IT Digital Device Border Searches Cover More Than Just Laptop Contents. Those who travel frequently are used to TSA security searches that have become more extensive, time consuming and invasive. International travelers have likewise faced increased scrutiny when returning to the United States by the U.S. Customs and Border Protection (CBP). While many realize that enforcement of the customs mission involves inspection for contraband and collection of duties, anecdotal evidence indicates that there is an increased scrutiny to inspect for information that may be related to cybercrimes and the war on terror. Information may also relate to violation of intellectual property laws, child pornography and other obscene materials, and for violations of national security and export control laws. Information that once took volumes of books, photographs, CDs/DVDs, etc. can be stored in digital form and can be stored on a small USB flash drive, smart phone, an iPod, or a laptop. Thus, these digital storage devices while light and portable have become targets of CBP inspecting officers.
Right to Search Digital Devices. Legally, CBP inspecting officers have the authority to search digital devices incidental to a search at the border. One exception to the U.S. Constitution’s Fourth Amendment prohibition against unreasonable searches and seizures relates to searches incident to border entries. United States v. Montoya de Hernandez, 473 U.S. 531 (1985). The Ninth Circuit Court of Appeals recently ruled that the CBP’s search of digital files does not require any level of suspicion or probable cause prior to the warrantless search. United States v. Arnold, 533 F.3d 1003 (9th Cir. 2008). While the inspecting officer may have the authority and the international traveler may have nothing to hide, an inspection of digital devices can be more invasive than a search through one’s underwear. The inspection may lead to delays and possible impounding of the digital devices for further forensic analysis.
Traveler Responses to Digital Device Search Possibility. If the traveler wishes to minimize the invasiveness of digital device inspection or if the traveler believes that they may be a likely target due to nature of business, foreign countries visited or the result of perceived profiling (of which the author provides no opinion as to whether CPB uses profiling), there are some steps that the traveler can take to minimize the chances or extent of searches. First, the traveler can carry no digital device that the traveler does not want inspected or potentially impounded, even if the digital device is later timely released. Alternately, the traveler can securely delete or “wipe” any data contained on the digital devices to minimize effects of an inspection.
A second alternative is to use the power of “cloud computing” and work with all data through the Internet. This method is easy given the widespread use of Web access for mail servers and online data storage solutions. This also assumes that appropriate security procedures are in place such as VPN connections or use of SSL encryption protocols.
A third alternative is use whole or partial hard drive encryption on laptops used while traveling internationally. This alternative is a no-brainer as any laptop containing proprietary business data, including personally identifiable information subject to data breach notification laws, should already be encrypted. This begs the question of what should the traveler do if asked by a CBP official for the password. Not having the data in the first place avoids this issue, but traveling without the data or applications may not be an option. While travelers are expected and should cooperate with the inspection process, one trial court recently held that an inspected traveler had no duty to provide CBP with a password consistent with the Fifth Amendment of the U.S. Constitition’s privilege against self-incrimination. In re Boucher, 2007 WL 4246473 (Nov. 29, 2009).
While this post only discussed the issue of returning to the United States after international travel, the CBP can inspect an international traveler prior to departing the U.S. to foreign countries. Likewise, this post did not discuss the issue of foreign customs searches where foreign laws may be less predictable and as protective. Indeed, the option presented regarding data encryption may be unavailable in certain jurisdictions which also restrict or prohibit importation of strong encryption technology. U.S. export control laws may also restrict the “exportation” of strong encryption technology. Know before you fly.