Feds: Apple Users Treated Equally at Borders
Posted 09/30/2008 at 11:03am
| by Jason Whong
Recent revelations about the authority of the U.S. Customs and Border Protection Agency to copy electronic data from travelers at border checkpoints, and its ability to hold devices indefinitely for analysis even without individualized suspicion have drawn the opposition of civil rights advocates. Despite the agency’s power to hold devices for analysis, a Department of Homeland Security spokesperson says users of Apple’s computers, phones and digital media players should not worry about delays at the border due to using a non-Windows device, and that the odds of any traveler having a computer searched are minuscule.
CBP published a
policy statement on its website on July 16, which outlined how searches of devices containing information should be conducted. The statement outlined circumstances in which devices that couldn’t be searched immediately could be “detained” for more detailed analysis by other government agencies. These agencies would have 15 days to respond to requests for assistance, extendable indefinitely by periods of 7 days, according to the document.
Given that many organizations have standardized on computers running Microsoft Windows, it is easy for Macintosh users to imagine a scenario in which agents have difficulty searching non-Windows operating systems, causing Macbooks, iPhones and iPods to be held for longer inspection. That nightmare scenario is unfounded, said Department of Homeland Security spokesperson Amy Kudwa.
"Travelers should not anticipate any delay based on the kind of operating system they run," Kudwa told Mac|Life. "In fact, the vast majority of travelers should not anticipate any delay at all: these searches only impact a tiny fraction of a percent of the 400 million travelers crossing our borders each year."
Kudwa cited figures for the first two weeks of August: of about 16 million people and vehicles that went through border and customs checkpoints, only 40 laptop computers were searched in any capacity. Kudwa did not have statistics on the operating systems run by those computers, or how many were held for further inspection, but the relatively low figure suggests that for the specified period, Customs and Border Protection used its authority sparingly. Kudwa also noted that DHS acknowledges that use of encryption is a common business practice, though she declined to discuss whether an officer searching a laptop might find the use of encryption suspicious.
Despite the policy of searching without suspicion, the document also notes that it is a policy to "protect the rights of individuals against unreasonable search and seizure." The document also requires that if copies of the data are made, the agency must destroy all copies after reviewing them (except for immigration documents) if no probable cause exists to retain the information.
Increasing privacy concerns
Civil rights organizations have become concerned about the way CBP officials determine how to search travelers. The Asian Law Caucus received over 20 complaints in 2007 from travelers who said they were subjected to "lengthy secondary inspections, searches, and interviews at U.S. Ports of entry."
The caucus, along with the Electronic Freedom Foundation sued DHS under the Freedom of Information Act in February, requesting the release of records concerning policies and procedures on the questioning, search and inspection of travelers entering or leaving the country. As a result, DHS has released
hundreds of pages of documents, which EFF published Sept. 22. Many of the documents have information that has been redacted. The plaintiffs plan to sue for the release of much of the redacted information this fall.
One released document,
a procedure issued on May 17, 2007 from the CBP office at the Port of Anchorage (.pdf; page 34), discusses the use of a secret device or software application to search the images stored on computers and portable storage devices. Because this software or device is not named in the documents, it is not possible to confirm independently whether it is compatible with non-Windows devices. The document also requires that the agent using the device or software justify its use to his or her supervisor.
A
February 28, 2008 memo from the Director at San Juan Field Operations (same .pdf, page 58) paints a picture of a powerful agency that is aware of the attention it has attracted in the wake of the lawsuit, and wants safeguards to be in place to prevent abuses. The memo notes that "CBP has come under intense scrutiny for using its border search authority to copy the electronic media of incoming passengers. A FOIA lawsuit has been filed in Northern California against CBP for copying the electronic media of U.S. Citizens." The memo notifies supervisors and managers that permission to copy electronic media must be granted by a port director or chief, and that CBP locations should "report to the [Director of Field Operations] instances in which electronic media is being copied in secondary."
Civil rights advocates worry that CBP may share information with other agencies that can't search computers as easily as the agency can.
A November 5, 2007 memorandum ( same .pdf, page 67) from a border security coordinator cautions against copying data just because another government agency wants it. "Officers should not copy or transmit information purely on the basis of a request to copy from an outside agency," notes the memo, which also directs that documents should not be reviewed for longer than a "glance" without reasonable suspicion or consent, and information should not be copied without consent from the subject, probable cause to believe the document or information is subject to seizure, or a court order. (page 67 of 71 in the link).
The contents of the documents led the EFF to announce in a
Sept. 23 news release that the government had quietly changed rules that had been in effect since 1986, requiring probable cause that a law was being broken before copying information.
"We believe that the government should be required to have reasonable suspicion of wrongdoing before searching and seizing digital information during a border search," Marcia Hofmann, staff attorney for the EFF, told Mac|Life. We are also opposed to copying and maintenance of data by the government that may follow from suspicionless searches at the border."
In April, a federal court upheld the agency's practice of searching laptop computers without reasonable suspicion. The U.S. Court of Appeals for the ninth circuit wrote in its
opinion in U.S. v. Arnold that laptop computers were not the same as a home or the human body, and didn't deserve special privacy treatment at border checkpoints. The opinion referenced numerous legal precedents, including a 1979 U.S. Supreme Court ruling, Torres v. Puerto Rico, which noted that "The authority of the United States to search the baggage of arriving international travelers is based on its inherent sovereign authority to protect its territorial integrity. By reason of that authority, it is entitled to require that whoever seeks entry must establish the right to enter and to bring into the country whatever he may carry."
Defending borders a mission
Customs and Border Protection employees are tasked with protecting America's territorial integrity, especially preventing terrorists from entering the United States. "We are the guardians of our Nation's borders," says the first line of the CBP Mission Statement. "We are America's frontline." The agency's core values statement declares "We are dedicated to defending and upholding the Constitution of the United States. The American people have entrusted us to protect the homeland and defend liberty."
Jayson Ahern, deputy commissioner of CBP, defended the agency’s intentions in a June 30 entry in the Department of Homeland Security’s "Leadership Journal" blog. The entry noted some ways the agency had used its ability to search laptop computers, leading off with a story about how a currency smuggler was caught in 2006 with information about cyanide and nuclear material on his laptop. (The blog entry, however, doesn’t explain whether possessing the information was illegal.) The suspect pleaded guilty to cash smuggling and making false statements, and was sentenced to a year in prison.
Another example described a person traveling on a student visa selected for secondary screening. His laptop computer contained video clips of homemade bombs being exploded, a video of the traveler reading his own will, and pictures of Al-Qaeda officials. "Based on this and further derogatory information uncovered by computer forensics," he was refused admission, convicted of visa fraud, and removed from the United States. (No mention was made of where the traveler was sent.)
Other examples cited in the entry include the catching of an industrial spy and a possessor of child pornography. There was no mention of searches that did not result in prosecution or denial of entry.
"It is not our intent to subject legitimate travelers to undue scrutiny, but to ensure the safety of the American public. In conducting these searches, we are fully dedicated to protecting the civil rights of all travelers," wrote Ahern.
