Defending Privacy at the U.S. Border: “Reasonable” Searches and Seizures

Electronic Frontier Foundation representatives Marcia Hofmann and Seth Shoen participate in Black Hat Europe 2012 Conference to present their white paper on guidelines for maintaining digital privacy when crossing the U.S. border.

Marcia Hofmann My name is Marcia Hofmann, I am a Senior Staff Attorney at the Electronic Frontier Foundation (EFF) in San Francisco. And I’m also a non-resident fellow at the Stanford Law School Center for Internet and society. And this is my colleague Seth Schoen, he is a Senior Staff Technologist at the EFF with me.

Seth and I, over the past year, have spent a lot of time writing about searches of electronics and digital information at the U.S. border. And we completed a paper in December 2011 which we published on our website [link]. So we wanted to do a presentation here at Black Hat to talk about our findings. A lot of people seem to be very interested in this subject, the question of what the U.S. Government can do at the border with digital devices and digital information. It turns out they can do a great deal, and that concerns a lot of people, it concerns business travelers, it concerns people who just really value privacy. This seems to be a real hot-button issue for people.

So what we’re gonna talk about today, first of all, is the legal situation at the border. Now, I am a U.S. lawyer, and what I mostly know is U.S. law, and so I’m gonna be talking mostly about the legal situation at the U.S. border. But I think it’s safe to assume that when you are traveling across other international borders, a lot of what we will be talking about is going to apply there too. And where I know there are certain issues that you should be aware of at other borders, I’m gonna do my best to flag that.

We’re also gonna talk about the policies and procedures that govern border searches at the U.S. border by component offices of the Department of Homeland Security. We will talk briefly about the considerations you might take into account when you are choosing a strategy for protecting your data when you are crossing international border. And then Seth is gonna talk a bit about some of the technical and common sense measures that we think people can take to protect their devices at the border. So that’s kind of how we’re gonna go with this.

The Original White Paper

Research background

Research background

Like I said, this talk comes out of this white paper that we published. I don’t know how many of you have read it. I hope that if you find our talk interesting, you will take a closer look at it because it’s certainly far more detailed than what we’re likely to get into here today. We’re gonna do kind of a basic overview of some of our findings, and if you are looking for more information in-depth, please take a look at that.

So Seth and I worked on this together. We decided to make this something that would have a legal perspective, and also a technical perspective. We had a great deal of assistance from an attorney named Rowan Reynolds who volunteered at EFF last year.

Frustrating aspects of border situation

Frustrating aspects of border situation

A very important overarching principle that I think we need to remember when we are talking about searches at the border is that it’s a very difficult situation that doesn’t have a whole lot of hard-and-fast rules. I think that border agents have a great deal of discretion to perform searches of pretty much anything that comes across the border – that includes things that you might pack in your luggage, but it also includes your electronic devices. And I think that if you get into a situation in which a border agent is interested in you for whatever reason, that can turn into a high-stress and sometimes confrontational situation, and I think that’s something that worries a lot of people.

The situation at the border is one where you are dealing with a government agent in a way that is unfamiliar. I think that many of us feel that when you are interacting with a law enforcement agent, there are certain rules that tend to apply: you know, there are some regulations on their ability to search things and to seize things. And I think a lot of people feel that when you are speaking with a government agent and they’re questioning you, you have a right to have an attorney present; and that’s true in many situations, but these are some of these familiar rules that, frankly, just don’t apply at the border.

The Law

Legal contradictions about border search

Legal contradictions about border search

So I’m gonna give a bit of an overview about the law that applies at the border. In the United States, the major constitutional provision that would be in place is the Fourth Amendment to the United States Constitution, which guarantees that “the people [shall] be secure … against unreasonable searches and seizures” by the government. What that tends to mean – you know, the general rule that we can take away from that – is that, as a general matter, the government has to get a warrant if it is going to search something in which you have a reasonable expectation of privacy, such as your property. This would include your personal effects, and your computer.

But there are circumstances where that general rule just doesn’t apply. And unfortunately, one of those circumstances is at the border. And the courts in the United States that have looked at this question have held that searches that occur at the border are just reasonable per se. And since the Fourth Amendment protects against unreasonable searches and seizures, what that means is that the government doesn’t have to get a warrant.

Supreme Court ruling on 'U.S. v. Flores-Montano' case

Supreme Court ruling on 'U.S. v. Flores-Montano' case

Now, why is that? The United States Supreme Court explained this a little bit in one of the most prominent cases on border search. You can see the quote here, and basically the idea here is that the government has a very-very strong interest in preventing the entry of unwanted people and property at the border. And this is something that goes back to the earliest days of the U.S. Constitution. So basically, because the government has such a strong interest in protecting itself from undesirable things and people coming across the border, it has a very wide-ranging authority to search and question people, and to examine their things that they bring across the border. And because that interest is so strong, virtually any search that occurs at the border is considered reasonable. The one exception that the Supreme Court has recognized, actually within this case (United States v. Flores-Montano) is the search of an individual’s elementary canal. So basically, that is the only time that the government even has to have a reasonable suspicion of wrongdoing, otherwise they can perform searches without any suspicion of wrongdoing whatsoever, meaning that they could even randomly stop you and search your things, including your computer.

Other cases have not had success

Other cases have not had success

Various organizations, including ours, have argued in court that this is really too expensive, particularly considering the fact that electronic devices can potentially contain so much information about a person – certainly, proprietary information. You know, I am a lawyer, so I tend to think of things like privileged confidential client information. But often it would include personal information too, right? I mean your communications with your family and friends, and associates over time; your web browsing history; perhaps your financial and medical information. And it seems to really defy logic that that should all just be up for grabs when you cross the border. And I believe a lot of people think that shouldn’t be the rule.

The various organizations that have tried to challenge this in court have tried to argue, you know, a computer is nothing like a piece of luggage, and if you bring a piece of luggage into the country you are going to have some clothing in there and some personal effects, but it just pales in comparison to the things that the government can paw through in your digital devices, and the rules simply shouldn’t be the same just because it’s a personal effect.

But unfortunately, the courts have not been sympathetic to that argument, and they have held at this point uniformly that the government needs no suspicion of wrongdoing whatsoever to search your devices at the border. We cite here case called “The United States v. Arnold” which is the most recent and perhaps the most famous on this question. It was in the 9th Circuit Court of Appeals which is considered one of the most liberal in the country. And in that case, the lower court (the district court) held initially that computers are just very special and different, and they present different privacy concerns, and therefore the government has to have at least a reason to suspect wrongdoing before they can search a computer at the border. But the Appeals Court disagreed and said: “No, if we look at all of the cases going back, there’s really no basis for that, and we think that the rule is the same as it is for luggage.” So no suspicion of wrongdoing needed, and at this point, unfortunately, the case law is pretty consistent on that point.

There are a couple of cases winding their way through the courts right now: one called “House v. Napolitano”, the other “Abidor v. Napolitano”. The “Napolitano” refers to Janet Napolitano who is the Secretary of the Department of Homeland Security, so she is being named in her professional capacity there as the defendant. And these are both cases that are being litigated by the American Civil Liberties Union, or the ACLU, and remains to be seen how those cases will turn out. We hope for a better ruling in those ones.

So that’s the situation at the border: basically, it doesn’t matter who you are, whether you are a U.S. citizen or a non-U.S. citizen, nobody really has much in the way of any sort of legal right at the border to protect the privacy of their things and their information.

Read next: Defending Privacy at the U.S. Border 2: Agencies and Policies

Like This Article? Let Others Know!
Related Articles:

Leave a comment:

Your email address will not be published. Required fields are marked *

Comment via Facebook: