, 'opacity': false, 'speedIn': , 'speedOut': , 'changeSpeed': , 'overlayShow': false, 'overlayOpacity': "", 'overlayColor': "", 'titleShow': false, 'titlePosition': '', 'enableEscapeButton': false, 'showCloseButton': false, 'showNavArrows': false, 'hideOnOverlayClick': false, 'hideOnContentClick': false, 'width': , 'height': , 'transitionIn': "", 'transitionOut': "", 'centerOnScroll': false }); }) HazDat
31Aug/09

U.S. Gov. authorizes long-layovers for laptops.

DHSIt's sometimes hard to remember, but it wasn't that long ago that most carry-on's bypassed so much as an x-ray screening. Then came the obligatory laptop and shoe removal. And, eventually, the "drink 'em or lose 'em" rule, accompanied by the ever-perplexing debate over what constitutes a "liquid", and how many ounces of it you can carry through a TSA line.

(I once overheard a TSA agent explaining to a traveler that, "anything that can be liquefied is a liquid". I felt compelled to explain that, at the right temperature, the whole airplane could be liquefied--but kept my mouth shut, for fear of missing my flight.)

In recent months, some international travelers have been greeted with an indignity that makes the "patdown" look like a "fist-bump". In the past 10 months, over 1000 people had their laptop computers "detained" and subsequently searched. Most would assume that this was with probable cause, but, the DHS maintains that probable cause is not required for such a search.

What some might consider an electronic cavity search, became policy in 2008 when the Department of Homeland Security's U.S. Customs and Border Enforcement published their "Policy Regarding Border Search of Information" (July 16, 2008), which, among other things, allowed Custom's Agents broad discretion to detain "electronic devices, or copies thereof, for a reasonable period of time to perform a thorough border search." Though protocols were established for an "expeditious" response time by assisting agencies, no definition for "reasonable period" was provided.

The rationale cited for this policy, is described in its fourth paragraph, "Review of Information in the Course of Border Search":  "In the course of a border search, and absent individualized suspicion, officers can review and analyze the information transported by any individual attempting to enter, reenter, depart, pass through, or reside in the United States..." While, in the past, this objective could be met with a visual inspection, computers, iPods, smart-phones, and the like, require complex procedures, software and hardware to preserve the integrity of the data being examined. Therefore, such a search is typically conducted in a laboratory setting, and not something that cannot likely be accomplished during even the longest of layovers.

The DHS provides the following definition of a "detention":

"A detention occurs when CBP or ICE determines that the devices need to be kept for further examination to determine if there is probable cause to seize as evidence of a crime and/or for forfeiture. This is a temporary detention of the device during an ongoing border search. Many factors may result in a detention, for example, time constraints due to connecting flights, the large volume of information to be examined, the need to use off-site tools and expertise during the search (e.g., an ICE forensic lab), or the need for translation or other specialized services to understand the information on the device. In a detention, CBP or ICE will keep either the original device (e.g., the laptop) or an exact duplicate copy of the information stored on the device, so as to allow the traveler to proceed with the original device. Once the border search has concluded, the device will be returned to the traveler unless there is probable cause to seize the device. Any copies of the information in the possession of CBP or ICE will be destroyed unless retention of the information is necessary for law enforcement purposes and appropriate within CBP or ICE Privacy Act systems of records."

Effectively, a "detention" is a seizure without probable cause, followed by an unwarranted search. Fortunately, the CBP has taken measures to assure that it only retains information from "detained" devices that are consistent with probable cause, as outlined in Section D:

"Absent probable cause, CBP may only retain documents relating to immigration matters, consistent with the privacy and data protection standards of the system in which such information is retained."

And,

"Except as noted in this section, if after reviewing information, there exists no probable cause to seize the information, CBP will retain no copies of the information."

Which should make passengers a little less uncomfortable, if not a little less violated--were it not for the following:

"Officers may encounter information in documents or electronic devices that is in a foreign language and/or encrypted. To assist CBP in determining the meaning of such information, CBP may seek translation and/or decryption assistance  from other Federal agencies or entities."

The FBI could, for example, aid in this circumstance. But:

At the conclusion of the requested assistance, all information must be returned to CBP as expeditiously as possible. In addition, the assisting Federal agency or entity must certify to CBP that all copies of the information transferred to that agency or entity have been
destroyed... In the event that any original documents or devices are transmitted, they must not be destroyed; they are to be returned to CBP unless seized based on probable cause by the assisting agency.

And that, of course, reads like an invitation to convert a random search without probable cause from one agency, into a "line of sight" search by another.

Now, more than a year later, come new rules intended to preserve passengers' rights and insure domestic tranquility. On August 20, 2009 DHS Secretary Janet Napolitano announced new directives said to "strike the balance between respecting the civil liberties and privacy of all travelers while ensuring DHS can take the lawful actions necessary to secure our borders."

Unfortunately, the new rules won't change much, other than the definition of "reasonable period". According to a "Privacy Impact Assessment for the
Border Searches of Electronic Devices", published by the DHS:

"For CBP, the detention of devices ordinarily should not exceed five (5) days, unless extenuating circumstances exist."

Devices may, however, be released to Immigration and Customs Enforcement Agents for further examination.

"As federal criminal investigators, ICE Special Agents are empowered to make investigative decisions based on the particular facts and circumstances of each case... The ICE Directive requires that Special Agents complete the border search of any detained electronic device or information in a reasonable time, but typically no longer than 30 days, depending on the facts and circumstances of the particular search. The length of detention depends on several factors, but primarily the amount of information requiring review and the format of that information, which can greatly affect the amount of time necessary to complete a search."

What about sensitive, say attorney-client privileged or classified materials?

"Officers may encounter materials that appear to be legal in nature, or an individual may assert that certain information is protected by attorney-client or attorney work product privilege. Legal materials are not necessarily exempt from a border search, but they may be subject to the following special handling procedures: If an Officer suspects that the content of such a material may constitute evidence of a crime or otherwise pertain to a determination within the jurisdiction of CBP, the Officer must seek advice from the CBP Associate/Assistant Chief Counsel before conducting a search of the material..."

Of course, one would anticipate that many lawyers might carry "evidence of a crime", or multiple crimes, on their laptops. Though, quite honestly, I doubt that this is the intention, the ambiguity should not be taken lightly.

Effectively, little has changed, except perhaps the use of FedEx and UPS by people who really have something to hide.

[dm]19[/dm]

[dm]20[/dm]

[dm]21[/dm]

[dm]22[/dm]

[dm]23[/dm]

[dm]26[/dm]

Share
Print This Post Print This Post

About Jeff M. Fischbach

http://www.twitter.com/FischTech Jeff Michael Fischbach is founder and President of SecondWave Information Systems (SecondWave.com), a consulting firm specializing in Forensic Technology. Since 1994, he has served as a board member and technology adviser to numerous professional organizations and corporations. Mr. Fischbach has been engaged as a litigation consultant and Forensic Examiner, offering expert advice and oversight on matters involving intellectual property, computers, information systems, satellite, tracking and wireless communications technologies. He has advised law enforcement, foreign government representatives, judges, lawyers and the press.
Comments (0) Trackbacks (0)

No comments yet.


Leave a comment



No trackbacks yet.

Log In


Join the conversation...

Join the conversation on Twitter

Join the conversation on Facebook

disquslogo_180 Subscribe to RSS feed

Join the Google conversaton…

Geo Visitors Map