authority in the future," McAleenan said in the letter. He also suggested searches of devices belonging to Americans are "exceedingly rare." However, CBP data shows searches have tripled between October 2015 and October 2016, and spiked again this March.

Meanwhile, the State Department announced earlier this year it may require visa applicants to provide data on the social media accounts they’ve used over the past five years. The move comes as President Donald Trump promised throughout his campaign he would implement “extreme vetting” procedures for those entering the United States.

“The request for social media identifiers and associated platforms is new for the Department of State although it is already collected on a voluntary basis by the Department of Homeland Security for certain individuals,” the State Department said in May.

The Department said it would not ask applicants for their social media passwords and that officials will not engage with visa seekers through social platforms.