US customs can and will seize laptops and cellphones, demand passwords

Customs sign

CustomsThe American Civil Liberties Union has brought a suit against the US government over its seizure of the laptop of a computer security consultant – a seizure carried out at a Chicago airport about a year ago without a search warrant or any charges of crimes.

According to a report in Sunday’s Boston Globe, the consultant – a former MIT researcher, David House – was returning from rest and relaxation in Mexico when federal agents seized his laptop.

According to the Globe, the government wanted to know more about House’s connections to Bradley Manning, the US Army private accused of leaking classified information to WikiLeaks.

The seizure comes as no surprise. As Globe writer Katie Johnston notes, United States ports of entry are dubbed “Constitution-free zones” by civil liberties advocates.

Barring invasive techniques such as strip seizures, government agents are free to disregard Fourth Amendment protection against unreasonable search and seizure. They don’t need reasonable suspicion or probable cause, and they can take what they like, be it laptops or smart phones.

And nab gadgets they most certainly do. Johnston writes that last year alone, 5,000 devices were seized:

The Customs and Border Protection agency says the power to seize laptops is necessary to find information about terrorists, drug smugglers, and other criminals trying to enter the country. Of the more than 340 million people who traveled across the US border in 2011, about 5,000 had laptops, cellphones, iPods, or cameras searched.

Forget privacy rights. They’re gone at ports of entry.

Department of Homeland SecurityAnd what guarantees do travelers have regarding the careful treatment of their data?

On House’s laptop, that data included contact information for WikiLeaks donors, House’s bank account passwords and family photos, and coding he had done in Mexico, Johnston writes. On other laptops, that data can include not only personal data but trade secrets.

Customs and Border Protection agency spokeswoman Joanne Ferreira told Johnston that customs officers are obligated to comply with the Trade Secrets Act, which prohibits federal employees from disclosing confidential business information.

One assumes she was referring to the Uniform Trade Secrets Act, an act put forth to provide legal framework for improved trade secret protection for industry in all 50 US states.

Well, maybe that’s some measure of protection. More likely, it’s cold comfort. For one thing, all 50 states did not sign on to the act. As of 2010, Massachusetts, New Jersey, New York, North Carolina and Texas hadn’t adopted it.

Even if all 50 states ever do sign on to the act, would it protect our seized data from disclosure?

It’s hard to imagine that it would, given, for one, the recent peek we got into the pockmarked approach to data security that’s employed by government and military agency personnel.

CustomsThat sloppy security was evidenced by Anonymous’ Stratfor attack, the astonishing number of customers whose information was stolen in that attack, and the feeble, easily guessed passwords used by many in the military and government agencies that make up Stratfor’s clientele.

“Swordfish” as a password used by somebody working for the US Marines? Please.

House admitted to Johnston that the suit will be hard to win. It’s one of two the ACLU is bringing in an attempt to stop the U.S. government from seizing and searching devices without a reasonable suspicion of illegal activity.

House isn’t seeking damages; rather, he wants the government to give him back his data or destroy it. He also wants to know who, exactly, the feds allowed to access it.

Resisting the government isn’t a viable approach to protecting your data in these legal seizures. Johnston lists a few approaches that businesses are taking to keep trade secrets from such seizures:

  • Wipe laptops clean before you travel.
  • Move sensitive information to the cloud and retrieve it later.
  • Move information to a flash drive or external hard drive.

To which I would add three additional recommendations:

  • Encrypt whatever device to which you transfer sensitive information. All you have to do is poke through the lost & found at a transit station to realize that USB drives, at least, fall from our pockets like leaves from autumn trees.
  • If you travel frequently, consider buying a second laptop to bring in order to leave your personal computer at home.
  • Make sure everybody at your organization knows the current state of federal power in this matter.

Johnston notes that a recent survey by the Association of Corporate Travel Executives found that nearly half of the participating companies didn’t have a clue about how vulnerable their employees were to having their gadgets inspected, copied or confiscated.

So now we know. Spread the word.