Judge Allows Fourth Amendment Challenge Of Warrantless Device Searches At The Border To Continue
from the uphill-battling dept
A federal judge has allowed the ACLU, EFF, and the several plaintiffs they represent to continue their Fourth Amendment lawsuit against DHS, ICE, and CBP. The plaintiffs are challenging the Constitutionality of border device searches -- something that has skyrocketed in recent years. As it stands now, these agencies believe nothing stronger than reasonable suspicion is needed to perform highly-intrusive searches. In many cases, not even suspicion is needed, thanks to the "border search" exception to the Fourth Amendment courts have carved out for the government.
Policies for agencies performing border device searches are pretty much identical. All allow searches and seizures of devices without individualized suspicion. This warrantless, suspicionless search may also result in the device being confiscated for weeks or months while a forensic search is undertaken -- again, supposedly without violating travelers' rights. CBP's policy was altered this year, requiring forensic searches and the mirroring of devices to at least reach the level of reasonable suspicion. Better than ICE's policy, but still nothing approaching a warrant.
The government sought to have the lawsuit dismissed, claiming the plaintiffs had no standing to assert violations, much less seek injunctive relief on the theory they would likely be subjected to intrusive device searches the next time they traveled.
The court disagrees with all the government's arguments. The government claimed the number of device searches -- although steadily increasing -- is still a small percentage of the overall whole. The court points out it doesn't really matter what the percentage is. It's whether or not CBP and ICE perform these searches routinely. From the decision [PDF]:
Defendants contend that Plaintiffs have also failed to satisfy the “substantial risk” inquiry. Plaintiffs allege that CBP data demonstrates that it is on track to conduct approximately 30,000 searches this fiscal year. Defendants point out, however, that those searches only amounted to 0.008% of the approximately 189.6 million travelers who arrived at U.S. borders during this period. Defendants argue that this future search probability—which they characterize as a “slight chance” of search—is not sufficient to establish standing here.
There is no numerical threshold, however, at which likelihood of harm becomes a “substantial risk” of harm. See Kerin v. Titeflex Corp., 770 F.3d 978, 983 (1st Cir. 2014) (noting that “a small probability of a great harm may be sufficient”). Although 0.008% may be a small percentage of total travelers, the searches still occur at an average of approximately 2500 searches per month. In SBA List, the Supreme Court supported its conclusion that there was a substantial likelihood of future harm with the explanation that proceedings enforcing the statute in question were “not a rare occurrence,” with twenty to eighty such cases occurring per year. Against this backdrop, 30,000 searches per year is not a “rare occurrence,” even if it makes up a small percentage of total travelers.
The government also argued allegations of future harm were too vague to support a lawsuit. The court finds this argument unbelievable, given the history of the plaintiffs' interactions with border agents and the agencies' border search practices.
Defendants also argue that Plaintiffs’ allegations of future harm are impermissibly “vague” and speculative. They point to Reddy for the proposition that in the First Circuit, “‘[s]peculation’ that a government actor ‘might in the future take some other and additional action detrimental to’ Plaintiffs, is ‘not an adequate substitute for a claim of specific present objective harm or a threat of specific future harm.’” In Reddy, however, the First Circuit held that the plaintiffs’ assertions of standing were speculative as to a New Hampshire buffer zone statute, emphasizing that the statute had not yet been enforced. Here, by contrast, Plaintiffs challenge policies that are in place and are being actively enforced.
[...]
Plaintiffs’ alleged future injury does not depend upon defendants’ future illegal conduct untethered to a pattern of past practice, cf. Los Angeles v. Lyons, 461 U.S. 95, 102 (1983) (concluding that plaintiff subject to illegal arrest procedure made no showing that he was likely to be arrested and subjected to illegal procedure again), but rather upon recurring conduct authorized by official policies. That is, Plaintiffs’ subjection to prior searches further bolsters their allegations of likely future searches.
The heart of the matter is the border search exception. It's what allows CBP and ICE to bypass the Supreme Court's Riley decision and its institution of a warrant requirement for device searches. The government seizes a single phrase from the Supreme Court ruling: "search incident to arrest." Its argument attempts to divorce border device searches from the Supreme Court's finding that searching cellphones was more analogous to searching houses than searching pants pockets or suitcases. The court doesn't agree with the government's distinction.
As an initial matter, the Court is not persuaded that Riley’s reasoning is irrelevant here simply because Riley’s holding was limited to the search incident to arrest exception, see Riley, 134 S. Ct. at 2495. Judicially recognized exceptions to the warrant requirement do not exist in isolation; rather, they are all part of Fourth Amendment jurisprudence, justified because, ordinarily, the circumstances surrounding the search and the nature of the search have been deemed “reasonable.”
[...]
Here, the First Circuit has not yet spoken on what level of suspicion is required to justify a cell phone or other electronic device search at the border. The First Circuit has, however, acknowledged the significant privacy interests implicated in a cell phone search, explaining that the information on these devices is “the kind of information one would previously have stored in one’s home and that would have been off-limits to officers performing a search incident to arrest.”
The court then goes on to say that merely raising the standard for invasive device searches to "reasonable suspicion" may not be enough.
[T]he Supreme Court rejected the reasonable suspicion standard when it came to cell phones because it “would prove no practical limit at all when it comes to cell phone searches.” Digital device searches at the border, perhaps even when supported by reasonable suspicion, raise the same concerns.
This is encouraging, even if all that's happened at this point is the case surviving the government's motion to dismiss. It provides plenty of insight into the court's thinking, and shows how much of it is at odds with the government's assertions. This has the potential to restore some Fourth Amendment protections at our nation's borders for the first time in years.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: 1st circuit, 4th amendment, border searches, cbp, dhs, ice, warrants
Companies: aclu, eff
Reader Comments
Subscribe: RSS
View by: Time | Thread
Exceptions and harm
The better reasoning is that they are on a fishing expedition with no clue as to what they are actually looking for. Oh, and when they find 'something' the twisting and turning to make that 'something' into something nefarious is often comedic in nature.
It seems to me that there are reasons beyond the simpering excuses proffered by the government in the above case, that they don't, and likely won't mention. Those reasons might actually get them in trouble. Also, they are not in the peoples interest. The governments interest yes, our interest no.
[ link to this | view in chronology ]
Re: Exceptions and harm
[ link to this | view in chronology ]
Re: Exceptions and harm
[ link to this | view in chronology ]
Re: Re: Exceptions and harm
[ link to this | view in chronology ]
Re: Re: Exceptions and harm
[ link to this | view in chronology ]
Re: Exceptions and harm
Batteries can combust or explode. It's okay if they want to search the physical phone enough to know it's not going to start a fire on a plane. They can do that while it's locked. Similarly, it's fine to look through someone's papers for knives, forbidden fruit, etc. They should not be allowed to inspect or gather data.
[ link to this | view in chronology ]
Re: Re: Exceptions and harm
Give 'em an inch and they take a mile.
They can look through your private papers for pictures of knives, and hand-drawn illustrations of forbidden apples.
[ link to this | view in chronology ]
Re: Exceptions and harm
Work? Some warrants? You're always making things difficult. Don't know how, I want it now!
[ link to this | view in chronology ]
Re: Exceptions and harm
So if the highest federal law does not apply at the border, how can ANY federal law apply there?
[ link to this | view in chronology ]
Re: Re: Exceptions and harm
From the instant decision, p.38
(Citations simplified; hyperlinks added.)
[ link to this | view in chronology ]
Re: Re: Re: Exceptions and harm
If the border exception pre-dates the Constitution and does not violate the Constitution, that 100 mile court ruling means the Constitution has been repealed -- something the court that issued the ruling lacks the authority to do.
[ link to this | view in chronology ]
Conflicts between Fed and State
[ link to this | view in chronology ]
Re: Conflicts between Fed and State
The 4th Amendment means whatever the Federal government says it means on any given day. But the overwhelming long term trend of U.S. courts is to to interpret Federal government authorities very broadly while interpreting citizen rights very narrowly.
[ link to this | view in chronology ]
Re: Re: Conflicts between Fed and State
For instance states cannot make their own immigration laws that is federal jurisdiction. However they have zero obligation to assist in the enforcement of federal law. This is what allows for legalization of marijuana at a state level or sanctuary cities. They decide enforcement is not worth it or wrong and are barred from doing so.
The federal government can step in at any time in theory but in practice they lack the resources and forcing the issue has other negative effects so they don't unless it is very important.
[ link to this | view in chronology ]
Re: Re: Conflicts between Fed and State
The US Constitution only mentions prohibition of intoxicants in two places -- the 18th amendment and the 21st amendment. The 21st wholly repealed the 18th. The feds COULD NOT nationally prohibit alcohol consumption without amending the Constitution, and the only changes regarding such things to the Constitution in the past 100 years have been those two amendments.
So if the feds had to amend the Constitution to get the authority to ban alcohol, and they have the same authority today that they did before they ratified that amendment, how then can they ban a natural substance if they couldn't ban a manufactured, artificial one?
The Controlled Substances Act relies upon the fact that at the time it was enacted, all the states prohibited the drugs the Act prohibited. The 21st amendment allows for the feds to prevent cross-border smuggling, and that seems to be the basis for the Controlled Substances Act.
The feds worked extremely hard to get all the states to enact their own prohibition of cannabis, cocaine, etc -- they KNEW they were on shaky constitutional grounds if even one state didn't enact prohibition.
And now, with states legalizing cannabis, the Controlled Substances Act is in real trouble -- the constitutional gray area it has always existed in no longer exists. The 21st amendment allows the feds to criminalize transporting illegal drugs into states that prohibit them, but the amendment grants no authority to interfere with state legalization, which is reserved to the states by the Tenth Amendment to the US Constitution.
The feds do indeed have statutory supremacy over state statutes. But the US Constitution has supremacy over federal statutes, and the US Constitution is not compatible with the Controlled Substances Act as it is now being interpreted.
[ link to this | view in chronology ]
Re: Conflicts between Fed and State
[ link to this | view in chronology ]
When I go to San Diego, to Sea World, the only option for eating breakfast in the morning is the Coco's which is very close to the Mexican border, and sometimes people zig when they should zag.
I make sure I am well prepared in case I cross the border when I do not intend to. I carry Mexican insurnace for my car, for all the days I plan to be in San Diego, and I use anti-forensic tools on my laptops and cell phones, just in case I do unintentionally cross the border, so that CBP will never be able to recover anything from my phones.
People have been burned for what they did not know was there. Wiping my phones and re-installing everything guarantees that anything I do not know about cannot come back to haunt me.
Coco's is close enough to the border, where you could drive into Mexico, without intending to, which is why I wipe all my devices before going to Coco's for breakfast in the morning.
I just start the software running at night before I go to bed, and the wiping is done the next morning. All I have to do then is use a recovery disk I made to restore Windows and all my programs, it takes about 30 minutes. I do that while I shower, shave, and get dressed, and the reinstall of Windows, and all my programs is done when I am through,getting ready for the day.
One the wipe is done on my phone, I just factory reset it, and there will no POSSIBLE way that CBP could EVER know that I wiped my phone and reinstalled all my apps.
Google now has a feature which can reinstall your apps after you factory reset, so when I factory reset at night before I go to bed, all my apps are reinstalled on the phone after the reset is done.
This way, if I do cross the border without intending to, any device search by CBP, when crossing back in the USA, will not get them any useful information, and they will never know my devices were ever wiped.
There really is no coffee shop in Downtown San Diego for breakfast, so driving about 25 miles to Coco's the only option for breakfast in the morning. Coco's is about 25 miles from downtown, and the border is about 26 miles from downtown.
[ link to this | view in chronology ]
Re:
Besides your blabbermouth confession, that is.
[ link to this | view in chronology ]
Re: Re:
Like I said, the Downtown area has no places for breakfast, and Coco's is the only place to go for breakfast.
[ link to this | view in chronology ]
Re: Re: Re:
Sarbanes-Oxley.
[ link to this | view in chronology ]
Re: Re: Re: Re:
Oh, I understand that the government would totally interpret this in their favor, whether reasonable or not, so letting them know how you prepared for your trip would not be wise.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
141 Cong. Rec. S 7418-21 (July 26, 2002) — “Legislative History of Title VIII of HR 2673: The Sarbanes-Oxley Act of 2002”
(Emphasis added.)
Note, incidentally, that while this GPO source for the Congressional Record has “HR 2673” written, a relevant record for the 107th Congress's bill HR 3763 has—
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
It only costs $3 extra to pay at the local MetroPCS store. $3 is a small price to pay for privacy. No money trail = UNTRACEABLE.
This is why, for example, states that want laws that require phones in their states to be filtered for porn will not work. Someone could go over the state line, buy a phone with cash, and pay the bill with the cash any Metro store, and their identity will never be known.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re:
If they were to put one of these GPS ankle bracelets on me, I could buy a jammer, and and jam the device, then they would lose all contact with the device, allowing me to cut it off, and then put in my microwave oven, and destroy it, then they would lose all tracking on me, then I all I have to do is get on I-5 and head for the border, then that would be the end of it.
[ link to this | view in chronology ]
Re: Re: Re: Re:
With laws Sarbanes Oxley in the USA, and "Perverting The Course Of Justice" in Britain, the makers are wiping programs making their use harder to detect.
And the makers of anti-forensics are not breaking any laws in either Britain or the USA, by making usage of their tools harder to detect.
You just need to use the right tools, so your wiping of your device will not be detected.
And since these tools are not made in the United States, they are not subject to Sarbanes Oxley, or any other US law, nor are they subject to British laws, if they are not in Britain.
When Evidence Eliminator was made, they were subject to British laws, but not American ones. Sabanes Oxley never applied to Robin Hood Software, because they were a British company, so they could never be prosecuted in the USA for selling Evidence Eliminator.
[ link to this | view in chronology ]
Re: Re: Re: Re:
And of course it wouldn't apply to a non-American wiping their phone before entering the country.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
148 Cong. Rec. S S7419 (July 26, 2002)
(Emphasis added. Heading capitalized in accord with pdf.)
• Does not “include any technical requirement to tie the obstructive conduct to a pending or imminent proceeding or matter.”
• “The timing of the act in relation to the beginning of the matter or investigation is also not a bar to prosecution.”
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re:
Modern wiping tools, the way they work, make it impossible to detect because the make whatever media is being wiped as blank as when it was manufactured. One all your apps are reinstalled, there would be no way for anyone to detect it0
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re:
First Re: in this thread — “Besides your blabbermouth confession, that is.”
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: Re:
With laws like Sarbanes-Oxley in the USA or perverting the course of justice in Australia and the UK, the makers of these tools have been improving them to where their cannot be detected by examining the device.
Possessing these tools does not break us, UK, or Australian law, so they cannot arrest you for merely possessing them
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re:
Likewise crooks snooping on public hotel Wi-Fi is a legitimate concern. Having a laptop stolen while travelling is a legitimate concern. Smart phones are targeted too. And so occasionally wiping non-essential information is again a basic protection.
Even minimizing your contact list protects your contacts against malware - or email services and social media networks - that like to vacuum them up.
You're not destroying data to obstruct any government function, as Sarbanes-Oxley requires. You're doing it as routine common-sense computer security.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re:
148 Cong. Rec. S 7419 (July 26, 2002)
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re:
Any prepaid phone account will work in this manner. Just go down and pay your bill every month with cash. That is the ultimate anonymous Internet there is. As long as you pay, at the store, with cash, there is no money trail to trace back to you.
Of course, Metro will charge you a little more for that priveledge. It $3, in addition to whatever your monthly charge is.
Other prepaid providers will vary. With Verizon, you just go down to the local convenience store, and by a card with a number on it, than you dial 611, and punch in that number on the card, when prompted and your bill is paid.
As long as you pay with cash, no checks or credit cards, your will be totally anonymous.
That is what would have made the Commercial Felony Streaming Act unenforceable, if it has been passed. Someone could buy a prepaid phone, and then pay the bill each month with cash, and the Feds would never be able to trace that person's identity, as long as they did not use any cards to pay the bill.
All they will be able to find out is that someone was paying every month with cash.
[ link to this | view in chronology ]
Re: Re: Re:
No, not totally. The payment data can identify the store and time; then video recordings from that area can be obtained. People have been tracked down this way.
To be totally anonymous that way, you'd need to be buying a zero-knowledge token that can't be traced back to any particular purchase*. The math is well understood, but I know of no one other than Zero Knowledge Systems that ever did it.
(* They could still pull records of all such tokens purchased around activation time, so don't activate right away.)
[ link to this | view in chronology ]
Re: Re: Re: Re:
Nobody reviewing the footage would have any idea of what happened, as it would appear to be a malfunction and nobody would ever figure out the camera was being jammed
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re:
I will have ZERO cameras in my store to protect the privacy of those who want to be anonymous. And if the Fed's do not like that, they can KISS my ASS
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: Re:
And I will also stock them in my store, sold as a privacy tool.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re:
Just have one of these anti camera license plate covers so that security footage that sees your car before you turn on the jammer will get your number
From an angle, your license number would be invisible.
I use those when I go to Arizona so that speed cameras on I 10 cannot get my license number
There is one onion farm that trucks onions in southern California and in Arizona where smell of the onions in their trucks are so pungent that if don't go blowing by it at 90+ miles an hour, I will start to cry. The odor is that pungent.
So having one of these covers that prevent the camera from getting my plate number keeps me out of jail, as any speed 85 or over in Arizona is criminal offense.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
They're both wireless, and devoid of local storage? That's kind of surprising, though consistent with the lack of failure-planning that's common these days (eg. "just-in-time logistics").
Do be aware it's not just the instore cameras that are a problem. The external camera recordings of other stores could be obtained. Or the police could get records of lost camera connections—the store camera lost signal, and 30 seconds earlier this other camera had lost it, and they could trace you all the way back to your house or wherever you turned the jammer on. (Better hope no location-tracked citizens had a dashcam or were taking photos in the area!)
Then there are the police department cameras in some cities. Surely the PD isn't dumb enough to make those wireless.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re:
And like I said, jammers are FCC jurisdiction. There are no state laws in any of the 50 states that would apply, and no federal law, other the rec rules.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re:
And if you have one of the license plate covers that keep.cameras from getting your plate numbers their cameras will do them any good when they see a blank where your plate number should be
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re:
With laws like Sarbanes-Oxley and British pervert8ng the course of justice laws the tools have gotten better and detecting their use becomes more diccict.nice
Merely giving out information on how to do this avoid being detected does not violate the law.
[ link to this | view in chronology ]
Re: Re: Re: Re:
There would be no way I could ever be identified. I would pay for my meal with cash, so there would no money trail saying I ate at California Pizza Kitchen.
If I wanted to download songs from BitTorrent I could do that and the riaa would never be able to trace me, as I was at California Pizza Kitchen while connecting to the Wi-Fi at cocos which was across the street
And did not violate either the CFAA or California's computer crime statutes doing this
Paying for my meal at California Pizza Kitchen guaranteed nothing could ever be traced to me when I did this
[ link to this | view in chronology ]
Re: Re:
With laws like Sarbanes-Oxley and British pervert8ng the course of justice laws the tools have gotten better and detecting their use becomes more diccict.
Merely giving out information on how to do this avoid being detected does not violate the law.
[ link to this | view in chronology ]
Re:
I can assign drive letters on the laptop to portions of the hard disk at home.
CBP cannot use Sarbanes Oxley, or any other law, to make me hand over the password to the VPN on my home computer. CBP cannot force you to hand over the password to your VPN.
[ link to this | view in chronology ]
Re: Re:
Using the VPN on my home computer let me bypass those restrictions, and get the Wifi for only $10 a day.
Using my VPN to bypass that filtering did not break either California law or federal law.
[ link to this | view in chronology ]
Re: Re: Re:
Are you sure? Your comment sounds suspiciously like "doing something we don't like (bypassing our obnoxious rent-seeking), and involving a computer". Aren't those automatically CFAA violations, regardless of how silly the circumstances or outcome?
[ link to this | view in chronology ]
Re: Re: Re: Re:
Accessing my own home computer did not break the CFAA, even if it was to bypass filtering restrictions.
[ link to this | view in chronology ]
Re: Re: Re: Re:
The westin at that time had one free tier and two paid tiers. Using my 10 watt sub adapter I had enough send and receive from the built in linear amplifier where I could connect to the westin's Wi-Fi.
While I probably violated FCC rules with the power level I did not violate either the CFAA or California's computer crime laws because did not crack any passwords
Since the Wi-Fi was unencrypted and open to any device that wanted to connect, I did not break either the CFAA or any California computer crime statutes as I did not use any hacked, stolen, or otherwise illegally obtained password.
There would have been no way for the Westin to know that somebody was connecting to to their Wi-Fi from down the street. And, like I said, I was not breaking either California o4 CFAA computer crime statutes doing so as the Wi-Fi itself was not password protected, so there is no legal action that could have laid against me except maybe violating FCC rules because the amount of power I was using
That was the only time I ever stayed in a cheap hotel, but that was the only place at that time that had any rooms.
[ link to this | view in chronology ]
Re:
The only law broken would be FCC rules reagerding jammer. There are no other laws that would apply. Jamming is strictly an FCC matter
[ link to this | view in chronology ]
Re:
Even if the crime you wiped evidence of is only a misdemeanor, the wiping is a 20-year felony. Even if there is no evidence of a crime on the device, you could still be convicted.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Although they blocked VPN usage, I found a way around it. I would connect to the dsl VPN on port 443 on my computer, and would then connect to the normal PPTP VPN by using the internal up number on my own network, totally bypassing taco bell's block on VPN usage allowing me to connect to the VPN on my network allowing me to bypass their web filters. The secret was to the internal address on my network instead of the normal external up address.
I did not break either California law or the CFAA when I did this
Bypassing filtering does not violate the CFAA. If it did, half the teenagers in America would be criminals for bypassing the filters on their school networks.
[ link to this | view in chronology ]
They are certainly more than too damn vague to support the searches.
[ link to this | view in chronology ]