US border cops must get warrants to search phones, devices – EFF

Privacy warriors' legal battle to play out before appeals court


The controversial topic of electronic device searches at the US border, and whether customs agents should be required to get warrants before sucking data off them, is heading to the Fifth Circuit Court of Appeals.

For several years the legal issues surrounding what border agents are entitled to do with your electronic devices has been under scrutiny, but a sudden uptick in cases in 2017 where people had their devices taken away has spun a spotlight on the issue.

In a legal filing this week, the Electronic Frontier Foundation (EFF) argues that customs officers should be required to get warrants before searching people's mobile phones (and iPads, laptops etc) in the same way they are typically required to do in the rest of the country.

"Our cell phones and laptops provide access to an unprecedented amount of detailed, private information, often going back many months or years, from emails to our coworkers to photos of our loved ones and lists of our closest contacts," notes EFF attorney Sophia Cope. "This is light years beyond the minimal information generally contained in other kinds of personal items we might carry in our suitcases."

She argues that it is "time for courts and the government to acknowledge that examining the contents of a digital device is highly intrusive, and Fourth Amendment protections should be strong, even at the border."

And there is some evidence that the US government is doing exactly that. Proposed legislation put forward in April in Congress – the Protecting Data at the Border Act – would require a warrant signed by a judge for border agents to go through digital devices and would introduce a four-hour time limit for detaining Americans at the border.

No cloud, you hear?

That legislation has not progressed very far, but it did spark a letter from the Acting Commissioner of the US Customs and Border Protection Agency, Kevin McAleenan, who assured Congress that border searches do not extend to data stored on remote servers.

However that approach is under question in the very case going forward at the Fifth Circuit – that of Maria Isabel Molina-Isidoro.

Molina-Isidoro had her mobile phone seized and manually searched at the Texas border, and the data that the customs agent found then resulted in her being prosecuted for attempting to smuggle methamphetamine into the country.

But, the EFF notes, the information used to prosecute her was not held on the device itself. It was instead contained in two apps – Uber and WhatsApp – whose data was held in the cloud.

"There is no indication that border agents put her phone in airplane mode or otherwise disconnected it from the Internet when they accessed these apps," the filing notes.

This is obviously an area of law that has been massively complicated by modern technology.

It is widely acknowledged internationally that different laws apply at a country's borders – for pretty obvious reasons. So while people may be very unhappy about border agents going through their luggage, everyone pretty much agrees that it is a necessary right.

Electronic devices are very different from suitcases however – they contain enormous amounts of personal data that a government agent would simply never be able to discern from a physical suitcase.

Fourth Amendment

The Supreme Court has already recognized the difference and decided that the police are required to obtain a warrant to search the contents of the phone of someone who has been arrested – because of the Fourth Amendment about unreasonable searches. Although the issue of location data is still up in the air. The EFF wants that same rule applied to phones (and laptops) at the border.

But again, the border comes with different rules. The idea of only searching a device with the internet turned off may sound like a compromise. But it would end up being procedurally very specific and create the obvious problem that people would simply pass all their files onto cloud services and then download them once inside the country.

Of course, the counter-argument is that if border agents have reason to suspect someone was up to no good, they could apply for a warrant to connect the phone to the internet and then look at the resulting data.

The US government – which brought the case against Molina-Isidoro – is almost certain to aggressively defend its right to look at people's possessions at the border, leaving the Fifth Circuit in a difficult position to try to answer yet another complicated legal issue deriving from our love of extremely powerful smartphones.

Whatever it decides, it will almost certainly be appealed to the Supreme Court. Whether the Supreme Court would take the case on or choose to bat it back down until another case and another Appeals Court takes a different approach, as it has with other similar cases – only time with tell.

But the Fifth Circuit's decision could well set the scene for a critical question of digital privacy and the government's rights to dig into it. For US citizens of course. Everyone else is screwed. We have written a handy guide to data security at the US border. ®

Similar topics


Other stories you might like

  • Battlefield 2042: Please don't be the death knell of the franchise, please don't be the death knell of the franchise

    Another terrible launch, but DICE is already working on improvements

    The RPG Greetings, traveller, and welcome back to The Register Plays Games, our monthly gaming column. Since the last edition on New World, we hit level cap and the "endgame". Around this time, item duping exploits became rife and every attempt Amazon Games made to fix it just broke something else. The post-level 60 "watermark" system for gear drops is also infuriating and tedious, but not something we were able to address in the column. So bear these things in mind if you were ever tempted. On that note, it's time to look at another newly released shit show – Battlefield 2042.

    I wanted to love Battlefield 2042, I really did. After the bum note of the first-person shooter (FPS) franchise's return to Second World War theatres with Battlefield V (2018), I stupidly assumed the next entry from EA-owned Swedish developer DICE would be a return to form. I was wrong.

    The multiplayer military FPS market is dominated by two forces: Activision's Call of Duty (COD) series and EA's Battlefield. Fans of each franchise are loyal to the point of zealotry with little crossover between player bases. Here's where I stand: COD jumped the shark with Modern Warfare 2 in 2009. It's flip-flopped from WW2 to present-day combat and back again, tried sci-fi, and even the Battle Royale trend with the free-to-play Call of Duty: Warzone (2020), which has been thoroughly ruined by hackers and developer inaction.

    Continue reading
  • American diplomats' iPhones reportedly compromised by NSO Group intrusion software

    Reuters claims nine State Department employees outside the US had their devices hacked

    The Apple iPhones of at least nine US State Department officials were compromised by an unidentified entity using NSO Group's Pegasus spyware, according to a report published Friday by Reuters.

    NSO Group in an email to The Register said it has blocked an unnamed customers' access to its system upon receiving an inquiry about the incident but has yet to confirm whether its software was involved.

    "Once the inquiry was received, and before any investigation under our compliance policy, we have decided to immediately terminate relevant customers’ access to the system, due to the severity of the allegations," an NSO spokesperson told The Register in an email. "To this point, we haven’t received any information nor the phone numbers, nor any indication that NSO’s tools were used in this case."

    Continue reading
  • Utility biz Delta-Montrose Electric Association loses billing capability and two decades of records after cyber attack

    All together now - R, A, N, S, O...

    A US utility company based in Colorado was hit by a ransomware attack in November that wiped out two decades' worth of records and knocked out billing systems that won't be restored until next week at the earliest.

    The attack was detailed by the Delta-Montrose Electric Association (DMEA) in a post on its website explaining that current customers won't be penalised for being unable to pay their bills because of the incident.

    "We are a victim of a malicious cyber security attack. In the middle of an investigation, that is as far as I’m willing to go," DMEA chief exec Alyssa Clemsen Roberts told a public board meeting, as reported by a local paper.

    Continue reading

Biting the hand that feeds IT © 1998–2021