CBP Warrantless Device Searches Continue To Increase And New DHS Guidance Isn't Going To Bring That Number Down
from the visit-a-country-with-zero-rights-without-even-leaving-the-country! dept
The DHS made two significant announcements late last week, both dealing with the CBP's warrantless searches of electronic devices at the border. The first was a bit of info, showing the exponential increase in device searches in 2016 (jumping from 5,000 in 2015 to 20,000 in 2016) is part of a trend, rather than an anomaly. Searches increased another 59% in 2017, rising to 30,200 total.
The DHS and CBP also released statements justifying the ongoing increase in warrantless searches.
"In this digital age, border searches of electronic devices are essential to enforcing the law at the US border and to protecting the American people," John Wagner, a deputy executive assistant commissioner at Customs and Border Patrol, said in a statement.
[...]
CBP's authority for the border search of electronic devices is and will continue to be exercised judiciously, responsibly, and consistent with the public trust," he added.
These statements are empty and useless. We had just as much of a "digital age" in 2015 and yet searches occurred far less frequently. There seemed to be no less law enforcement happening and no less "secure" as a nation than we are now. In fact, we may have been more secure with fewer searches as we hadn't yet shifted towards a more antagonistic relationship with the rest of the world, starting with our southern bordering neighbor.
It's also difficult to square claims of "judicious, responsible" use of device search authority with the exponential leap in number of devices searched and the DHS's open admission it lacks legal authority for some of the searches its agencies perform.
Accompanying the release of 2017's search numbers, the DHS released updated guidelines on border device searches. The guidelines roughly align with answers delivered by the DHS to Sen. Ron Wyden in response to questions about its warrantless device searches.
The CBP still has carte blanche access to devices of foreigners entering or leaving the country. Its ability to access devices carried by Americans is only slightly more limited. Anything residing on a device can be accessed by CBP officials without a warrant or even reasonable suspicion. From the CBP's search guidelines [PDF]:
Border searches of electronic devices may include searches of the information stored on the device when it is presented for inspection or during its detention by CBP for an inbound or outbound border inspection. The border search will include an examination of only the information that is resident upon the device and accessible through the device's operating system or through other software, tools, or applications. Officers may not intentionally use the device to access information that is solely stored remotely. To avoid retrieving or accessing information stored remotely and not otherwise present on the device, Officers will either request that the traveler disable connectivity to any network by placing the device in airplane mode), or, where warranted by national security, law enforcement, officer safety, or other operational considerations, Officers will themselves disable network connectivity. Officers should also take care to ensure, throughout the course of a border search, that they do not take actions that would make any changes to the contents of the device.
CBP officers can also perform "advanced searches." These involve imaging device contents and possible access of remote storage. Again, the CBP claims it needs no warrant to perform these searches, only reasonable suspicion. The guidance makes no mention of the Supreme Court's Riley decision, likely interpreting the decision to apply only to searches incident to arrest, rather than border inspections of "containers" and their "contents" under multiple court-granted warrant exceptions.
Yes, the CBP still equates phones and laptops to suitcases and personal effects. One of the statutes listed in its defense of warrantless access to electronic device contents refers to the CBP's right to search "persons, baggage, and merchandise" entering or leaving the country.
On top of that, the CBP continues to insist all travelers must unlock or decrypt devices/accounts so contents can be inspected. The CBP says it can use external hardware to crack devices and/or detain locked devices indefinitely if travelers aren't compliant. None of this requires a warrant. Nor does it even require reasonable suspicion. All the CBP needs to justify these seizures and searches is a traveler's refusal to hand over passwords or PINs.
Unbelievably, this new guidance is an improvement. Prior to this, the DHS and CBP weren't even limiting their searches to the low bar of reasonable suspicion. So, while the new guidance is earning limited praise from privacy and rights activists, it's also gathering plenty of criticism. Ron Wyden, who was instrumental in getting the DHS to concede its social media account searches had no legal basis, offered up a golf clap for the DHS's new guidance, along with a warning he would continue seeking a legislative end to the "Constitution-free" zone in which the CBP does all of its intrusive work.
“I’ve said it before and I’ll say it again: Americans’ Constitutional rights shouldn’t disappear at the border. By requiring ‘reasonable suspicion’ before conducting forensic searches of Americans’ devices at the border, Customs and Border Protection is beginning to recognize what the Supreme Court has already clearly stated that ‘digital is different.’ It is my view that Americans will be safer when time and resources are spent on searching people with an actual cause...”
“However, there’s more work to do here. Manually examining an individual’s private photos, messages and browsing history is still extremely invasive, and should require a warrant. I continue to believe Americans are entitled to their full Constitutional rights, no matter where they are in the United States. That’s why Senator Paul and I last year introduced the Protecting Data at the Border Act, which would end the legal Bermuda Triangle at the border and require warrants for law enforcement officials to search Americans’ phones and laptops at the border.”
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: border, cbp, customs, device searches, dhs
Reader Comments
Subscribe: RSS
View by: Time | Thread
We need more Wydens in politics.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Refusing to unlock your device.
I suspect CBP and any other US law enforcement agency have ways of making your stay super-uncomfortable if you don't comply with an open request.
Their methods are very likely to be unconstitutional and inhumane, potentially violating international law regarding the treatment of prisoners, but they'll totally get away with it anyway. Even if they kill you in the process.
[ link to this | view in chronology ]
Re: Refusing to unlock your device.
[ link to this | view in chronology ]
Re:
Essentially, if you refuse to cooperate, you can be disappeared by CBP until you agree to cooperate.
But what really gets me about this is that other countries, especially Europe, have laws that get contravened by allowing a third party unfettered access to a device storing corporate material. So if I'm carrying a company phone and CBP orders me to unlock it so they can search/image the contents, if I refuse, they can hold me in custody. If I don't refuse, on return to the EU I can be arrested/sued/fired for revealing third party information.
I'm actually in a situation now where it's safer to take my personal phone containing business apps secured with business passwords (MS's suite for example), than it is to take a dedicated business phone/laptop to the US.
[ link to this | view in chronology ]
Re: Re:
And as a foreigner, you have no right to a lawyer.
Even if you fully cooperate, if you didn't tell them what they want to hear they can ship you to a third country to be tortured until you "confess." At least that's what the old INS could (and did) do before the CBP inherited their duties.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re:
It's not robbery, despite them having guns, you not being given a choice, and the law being clear that they can't steal your property, because reasons.
Of course, if you do agree to give them access, you've violated the Computer Fraud and Abuse Act by violating the terms of service of various apps that say you can't share passwords, and the CBP has you on camera committing that felony.
[ link to this | view in chronology ]
Re: Re:
Then all I will have to do when I get home is wipe out any evidence what I did. Completely wipe all of my devices, and the server for my home network, and destroy any evidence that can be used against me for violating the CFAA.
All I will have to do is totally the hard disk on my main server, and just simply reinstall Windows and all my programs.
No evidence = NO CASE
[ link to this | view in chronology ]
"Empty and useless"?
That is not an empty and useless statement. It is false. The correct statement would be
There are absolutely no laws enforced by searching people's devices. It doesn't even significantly contribute to the CBP doing its job of protecting the borders since of course criminals would not be storing useful information on searchable devices.
There are a number of laws violated by the search and/or detention of personal assets without reasonable suspicion or warrant.
[ link to this | view in chronology ]
Do they think there is an image that can be used to overthrow the entire country?
Do they think terrorists are as stupid as the NSA and will leave their tools exposed where they can be found?
Do they think they will discover texts outlining exactly how they will kill all the white devils?
A: They expect to find very little.
They want to gather more haystacks & remind everyone that they are protecting us from all of them evil foriegn people.
It makes people consider if the trip here is worth the effort, which means some events will move well outside of the US.
This is big brother watching you & everyone you know, hoping to match a name to a terrorism watch list... despite the fact they are so stupid they terror review & deny boarding to children under 5, because their name is on the list. Unless 5 yr olds are way more advanced, there is no reason to subject a baby & parents to the CBP/TSA fondling & invasive questioning because the CHILD has the same name as a terrorist.
Terrorists don't have unique names & lets not point out that for a not terribly huge amount of money you can get passports from various nations who will put whatever name you want on them.
This is stupid.
This is invasive & there is no evidence its stopped anything. They tell us they can't tell us because the terrorists might figure out how to bypass it... You mean like back it up into the cloud with a password & then wipe the machine & restore it once they get past the feds?
This is more of the, well we poured 100 million into this program already, rather than admit it doesn't work as we thought, lets dump another 100 million into it & see what happens. Sometimes admitting it was a bad idea & taking a new direction isn't a bad thing.
[ link to this | view in chronology ]
Re:
Despite their utter uselessness these programs have to do something to "justify" their existence as an organization. The more they can appear in the news the better for them, good or bad. All this security theater is little more than "Look! We're working hard to keep you safe!" Nevermind that you've sacrificed liberty for that.
[ link to this | view in chronology ]
Re: Re: Politicians back these types of laws because of re-election aspirations
Also, require a means test to run, and to comprehend laws and ramifications thereof.
[ link to this | view in chronology ]
Re: Re: Re: Politicians back these types of laws because of re-election aspirations
What we really need is to be more willing to hold our Critters to account at town hall meetings, etc. If they don't fear us, they won't work for us, they'll work for their donors.
[ link to this | view in chronology ]
"Soft on terrorism"
So much like tough on crime which really means tough on poor people and marginalized groups...
...hard on terrorism really means dismissive on constitutional rights.
Got it.
[ link to this | view in chronology ]
Re:
Careful there. There have been recent terrorist incidents where US politicians tried to paint encryption as a terrorist tool. It's later shown that the terrorists didn't have anything of value on their phones, or were coordinating using ordinary unencrypted SMS messages.
Plus it seems likely that American intelligence agencies have a different goal: Rather than just a database of everyone's identities, they want a database of who knows and communicates with who. By vacuuming up everyone's email and social media contact lists, they can build a database of connections.
After a terrorist incident or anti-corporate protest, they can check for connections between the those responsible and anyone else. And put everyone one, two or three steps out on the no-fly list.
[ link to this | view in chronology ]
Re: Re:
Facebook has linked children adopted by different families, kids of parents who cheated & had kids out of wedlock, and a bunch of other not clear links between people.
https://gizmodo.com/how-facebook-figures-out-everyone-youve-ever-met-1819822691
https://gizmod o.com/keep-track-of-who-facebook-thinks-you-know-with-this-ni-1819422352
Kash Hill has many of these stories & people don't stop & think about it but there is tons of data being given to them willingly without your consent that lets them build your shadow profile. Its not 6 degrees of separation its 3.5, the problem being even if its only 3 hops between you and a terrorist it doesn't prove you are a terrorist, but gets you investigated even harder until they are satisfied you aren't a threat... which might happen in 2045 or with your death.
[ link to this | view in chronology ]
Re:
'If Tyranny and Oppression come to this land, it will be in the guise of fighting a foreign enemy.'
~James Madison
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Introduce hard limits, and what happens next is predictable:
The US has agreements with other countries so that when an American shows his passport to enter a third country, the US is notified. That way an American can't visit Cuba via Canada without the US knowing.
If the US can't image Americans' cell phones when they re-enter the country, they'll demand that other countries image them - and send the contents to American authorities - when Americans arrive.
Americans will be the foreigners, so they won't have any more right to refuse than foreigners showing up at American borders.
[ link to this | view in chronology ]
Re:
And slipping a $100 bill in your passport before handing it to Mexican auhorities does not break any American laws. It would break Mexican law, if Mexico ever decides to crack down on that, but you cannot be prosecuted in the United States for doing that.
[ link to this | view in chronology ]
Re:
There are a lot of Canada/USA dual nationals, because of this a Canadian/USA dual national could transit Canada via Cuba and enter/depart Cuba using their Canadian passports, and Canada would not be required to send that information along to the United States, as long as they used the Canadian passports to transit Canada and enter/depart Cuba.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
... and then later ...
"officers can also perform "advanced searches." These involve imaging device contents and possible access of remote storage."
Which contradicts the former statement.
So - all searches will be considered advanced searches. Their double speak does nothing but make them look bad.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Police State anyone?
[ link to this | view in chronology ]
Re:
Thanks for the offer, but I think I had enough.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
I do this because you can have illegal stuff on your devices and not know it. Malware and the like can download illegal stuff, and people have been burned for this. So wiping and reisntalling all my programs is how I do it.
[ link to this | view in chronology ]
And as far as connectivity, I never auto-save the password for the VPN on my home network, so that if my laptops or cell phones are imaged, they cannot accessing my home network, since the password would not be saved.
So the best idea is to make sure none your passwords are saved, so they cannot access anything remotely. Having to type in your password every time can be a pain and the ass, but it can also keep CBP from being able to access your home or office VPN.
[ link to this | view in chronology ]
I can use the phone, though the screen is cracked, and I can charge it, but I cannot connect to transfer data.
I wonder how CBP would react with this if I ever took my phone across the border, if they could not image anything becuase that part of the phone is broken. Even if they seized the phone, I don't they would be able to extract anything if USB data transfer is broken.
Considering how the screen got cracked, I am amazed the phone still works. I can still make calls, and can still charge, but I cannot transfer data, I could see that as a problem if I ever travelled with it out of the country.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
Then you use a secure wiping program, when you get home, to wipe any evidence that might be used against you in a prosecution from your devices, and from the server hosting you private VPN.
If their forensics cannot recover evidence against you, they will not build a case against you. Problem solved
[ link to this | view in chronology ]