Customs Agents are Downloading U.S. Citizens’ Data and It’s Legal
March 25, 2017
A Democratic Senator is pushing for a privacy focused overhaul regarding device searches at the border.
The suspicious scientist
Sidd Bikkannavar, a U.S. born citizen and employee at NASA’s Jet Propulsion Laboratory, left for a trip to South America on January 15. When he returned two weeks later, the Trump administration’s travel ban was four days into effect, and Bikkannavar was detained by border agents and pressured to allow access to his phone.
The 10-year NASA employee was visiting Chile, a country not on the restricted travel list. Once his passport was scanned, he was directed to an interview process where he was told to unlock his phone.
His device was federal property issued by NASA, and he was initially resistant to unlocking the phone. Agents handed Bikkannavar a document titled “Inspection of Electronic Devices,” declaring the legal authority border patrol had to search his phone, and a list of consequence should he refuse.
Bikkannavar was not obligated to give access to his phone to anyone, but officers would not let him leave the room without getting what they asked for. He made the decision to provide the PIN to unlock his phone. After 30 minutes, the agent returned his phone and he was allowed to continue home.
Homeland data security
What happened to Bikkannavar has been happening since before President Trump’s travel ban was conceived. The practice, aimed at specific individuals who were on watch lists, has been around since the administration of George W. Bush.
Several domestic incidents and attacks committed by Americans who were not on any watch list have led to a surge in random travelers being detained and their devices searched.
The policy that has allowed this number to balloon was signed in 2009 and has not been updated since. It treats electronic devices in the same way the U.S. Customs and Border Protection (CBP) Department would treat a bag being scanned in the initial security screening process.
As phones and laptops are increasingly more available and intertwined with personal and professional life, they are becoming a security interest for the CBP. It is well within the law for the CBP to randomly select anyone (citizens, permanent residents, and visa holders) for an enhanced digital inspection, where they can copy the contents of a phone.
Any information confiscated through this process is supposedly maintained in a secure fashion and there are safeguards in place for preventing unauthorized access. However, as technology evolves, the net used to collect intelligence gets bigger.
Border patrol began asking for social media passwords around December of last year. If yo plan to travel during these uncertain times, staff attorney with the ACLU Nathan Freed Wessler says, "The best advice may be to be really careful on how many devices and what kind of data you're carrying with you." "In terms of devices, government can't search what you don't have.”
The legality of unlocking your phone and handing passwords over to CBP is unclear. Border agents are allowed to look through your phone and laptop, but things start to get tricky with requests for passwords to social networks and financial data.
At the moment, this border search program is on a trial basis and is asking travelers to volunteer the information. But many travelers feel intimidated and they want to avoid possible negative confrontation with border agents. Senator Wyden or Oregon says this program “puts at risk both the security and liberty of the American people” and wants to put a stop to it.
Fourth Amendment fix up
The protection against unreasonable search and seizure does not apply when crossing the border, or within 100 miles of a border. Enforcement officials do not need to give reasons for why you have been detained and can keep your devices for five days.
CBP has a massive arsenal of tools that allows them to perform various levels of analysis on any phone they confiscate. They are able to extract call logs, contacts, pictures, video and application data from iOS and Android devices. In some cases, deleted information could be recovered.
Senator Ron Wyden, D-Oregon, is proposing a bill that would require a warrant for device searches just like it is done everywhere else. It would also explicitly prohibit citizens from being forced to provide passwords to their online accounts.
In a February 20 letter to John Kelly the Secretary of Homeland Security, Senator Wyden spoke out strongly against the reports of U.S. citizens being detained and forced to hand over information which normally would require a warrant to access. The letter reads:
“I intend to introduce legislation shortly that will guarantee that the Fourth Amendment is respected at the border by requiring law enforcement agencies to obtain a warrant before searching devices, and prohibiting the practice of forcing travelers to reveal their online passwords.”
Also included in the letter were a list of questions to be answered by March 20, such as what legal grounds the DHS has for performing the searches, how the CBP is in compliance with the Computer Fraud and Abuse Act, and how many times CBP personnel have asked to unlock a device or online account, before and after January 20, 2017.
The DHS was asked to provide answers to these questions by Monday, but as of Wednesday the DHS has not given an answer. Senator Wyden has said he could introduce the legislation as early as this week, although it is likely he will wait a little longer for a DHS response.
Once he does introduce the legislation, he will then face the challenge of convincing Congress these privacy protections will not undermine national security. We reached out to Senator Wyden regarding his upcoming bill but he could not be made available for comment.