The Department of Homeland Security’s Privacy Office has approved the controversial searches, copying and retention of laptops, PDAs, and other digital devices without cause at U.S. borders.
Travelers could soon start seeing notices from the Privacy Office, which last week released a report supporting the right of customs agents to conduct such searches.
Last year, Canadian security and privacy experts voiced opposition to the search and seizure of personal electronic devices and recommended that the government ask the U.S. to review the policy.
In the States, lawsuits were also filed over electronic searches and digital devices inspections at the border.
The 51-page Privacy Impact Assessment released last week supported the right of U.S. Immigration and Customs Enforcement agents to copy, download, retain or seize any content from these devices, or the devices themselves, without assigning any specific reason for doing so.
Also, while in many cases searches would be done with the knowledge of the traveler in some situations, the report says, “it is not practicable for law enforcement reasons to inform the traveler that his electronic device has been searched.”
In arriving at the assessment, the Privacy Office argued that such searches of electronic devices were really no different from searches of briefcases and backpacks. They are needed to interdict and investigate violations of federal law at U.S. borders and have been supported by courts in the past, the assessment said.
That conclusion is sure to rile privacy and civil rights advocates, who have been vehemently protesting such border searches for about two years. They have argued that searches of electronic devices without any reasonable cause are very different from similar searches of backpacks and other items by customs agents, because unlike with briefcases and packs, electronic devices are capable of storing far more data, including personal and business data some that could be highly personal or protected.
The three privacy assumptions you’re wrong about when it comes to data
The Association of Corporate Travel Executives and other groups have warned of potential security breaches when corporate data contained in a laptop or PDA is downloaded by a customs agent as part of a border search. Similar concerns have been raised about data involving client and lawyer privileges, intellectual property, and other sensitive information.
Last week, the American Civil Liberties Union filed a lawsuit against the DHS after an attempt to get information on such searches from the DHS had failed to elicit a response from the agency. In it, the ACLU asked DHS to disclose details on the criteria it uses for selecting passengers for such searches, and the number of such searches it has carried out so far.
The ACLU suit also sought information on the number of devices and documents that have been retained by the DHS following such searches and the reasons for their retention. A similar suit was filed last year by the Electronic Frontier Foundation and the Asian Law Caucus.
In its analysis, the Privacy Office noted some of the privacy concerns that have been expressed over its border searches. The report conceded that a person who would not mind a briefcase being inspected by a customs agent might feel that a laptop search “increases the possibility of privacy risks due to the vast amount of information potentially available on electronic devices.”
Nevertheless, making such devices exempt from customs inspection would create a dangerous loophole” for those seeking to break the law, the report said. A traveler’s claim of privilege or statement that something is personal or business related, “does not preclude the search,” the report said. It pointed to a process that needs to be followed when customs and immigration agents conducted such searches and the notice that needs to be provided to travelers whose devices may be retained or seized.
The report also highlighted the measures currently in place for sharing data with other federal agencies, and ensuring that any data that is copied and retained is properly protected — including via encryption where needed and “storing in locked containers.” It mentions a process for destroying any data that is not needed within a maximum of 21 days from when it was collected.
Lillie Coney, associated director with the Electronic Privacy Information Center (EPIC), said that the Privacy Office;s support for “very general, non-specific” searches of electronic devices was troubling. “They are every vague on intent, or any rational cause why people might be pulled [for such searches,]” she said. “They don’t talk about data retention or about restricting access to the purpose for which they information is collected.”
She also said such searches within U.S. borders would be considered unconstitutional and in violation of privacy rights. What the DHS is saying is, “because you happen to go through a border your citizenship rights magical disappear into a state where it doesn’t exist,” Coney said. “That’s a big problem.”
Source: Computerworld
