Yottabytes: Storage and Disaster Recovery

Feb 21 2017   5:13PM GMT

Electronic Border Searches Becoming an Issue Again

Sharon Fisher Sharon Fisher Profile: Sharon Fisher

social media

The issue of people entering the U.S. having their phones and laptops seized and searched at the border isn’t new, but it’s garnering new attention under the presidency of Donald Trump.

Since August 2009civil libertarians have objected to a Department of Homeland Security that enables U.S. Customs and Border Patrol agents to search laptops and other electronic devices at the U.S. border, for large values of “at” – that is, within 100 miles of the border

100 miles might not sound like much, but according to the American Civil Liberties Union (ACLU), as of 2006, more than two-thirds of the U.S. population lived within 100 miles of the border. Altogether, it meant that anyone in that area with a laptop could have that laptop seized without a warrant, at any time, taken to a lab anywhere in the U.S., have its data copied, and searched for as long as Customs deemed necessary. And despite their objections, the policy has largely been upheld.

In 2015, a judge ruled that – following the lead of the Supreme Court ruling on the Riley case, which stated that law enforcement officials needed a warrant to search someone’s cell phone – customs officials needed to have probable cause before it could search someone’s laptop. The problem with that ruling is it applied just to that one case, not overall.

And that’s where things stood until recently, when a number of people have reported anecdotally that they have had their devices searched. In one case, a US-born NASA engineer who worked with the federal government and was also a part of the Customs and Border Protection Global Entry program was told he couldn’t re-enter the U.S. until he unlocked his encrypted NASA phone. Several other incidents have also happened over the summer, reports the Electronic Frontier Foundation. Even a Canadian journalist was denied entry to the U.S. for refusing to unlock his phone, and a Wall Street Journal reporter had the same experience, though customs agents backed down when she told them to call the paper. A BBC reporter also had to turn over his phone.

It is too soon to tell whether this policy is changing under President Trump, writes Daniel Victor in the New York Times, though he notes that inspection of electronic devices rose from 4764 in 2015 to 23,000 in 2016. But there are also proposals that people entering the U.S. – potentially including U.S. citizens – would have to provide browsing history and device or account passwords, reports Kaveh Waddell in the Atlantic. Customs also asks people to voluntarily provide social media passwords and it may become mandatory – particularly for the seven Muslim-majority countries currently under a travel ban. Similar incidents are happening in other countries as well.

The problem is that the whole issue of whether people are required to unlock or decrypt their phones is not yet settled case law,  Orin Kerr, a law professor at George Washington University who specializes in computer crime law and digital evidence investigation, told the public radio show Here & Now. “You probably don’t have to comply. There are no court cases that have actually tested this, so we really don’t know what the legal limits are on the government getting people to unlock their phones,” he says. “We just don’t have those cases yet because these policies are new and encryption on iPhones is pretty new. And so we’re just starting to get these problems, and it takes the legal system a couple years for all the lawyers to get together and a lawsuit to be filed and a judge to make one decision and then the losing party is going to appeal. And it works its way up to the Supreme Court, and then five or ten years later the Supreme Court says, ‘OK, here’s the rule, here’s the law.’ And so, we just have a natural period of uncertainty until that happens.”

Indeed, the EFF – which has published a guide on border searches — would like to push for such a case to expand the provisions of the Riley case to border searches. “We are eager to further the law in this area—to make it clear that the Riley decision applies at the border,” the organization writes, urging people to let it know when they undergo a border search.

There are ways to protect your data, writes Jonathan Zdziarski in Blog of Things, who describes a number of techniques. “This is a classic security problem like any other and requires you think of a border crossing as a security boundary and the system as an adversary,” he writes. “The goal is to increase cost to exceed their investment of detaining you and diverting government resources away from going after real threats to the country – not you.”

Some people are going so far as to say they won’t take their own phone or laptop across a border at all. “I’ll never bring my phone on an international flight again. Neither should you,” writes Quincy Larson in Medium, noting that other countries are doing this as well.  “If we do nothing to resist, pretty soon everyone will have to unlock their phone and hand it over to a customs agent while they’re getting their passport swiped. Over time, this unparalleled intrusion into your personal privacy may come to feel as routine as taking off your shoes and putting them on a conveyer belt.”

Instead, Larson suggests renting a phone at your destination or having a spare phone and laptop at a destination you visit frequently – or, at the very least, factory-resetting your phone before you fly. “Is all this inconvenient? Absolutely. But it’s the only sane course of action when you consider the gravity of your data falling into the wrong hands.”

4  Comments on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.
  • OpenPrivacy
    Great and timely article. But we can't follow Larson's advice and become sheep to Big Brother. I provide security solutions to many non-profit, corporate and government agencies and carry my phone and laptop wherever I go. I use strong encryption enabled with two-factor authentication, and would not unlock my laptop for a customs official. Of course, I am a (sadly privileged) white American so I may not be asked and I only rarely travel outside the country, but eventually I or one of my colleagues will be asked and I hope they do the right thing - as they are trained to by FISMA and NIST regulations - and not hand over their keys. An invasion of our privacy is an invasion of our rights and of our security. And thank you EFF - dissent is what makes this country strong!
    10 pointsBadges:
  • Techie0007
    An interesting problem is presented here, which must ultimately be determined via due process and (future) legal precedent. Hopefully, the Court will be balanced & fair in its interpretation & the authorities will apply that interpretation fairly and evenly.
    10 pointsBadges:
  • TopCat13
    I traveled to Southern Ireland on a vacation a couple of years ago. I took an inexpensive HP Stream 7 tablet with me instead of my company issued iPhone and my laptop. I had Skype installed on the tablet and I bought an Irish temporary Skype number. The tablet worked great as an Irish cell phone allowing me to call directly to the US and locally in Ireland to initiate and receive calls. Skype has a network of Wi-Fi hotspots through out the UK and Ireland which my Skype app automatically searched and accessed. All of the B&Bs that I stayed at also had complimentary Wi-Fi.  None of my sensitive information was on the tablet although the tablet came with a one year subscription to Office 365 and  I had access to files that I had stored on One Drive. The tablet came with a 32 GB  C drive and I added an additional 32 GB D drive SSD card.
    30 pointsBadges:
  • Kevin Beaver
    Good piece, Sharon. I can't help but think that this is more of a personal security/privacy issue than a corporate one. I don't think I've met a network admin, information security manager, or CISO at any company - large or small - that is concerned about this issue, much less even knows what's on their users' laptops. I'm not saying it isn't a problem for businesses. I think it is. It's just not a problem that's on the radar of many (most) people in terms of business risk.
    27,550 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: