Inspector General Says CBP's Device Search Program Still A Mess, Still (Ironically) Mostly Undocumented
from the PAPERS-PLS dept
The CPB continues to increase the number of electronic devices (at least temporarily) seized and searched at border crossings and international airports. Basic searches -- ones that don't involve any additional tech or software -- can be performed for almost any reason. For deeper searches, the CBP needs only a little bit more: articulable suspicion.
Even though it's only a very small percentage of the total, it continues to increase, both in total numbers and as a percentage of the whole.
In fiscal year 2018, OFO processed more than 413 million travelers arriving at U.S. POEs and conducted an estimated 33,062 basic and advanced electronic device searches of those inbound travelers (.008 percent). In FY 2019, CBP processed more than 414 million travelers and conducted an estimated 40,610 basic and advanced electronic device searches of those inbound travelers (.010 percent).
That's from the DHS Inspector General's latest investigation [PDF] of CBP device searches. The last time the IG stopped by the CBP to perform some oversight in this area, it declared the whole thing a catastrophe. There was very little direct supervision of searches, documentation was almost nonexistent, and the CBP had no idea whether more searches were resulting in more investigations or arrests of criminals. Not only that, but the CBP had yet to implement any method of quantifying the security/safety gains of performing invasive device searches at border crossings.
Right at the top, the IG refers to the CBP's policy on device searches, which clearly and succinctly states the agency's obligations:
CBP’s Directive requires CBP officers to fully document all information related to searches of electronic devices.
You can already guess where this is headed.
First, there's a callback to the last investigation by the IG:
In our first audit of CBP’s searches of electronic devices at POEs [Ports of Entry], we reported deficiencies in supervision, guidance, equipment management, and performance measures and made five recommendations to improve the program’s effectiveness. CBP concurred with all five recommendations and has taken some actions to improve oversight, such as streamlining license renewals, developing processes to conduct annual field office reviews, and updating its self-inspection worksheet to better identify deficiencies. As of May 2021, CBP had not fully implemented four of five recommended corrective actions.
Since there's been no improvement on the back end, there's been no improvement on the front end.
Here's a more detailed description of what's required when a phone is searched by CBP personnel:
CBP’s Directive requires CBP officers to include all information related to the search, such as whether the device’s wireless data connection was disabled, a tear sheet was provided, and if a supervisor approved advanced searches. In instances in which OFO detains or seizes an electronic device, officers document such incidents on DHS Form 6051D, Detention Notice and Custody Receipt for Detained Property and DHS Form 6051S, Custody Receipt for Seized Property and Evidence, to demonstrate chain of custody. The Directive also tasks supervisors with ensuring officers complete thorough inspections and that all notification, documentation, and reporting requirements are met.
Here's what happened instead:
OFO [Office of Field Operations] did not always adhere to all requirements outlined in the Directive when conducting electronic device searches nor properly document searches. Of the 100 from FYs 2018 and 2019 that we reviewed, 79 had one or more instances of non-compliance, which totaled 139 instances. [...] We also identified 32 EMRs [electronic media reports] not approved by a supervisor within 7 days.
The largest number of infractions came from two areas: no indication of whether the device's data connection was disabled (27) -- something that's supposed to prevent agents from intercepting incoming communications or accessing content stored in the cloud -- and no indication of whether a supervisor was present for advanced searches (44), which is a violation of CBP policy.
That's just the problem with the stuff that's (apparently incompletely) documented. Then there are the cases where no documentation occurred at all.
During site visit... we identified instances in which OFO officials used advanced screening equipment to conduct advanced searches of electronic devices without documenting these searches in TECS. For example, in reviewing DOMEX activity log entries from the three POEs, we identified 33 advanced searches that were not documented in TECS.
CBP officials said these didn't need to be tracked because they were not related to new searches, but rather to ongoing investigations, training, and "ongoing maintenance." As proof of this claim, the officials offered nothing.
We could not confirm these assertions because OFO did not have controls to ensure all advanced searches were traceable to the officer conducting the search.
As for seeing if these searches are actually resulting in any net security and public safety gains, the CBP is still sort of working on that. There are existing metrics the CBP could use, but it has simply chosen not to.
According to an OFO official, OFO does not see the benefit of receiving the outcomes of referrals, or tracking prosecutions and convictions, and does not have a system to track or receive this information. Without tracking final legal disposition of devices and information transferred to other Federal agencies, OFO cannot fully evaluate the program’s effectiveness or whether advanced searches are achieving their intended purpose to detect evidence and identify crimes.
The refusal to properly track and document searches also causes problems elsewhere.
For example, OFO equipment used to search computers [equipment name redacted] has not functioned since July 2018 due to network compatibility issues. Because of these technical issues, officers at POEs cannot conduct advanced searches of computers on-site.
Here's the punchline:
Despite technical issues, OFO renewed the software licenses for all equipment in 2019 and 2020, including for equipment that does not function, at a total cost of $330,629.
Which leads to yet another punchline in the OIG's recommendations:
We recommend the Executive Assistant Commissioner for the Office of Field Operations: a. Suspend the renewal of licenses for nonfunctional equipment, as appropriate.
You think?
The report concludes like the last one did. Recommendations for the CBP to something -- anything! -- to improve its tracking and documentation of phone searches. And like last time, the CBP has promised to get right on that… eventually. And we the people can all expect more of the same in the 2022 report, given the lack of progress since the last IG review.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: 4th amendment, cbp, device search, dhs, inspector general
Reader Comments
Subscribe: RSS
View by: Time | Thread
undocumented mass surveillance allowing for arbitrary enforcement of what they say they think is the law until oops it wasn't but we're law enforcement so ignorance is a defense is working as intended, won't fix
[/bug report]
[ link to this | view in chronology ]
how much for a tech? or train a tech?
Let ask,
How and what the F' are you looking for on a Cellphone?
How much time do you have to Search a cellphone and NOT keep it for a week, to find out whats going on in the background?
How is it that you can take a App, store all your data In the cloud, Erase the app so no one can see you HAD the app, go threw customs and all the BS, CLEAN, then after getting into the USA or any other country that understands this BS, RELOAD the app, and download the stored data?
Lets say you have 5 kids, and ask them WHO did it? You have as much chance as that, in finding anything. BEAT them all or dont even ask.
You want a terrorist, look for the phone with almost nothing on it.
[ link to this | view in chronology ]
Re: how much for a tech? or train a tech?
So, just detain at Gitmo any person going on a business trip mandated by their employer? That would be a great way drive further offshoring, and encouragement of avoiding the US for IP development.
I have a better idea. How about not searching devices without a warrant like our 4th and 5th amendment rights mandate? How about stopping the security theater that actively harms our tourism industry year after year, costs a fortune to maintain, cannot be run properly (as the article provides proof of), creates yet another useless bureaucracy, and provides no material benefit to the public?
If you need to beat the kids to answer a simple question, you have far bigger issues as a parent than the question they refuse to answer.
Because that is standard operating procedure for any sane person going through US Customs? Also, it's a de-facto feature of the hardware. You don't have to store "incriminating evidence", or whatever the US officials would like to call it, on a phone.
Of course, in reality this is just another trough feeding the US surveillance state. It's not meant to catch terrorists, it's meant to keep very detailed tabs on anyone passing through or near (within 100 miles of) a US checkpoint. Which just so happens to cover most of the country's population.
As long as they want. There's people who have "lost" their devices for years due to these "inspections", and some who've never recovered their property. It's the government. They take what they can and, if they can get away with it, give nothing back. All while shouting "Terrorism" as justification for their actions. Well it's definitely terrorism alright. State-sponsored terrorism of it's own citizens.
[ link to this | view in chronology ]
OIG recommends that CBP keep better track of its searches. Not included in the recommendations: Actually having a reason to perform said searches.
[ link to this | view in chronology ]
We see no reason to stop adding hay to the haystack, one of these days we might find a needle.
[ link to this | view in chronology ]
Re:
But of course. Everyone knows that once the haystack reaches critical mass, needles just spontaneously appear. That's big data 101.
[ link to this | view in chronology ]
"The CPB continues to increase..."
Shouldn't this be CBP?
[ link to this | view in chronology ]