Hundreds of thousands of travelers cross US borders every day. And none of them—save the precious few with diplomatic immunity—have any right to privacy, according to Department of Homeland Security documents recently obtained by MuckRock.
The US Department of Homeland Security's (DHS) Privacy Impact Assessment for the Border Searches of Electronic Devices outlines the finer points of border officials' authority to search the electronic devices of citizens and non-citizens alike crossing the US border. What becomes clear is that this authority has been broadly interpreted to mean that any device brought into or out of the country is subject to the highest level of scrutiny, even when there is no explicit probable cause.
Based upon little more than the opinion of a single US Customs and Border Patrol (CBP) officer, any device can be searched and its contents read. With approval from a supervisor, the device can be seized, its contents copied in full, or both.
How easy is it for officials to seize your data?
With the exception of foreign and domestic officials with diplomatic immunity, everyone who legally crosses a US border undergoes a primary inspection. This is a familiar routine for most travelers: A CBP official checks your documents, glances between you and your passport photo, and perhaps asks whether you're travelling to the United States for business or pleasure.
Following this exchange, a traveler may be asked to undergo a secondary inspection. If this unfortunate traveler's name is flagged—which it may be for a surprisingly large number of reasons—he or she almost certainly will be.
In 2013, DHS stopped Bradley Manning Support Network co-founder David House and confiscated his laptop, USB storage device, video camera and cellular phone. In that instance, the government settled with House after the ACLU helped to bring a lawsuit on his behalf. Over the course of this suit, documents obtained by the ACLU revealed that House had been selected for additional inspection because of a DHS "lookout" telling agents to stop him as he attempted to enter the country.
Travelers may also be randomly selected by a system referred to as COMPEX, a somewhat unwieldy acronym for " Customs' Compliance Measurement Examination." This system randomly chooses travelers for additional screening. The results of these screenings are compared to screenings based on other selection criteria in order to assess their effectiveness.
Finally, the CBP official might refer a traveler based on his or her "own observations." This final option is a particular cause for concern, because little explanation has been given as to what that might entail. As a recent piece for The Intercept demonstrated, at least one of the processes used by the TSA to flag potential terrorists can be used to justify detaining anyone.
If you are referred for a secondary inspection, your right to privacy is essentially moot. Either a CBP officer or an Immigration and Customs Enforcement (ICE) special agent will likely question you and may inspect your possessions. This can mean anything from a quick look through your bags to copying and detaining your electronic devices—it's up to the agent and his or her supervisor, not due process.
The document outlines the processes necessary for each step. For example, a CBP official needs to get approval from a supervisor before copying all of the data on your device, but an ICE special agent is permitted to do so on his or her own authority. Neither one seems to be required to inform you.
"There is no specific receipt given to the traveler if the contents of the device are detained for further review, but the device is returned to the individual," reads the report. This doesn't necessarily preclude a verbal confirmation, but at least this document doesn't explicitly require one either.
Finally, for the purposes of transparency, CBP and ICE create chain of custody forms to track the possession of seized electronic devices or data. However, the document outlines a convenient loophole under the aegis of law enforcement or national security concerns.
If your device or data is sent to an "assisting party," a separate chain of custody form is created that is noted in your case file but not disclosed to you. That party is required to limit its use of the data to the purpose outlined by DHS, "unless they have separate statutory authority to retain it."
Why is this a concern?
Courts in the US have consistently upheld the government's broad authority to search, copy and detain electronic devices without probably cause or reason for suspicion. By considering these devices identical to ordinary possessions like briefcases or backpacks, border officials have greatly expanded their ability to investigate individuals in ways that would never be allowed within the country's borders.
These investigations are often unrelated to issues of national security in the traditional sense. A recent piece by The Intercept noted that approximately 90 percent of arrests made by officers scrutinizing travelers under the SPOT program are for being in the country illegally - technically this falls under the umbrella of national security, but most of those arrested are unlikely to pose any credible threat.
The DHS's electronic privacy document seems to back this assertion up. In outlining when CBP or ICE would reasonably retain information copied from a device, the DHC cited an example:
To be clear, entering the United States under false pretenses is against the law, and the CBP is well within its rights to enforce these laws. However, using extraordinary methods put in place under the aegis of national security to catch and prevent victimless crimes raises difficult questions.
A laptop is not a briefcase. Where a briefcase might possibly contain a few items of note for border officials, like weapons, drugs, or other contraband, an electronic device contains intimate details about a person's life and livelihood. Journalists and their devices have already been targeted, indicating that this authority is not only abusable but is actively being abused.
These laws aren't likely to change any time soon, but travelers to and from the US should at least be aware: When you cross the US border, you have no right to electronic privacy.
The full doc is below: