There’s been a lot of buzz lately about the DHS’s new directives on performing searches of electronic media. From the official press release:
The new directives address the circumstances under which U.S. Customs and Border Protection (CBP) and U.S. Immigration and Customs Enforcement (ICE) can conduct border searches of electronic media—consistent with the Department’s Constitutional authority to search other sensitive non-electronic materials, such as briefcases, backpacks and notebooks, at U.S. borders.
So what does “electronic media” refer to? Well, from the CBP Directive document:
Includes any devices that may contain information, such as computers, disks, drives, tapes, mobile phones and other communication devices, cameras, music and other media players, and any other electronic or digital devices.
That’s right, its basically anything that can electronically store information. In addition to the searches, CBP has the authority to transmit your data if its in a form that they don’t understand to someone that can “translate” it for them:
Officers may sometimes have technical difficulties in conducting the search of electronic devices such that technical assistance is needed to continue the border search. Also, in some
cases Offtcers may encounter information in electronic devices that requires technical
assistance to determine the meaning of such information, such as, for example, information that is in a foreign language and / or encrypted (including information that is password protected or otherwise not readily reviewable). In such situations, Officers may transmit electronic devices or copies of information contained therein to seek technical assistance from other federal agencies. Officers may seek such assistance with or without individualized suspicion.
There are huge privacy concerns that are raised from this paragraph. For one, the number of electronic devices out there suggest that more than a few officers will be met with a device they have no idea how to use or access data from. Will the default reaction, if there’s suspicion (or not, since there doesn’t have to be), be to confiscate the device for further vetting?
Another concern should be on the data itself. Encrypted or not, your data can be copied and transmitted to “other federal agencies” to be vetted. You have no control over who or how many people will see your data.
Speaking of seizing and sharing data, just to make it clear:
5.4.1.1 Retention with Probable Cause.
Officers may seize and retain an electronic
device, or copies of information from the device, when, based on a review of the electronic device encountered or on other facts and circumstances, they determine there is probable cause to believe that the device, or copy of the contents thereof,
contains evidence of or is the fruit of a crime that CBP is authorized to enforce.5.4.1.3 Sharing Generally.
Nothing in this Directive limits the authority of CBP to share copies of information contained in electronic devices (or portions thereof), which are
retained in accordance with this Directive, with federal, state, local, and foreign law enforcement agencies to the extent consistent with applicable law and policy.
In Canada our file sharing/downloading laws are nowhere near as stringent as in the US. So what does this mean for a Canadian with a copy of Battlestar Galactica they pulled down from a torrent site who gets searched at the border? Could they be turned over to authorities for copyright infringement? Maybe you’re reading this thinking that its a farfetched scenario, but consider the last line in the paragraph below from the DHS press release:
Searches of electronic media, permitted by law and carried out at borders and ports of entry, are vital to detecting information that poses serious harm to the United States, including terrorist plans, or constitutes criminal activity—such as possession of child pornography and trademark or copyright infringement.
That’s right, “trademark or copyright infringement” is listed as a criminal activity and next to terrorism. Of course, copyright infringement *is* illegal and I’m not condoning it. However, I question whether CBP officers are going to have enough training to be able to identify material that is illegal and that which is legal. I hope we never have to hear about a person crossing the border being asked to produce receipts for all the iTunes purchases they filled their iPod with, or having their laptop confiscated for containing ripped movies that are actually legal digital copies made available when purchasing DVD’s.
Now, to keep this in some perspective, only 1000 laptop searches were conducted out of 221 million travellers…a miniscule percentage. Still, the door has been opened for CBP officers to perform invasive searches for no reason whatsoever and on a wider variety of devices. Travellers need to be aware of the possibilities, even remote ones, that their data could be seized when travelling into the US. So what can you do?
Store Your Data In The Cloud
If you want to ensure no data is collected, and to limit the potential for confused looks as officers try to figure out what your scientific report is really about, store your data on a server and not on your computers and devices. Many airlines are now offering wi-fi internet access in their planes, which means that once you’re through security and onboard you can freely download your files and work on the flight. This also removes any concern about legal media files that could be incorrectly identified as copyright infringement.
Keep Devices To A Minimum
I don’t know how these searches will be carried out…if only one piece of electronics will be searched or if someone flagged will have all devices searched. Assuming the latter, keep everything to a minimum. Laptop, cell phone, mp3 player…camera if you have to. Don’t bring multiple laptops, don’t bring a bunch of USB jump drives or external drives for that matter. The fewer devices, the fewer searches can be performed (speeding you through to your plane) and fewer questions will be asked.
Bring Only Data You’re Comfortable Losing
If you do need to bring data on your devices, ensure that its data your comfortable losing or having people view. If you have any sensitive data, I redirect you to the first suggestion of utilizing a file server. Any data on your devices should be free of passwords and organized in a way that’s easily discoverable. Help the CBP officers conduct their search.
Have a Backup Plan
Ensure you have some backup plan for a worst case scenario. For instance, if you’re doing a speaking engagement but your laptop gets confiscated at the border due to a search, ensure that organizers know that you might need a filler laptop to run your presentation on, and have your presentation available through a file server or another source that doesn’t require you to physically carry it.
It will be interesting to see, as these new directives come online, whether the number of reported instances of device searches increases or not. Either way, travellers should be aware.
Posts
sign up for a mozy.com backup util. You won't be worried about losing data.
ReplyDelete