US tightens rules on border search

Your chances of being searched at a US border crossing are now at an all-time high. But the chances that border agents will be pulling data from your devices declined this past week – at least by a little.

A 4 January update in the US Customs and Border Protection’s (CBP) “Border Search of Electronic Devices” directive – its first since August 2009 – now requires that agents have at least “reasonable suspicion” of illegal activity or a threat to national security before they can conduct an in-depth, forensic examination or copy the contents of devices they search at border crossings.

The directive also continues a policy that says without that “reasonable suspicion,” agents can only conduct a so-called “basic search,” which means they can only look at data that’s “physically resident on the phone,” and not stored on a remote server.

This, according to the press release from CBP, not only “enhances the transparency, accountability and oversight of electronic device border searches performed by CBP,” but also:

…preserv(es) the civil rights and civil liberties of those we encounter, including the small number of travelers whose devices are searched, which is why the updated Directive includes provisions above and beyond prevailing constitutional and legal requirements.

All of which had Sen. Ron Wyden, (D-OR) damning the new directive with faint praise. He called it “an improvement,” but said in a statement that it still allows, “far too many indiscriminate searches of innocent Americans.”

He noted that CBP agents don’t need even the “reasonable suspicion” threshold to conduct a basic search of devices, which includes, “looking through their browsing history, photos and messages stored on the device.”

And there are more of those searches being conducted than at any time in history. While the CBP spun the numbers one way, noting that they search the devices of less than one-hundredth of 1 percent of travelers entering the US, and that the large majority (about 80%) of those are of non-citizens, the agency also acknowledged that the number of searches has jumped from 5,085 in 2012 to 30,151 in 2017.

Wyden, ranking Democratic member of the Senate Finance Committee, has co-sponsored a bill with Sen. Rand Paul (R-KY) that would require a warrant for agents to search devices at the border. But that bill was introduced last April, and besides being referred to the Committee on Homeland Security and Governmental Affairs, nothing has happened with it.

Among privacy advocates, the praise was even more faint, and the damning much louder. The Electronic Frontier Foundation (EFF) said while the directive contains “a few improvements” from the previous one, it is still, “full of loopholes and vague language that continues to allow agents to violate travelers’ constitutional rights.”

Staff attorneys Sophia Cope and Aaron Mackey, in a blog post this week said even the “reasonable suspicion” requirement contains a “huge loophole.”

…border agents don’t need to have reasonable suspicion to conduct an advanced device search when “there is a national security concern.” This exception will surely swallow the rule, as “national security” can be construed exceedingly broadly and CBP has provided few standards for agents to follow.

Cope and Mackey also contend there isn’t much difference between “basic” and “advanced” searches – that both are highly intrusive.

…the government obtains essentially the same information regardless of what search method is used: all the emails, text messages, contact lists, photos, videos, notes, calendar entries, to-do lists, and browsing histories found on mobile devices.

And all this data collectively can reveal highly personal and sensitive information about travelers – their political beliefs, religious affiliations, health conditions, financial status, sex lives, and family details.

The new directive also states that, “travelers are obligated to present electronic devices and the information contained therein in a condition that allows inspection of the device and its contents.”

That means the CBP is requiring people to unlock or decrypt their devices, and according to EFF, they have a right to refuse. If they do, however…

…there may be consequences, such as travel delay, device confiscation, or even denial of entry for non-US persons.

Finally, EFF notes that the new directive doesn’t apply to US Immigration and Customs Enforcement (ICE) or to agents from Homeland Security Investigations (HSI), which also conduct border searches…

…so any enhanced privacy protections found in the new policy are wholly inapplicable to searches by these agents.

According to Kevin McAleenan, CBP’s acting commissioner, the new directive means that, “CBP continues to respect the privacy of international travelers while performing its vital law enforcement mission.”

Privacy advocates remain unconvinced – particularly as it applies to US citizens. “Americans’ Constitutional rights shouldn’t disappear at the border,” Wyden said.