CBP Privacy Impact Assessment Says It Can Pull All Sorts Of Data And Communications From Peoples' Devices At The Border
from the Privacy-Impact:-YES dept
The CBP is going to continue fishing in people's devices, despite federal courts (including the Ninth Circuit Court of Appeals) telling it that suspicionless device searches are unconstitutional. The agency will just have to come up with something approximating suspicion to do it. Its latest Privacy Impact Assessment of its border device search policy gives it plenty of options for continuing its practice of performing deep dives into devices it encounters.
Travelers heading to the US have many reasons to be cautious about their devices when it comes to privacy. A report released Thursday from the Department of Homeland Security provides even more cause for concern about how much data border patrol agents can pull from your phones and computers.
In a Privacy Impact Assessment dated July 30, the DHS detailed its US Border Patrol Digital Forensics program, specifically for its development of tools to collect data from electronic devices.
The number of device searches performed at the border has been increasing exponentially. The DHS has amped up this program in very recent years. In 2015, the CBP searched less than 5,000 devices. In 2018, it searched 33,000.
The Impact Assessment [PDF] leaves the agency with plenty of options for warrantless searches. First of all, being anywhere near a border (in which "near" means "within 100 miles" and "border" means any port of entry, including actual ports and international airports) subjects people and their devices to additional scrutiny without any need to establish reasonable suspicion. As a border control and security agency, the CBP has the power to engage in a number of searches, detainments, and interrogations without worrying too much about Constitutional rights.
Going beyond that, the CBP can also badger people into consent. This is sometimes obtained by telling people they're free to go but their devices aren't. Considering how important some of these are to everyday life, people at checkpoints may agree to a search rather than lose the only thing connecting them to friends, family, legal assistance, job opportunities, bank accounts, employers, etc. The CBP can also search any device it considers "abandoned" without suspicion or probable cause. Finally, if there's no other good reason to do so, the CBP can claim "exigent circumstances" demanded warrantless access. In far too many cases, exigent circumstances just means the government has decided to apologize to a court later rather than ask for permission first.
Here's everything the CBP can pull from a device with or without a warrant:
• Contacts
• Call Logs/Details
• IP Addresses used by the device
• Calendar Events
• GPS Locations used by the device
• Emails; • Social Media Information
• Cell Site Information
• Phone Numbers
• Videos and Pictures
• Account Information (User Names and Aliases)
• Text/chat messages
• Financial Accounts and Transactions
• Location History
• Browser bookmarks
• Notes
• Network Information
• Tasks List
Does this impact privacy? Hell yeah it does! Will the CBP be changing anything about it? Nope. Sorry about that people whose rights we've decided are less important than protecting this nation from incoming visitors and immigrants less likely to be carrying the coronavirus than the proud Americans they'll be encountering once they cross the border. The privacy risk is "mitigated" because [drum roll] the CBP has released this document declaring all the privacy-violating it will be doing:
CBP has provided notice and transparency about its digital forensic program and border search authority by publicly releasing the policy for these searches and publishing this and corresponding PIAs.
Fantastic.
More good news: the DHS and CBP have been unable to show these additional device searches have resulted in additional border security. The program is an unsupervised mess that violates rights without delivering corresponding gains in border protection.
Finally, [CBP's] OFO [Office of Field Operations] has not yet developed performance measures to evaluate the effectiveness of a pilot program, begun in 2007, to conduct advanced searches, including copying electronic data from searched devices to law enforcement databases.
The DHS still isn't checking to see if warrantless device searches are making the nation safer and doesn't plan to in the future. The pot that is never watched troubles no one when it fails to reach a boil.
There are no changes to auditing and accountability as it relates to the new tools.
¯\_(ツ)_/¯
Oh well... carry on, I guess.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: 4th amendment, border, cbp, devices, privacy
Reader Comments
The First Word
“I'll keep all this in mind next time I visit one of the five or so countries that will allow US travelers.
Subscribe: RSS
View by: Time | Thread
Wrong question
CBP have been unable to show these additional device searches have resulted in additional border security. "Security" is the cut-out story, fear is the pay-out. NAFTRA destroyed family farming in Mexico, forcing everyone into a "Job" (just as the English Midlands were gutted during the first 'Industrial Revolution') in maquiladoras or crossing into the US. Goods and Capital have no border, only wage slaves. Safe workplaces, overtime, rest periods, the minimum wage et. al. doesn't apply to our 'illegals' that make California the fifth largest economy in the world. A win-win.
[ link to this | view in chronology ]
Simple solution, for the smart people
There is a simple solution for the smart people. If you are frugal, yank your normal hard drive, put in a virgin replacement for the trip. When you return, replace the drive.
If you have bucks, get a cheapo phone/laptop for the trip and only use it on the trip.
After all, you are going somewhere for a purpose, the phone/computer is just a tool. If the phone/computer needs to be disposable, the that is just part of the cost of the trip. If the trip is for business, which needs security, then at the end of the business dealings send an encrypted zip file home and physically smash the hard disk. (Don't forget, the postal system is not all that insecure, sending a physical DVD/CDR via snail mail also works.)
Inconvenient, certainly. A significant problem, not at all.
This is just more evidence of how stupid and corrupt government security has become. No smart businessman, traveler or terrorist will be hindered in the slightest. No new, REAL, "terrorist " threats will be found. This is just corrupt, stupid bureaucrats abusing those who refuse to learn how to use their tools, in order to advance the bureaucratic budget and appearance of power.
In many respects this actually aids terrorism. This forces the terrorists to become technology savvy, more savvy than the security forces. The situation is very similar to the misuse/over use of antibiotics!
Yes, new bureaucrats are needed, right after the rejection of both Republicans and Democrats at the polls. (Yes, wishful thinking here.)
[ link to this | view in chronology ]
Re: Simple solution, for the smart people
If I'm visiting the US on a trip, I'm going to need, at a minimum, my contacts list and the credentials to access my work VPN to grab the documents I'm going to be using.
And because work installs my laptop image with the required certificates for remote access on it, and I can't go to an office and have IT do this for me, this means that for any trip to the US, I need to request a clean laptop weeks in advance, and then ensure I add just enough data to make it useful while "crossing the border". This means I don't get to work on powerpoint presentations on the airplane, go over my speech in my hotel room, or anything else. When I get to my hotel room (likely within the 100 mile zone), I'll be spending my time trying to bring things back up on my laptop and get myself connected to the work network. And then before I leave, I'll have to wipe the drive, which will look suspicious at the border.
[ link to this | view in chronology ]
Re: Re: Simple solution, for the smart people
I'm told that in the legal field, SOP for Canadian lawyers who are crossing the border is to be issued a clean laptop before leaving, download everything they need from their home office after they reach their destination and do complete wipe before returning home.
(The IT dept. has most of this automated, the lawyer contacts the office to access/authorize the download, etc.)
[ link to this | view in chronology ]
Re: Re: Re: Simple solution, for the smart people
It also applies to phones - the Canadians I'm engaged with at the minute also issue a fresh iPhone that once you are Stateside, you're given a QR code to sync up to corporate eMail, contacts, calendar, etc. All encrypted. Takes about half-an-hour. All documents are centralized not local. Admins remote wipe when you're leaving.
But as the AC above says, you can't really do anything when travelling to/from the States.
[ link to this | view in chronology ]
Re: Re: Simple solution, for the smart people
As far as VPN credentials the passqord van be changed afyer your clear Customs
When i go on road trips i change all my passwords on ky home neyworks VPN afyer crossimg the border so that if they trunto access my neteork they are locked out
Changing your password for that purpose does break amy laws in canada, mexico, or the usa
[ link to this | view in chronology ]
Re: Re: Simple solution, for the smart people
It has been over 10 years since I worked for a UK defence contractor and this was exactly what we had to do for every visit. It was an instant dismisal to take any piece of IT equipment that was not wiped with a clean image. For one visit organised at short notice it was easier to get the employee to buy a laptop and phone out there and just bin them at the end of the trip.
And this was for work visits to the US military and US military contractors for work relating to US homeland security and anti-terrorism. We could not trust the US not to take the opportunity to download everything they could.
[ link to this | view in chronology ]
I'll keep all this in mind next time I visit one of the five or so countries that will allow US travelers.
[ link to this | view in chronology ]
Objecting to a digital cavity search makes you suspicious, of course. Search justified!
[ link to this | view in chronology ]
Turn it on its head
Sue them for every single violation of the constitution that they just admitted too. Charge them 1 million per violation and then when they can't pay, shut them down. Any US agency that violates the constitution as part of its operation is illegal and can be sued out of existence. If that doesn't apply, then this isn't a government by, of and for the people.
[ link to this | view in chronology ]
please explain how this is right, given that we are supposedly living in a democracy, a country that is supposed to support freedom and free speech as opposed to the practices of countries like China, N.Korea, Russia and (Nazi) Germany? how can any government of a supposed 'free' country not just allow but condone these agancies and their actions? i dont understand the path we seem to be on or the direction we're heading. i do know that i sure as hell dont like it!!
[ link to this | view in chronology ]
Re:
This isn't a democracy. It's a representative republic.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re:
Well, I hear that protecting the border from smugglers and terrorists even includes assaulting and kidnapping peaceful protesters in major cities -- so obviously, searching any and every personal electronic device they feel might be interesting is clearly well within the bounds of their authority...
[ link to this | view in chronology ]
SUSPICION..
you are going to Canada, thats suspicious.
You are coming Back from Canada, thats suspicious.
You are Capt. Kirk, thats just weird.
[ link to this | view in chronology ]
Re: SUSPICION..
Waitaminute.... Isn't that the guy who raided a nuclear sub, abducted an unconscious foreign agent from the hospital, stole marine life from a research facility, and disappeared for over forty years?
Forget weird, this is the man we've been searching for! Now we can justify the agencies' existence!
[ link to this | view in chronology ]
You still have your 5th amendment right to remsom silent. You do not have to answer any questions
[ link to this | view in chronology ]
This 100 mile zone (actually 115.7) is.whyy whenever i drive to Disneyland or to Canafas Wonderland i out my phone on insane cip 0roof mode so that if a cop should pull me over and seize my phone they will not be able to access the contents when they get ir back to the cop shop.
When you go on a road trip, putting your phone on insane cop proof mode is a must.
[ link to this | view in chronology ]