US government sued by 11 pissed-off travellers over computer searches

Searching your phone should require a warrant, says lawsuit


The US Department of Homeland Security is being sued by 11 travellers who had their smartphones and laptops seized and searched at the US border.

The lawsuit brought by the American Civil Liberties Union (ACLU) and the Electronic Frontier Foundation (EFF) claims that the searches were unconstitutional.

Ten of the 11 plaintiffs are US citizens and the last is a permanent resident, so the lawsuit claims their rights should have been respected and the border officials should be required to get a warrant to search their digital devices.

The lawsuit is clearly aimed at forcing clarity on the issue of what is legal and not legal to do with modern devices at the border. The ACLU/EFF's position is that the government must have a warrant – which itself requires a justification of "probable cause" that the individual is violating border laws – before any device can be searched.

As such, the case has been careful to include not only multiple plaintiffs but also a broad range of individuals: journalists, artists, engineers, students, a business owner and a military vet. Several are Muslim; others are people of color. In short, a diverse group, and all of them were stopped while entering the United States, had their devices confiscated for weeks or months, and none have been accused of any wrongdoing.

"Today's electronic devices contain troves of data and personal information that can be used to assemble detailed, comprehensive pictures of their owners' lives," argues the lawsuit.

"Because government scrutiny of electronic devices is an unprecedented invasion of personal privacy and a threat to freedom of speech and association, searches of such devices absent a warrant supported by probable cause and without particularly describing the information to be searched are unconstitutional."

Specifics

The complaint specifically identifies and challenges directives from the Customs Border Protection (CBP) and Immigration and Customs Enforcement (ICE) that define what border agents can do with respect to searching electronic devices and, according to the lawsuit, "permit warrantless and suspicionless searches and confiscations of mobile electronic devices" because they do not require warrants.

The lawsuit makes the long-held argument that modern phones and laptops are no longer like suitcases in that they contain "a diverse array of personal, expressive, and associational information, including emails, text messages, voice mails, communications and location history, contact lists, social media postings, Internet browsing history, medical records, financial records, privileged information, videos, photos, other images, calendars, and notes."

As a result, border officials can learn far more about an individual than is reasonable for assessing whether they should enter the country: everything from their health, religion, sexual orientation, personal life and so on. Plus, the lawsuit notes, business travelers will likely possess confidential information on clients.

This is also far from the first lawsuit on the issue.

A similar lawsuit is currently heading to the Fifth Circuit Appeals Court in which the EFF again claims that a warrant should have been required when border agents at the Texas-Mexico border searched the mobile phone of Maria Isabel Molina-Isidoro. In that case, what they discovered led to them prosecuting her for attempting to smuggle methamphetamine into the US.

But the EFF claims that the agents discovered the information used to prosecute her by accessing data held not on her phone but in the cloud. This is something that the acting head of the border agency, Kevin McAleenan, has specifically assured Congress does fit into border agents' jurisdiction.

Different tack

It's fair to say that it may be hard to get public support behind a meth smuggler, so this new lawsuit aims to bring the issue into the mainstream. With a recent explosion in border searches of digital devices thanks to the strong line taken by the Trump Administration, people have become increasingly concerned about a new norm of having their devices taken away and searched based on the whims of border agents.

As an indicator of how far that concern has spread, when Apple announced new face-scanning technology in its new iPhone on Tuesday, the most frequent comment about it was the concern that the police could use the technology to unlock your phone and delve through your data.

US Customs and Homeland Security are also being sued by the Knight First Amendment Institute in an effort to force them to hand over the rules by which people have their electronic devices seized and searched at the border.

According to the institute, Homeland Security has started handing over some documents, but they remain heavily redacted and it is considering challenging the extent of those redactions.

Its executive director Jameel Jaffer told The Register: "These searches are extremely intrusive and government agents shouldn't be conducting them without cause. Investing border agents with this kind of authority invites abuse and discrimination and will inevitably have a chilling effect on the freedoms of speech and association. That chilling effect will be especially significant for racial and religious minorities and for journalists and lawyers whose work requires them to keep information confidential."

The issue of border searches has even bubbled up to Congress with the proposed Protecting Data at the Border Act, which would require border agents to get a warrant signed by a judge before going through digital devices and would introduce a four-hour time limit for detaining Americans at the border. That legislation currently sits in committee.

Examples

In this new lawsuit, the ACLU and EFF have provided examples of the impact the border search approach has had on law-abiding Americans.

Diane Maye is a college professor and retired air force officer who was detained for two hours at Miami International Airport when returning from a vacation in Europe. "I felt humiliated and violated. I worried that border officers would read my email messages and texts, and look at my photos," she said. "This was my life, and a border officer held it in the palm of his hand."

Another, NASA engineer Sidd Bikkannavar, was detained at Houston airport on the way home from holiday in Chile. A border agent demanded he tell him the password for his phone, took it away and handed it back 30 minutes later saying it had been searched using "algorithms."

No one knows what that actually means, however, thanks to the level of secrecy over what customs agents do with confiscated phones and laptops.

In one case, filmmaker Akram Shibly refused to hand over his phone at the Canadian border (his phone had been seized and searched just three days earlier on a different border crossing), and in response was put into a choke hold and had his phone pulled out of pocket. The phone was handed back an hour later. ®


Other stories you might like

  • Ransomware encrypts files, demands three good deeds to restore data
    Shut up and take ... poor kids to KFC?

    In what is either a creepy, weird spin on Robin Hood or something from a Black Mirror episode, we're told a ransomware gang is encrypting data and then forcing each victim to perform three good deeds before they can download a decryption tool.

    The so-called GoodWill ransomware group, first identified by CloudSEK's threat intel team, doesn't appear to be motivated by money. Instead, it is claimed, they require victims to do things such as donate blankets to homeless people, or take needy kids to Pizza Hut, and then document these activities on social media in photos or videos.

    "As the threat group's name suggests, the operators are allegedly interested in promoting social justice rather than conventional financial reasons," according to a CloudSEK analysis of the gang. 

    Continue reading
  • Microsoft Azure to spin up AMD MI200 GPU clusters for 'large scale' AI training
    Windows giant carries a PyTorch for chip designer and its rival Nvidia

    Microsoft Build Microsoft Azure on Thursday revealed it will use AMD's top-tier MI200 Instinct GPUs to perform “large-scale” AI training in the cloud.

    “Azure will be the first public cloud to deploy clusters of AMD's flagship MI200 GPUs for large-scale AI training,” Microsoft CTO Kevin Scott said during the company’s Build conference this week. “We've already started testing these clusters using some of our own AI workloads with great performance.”

    AMD launched its MI200-series GPUs at its Accelerated Datacenter event last fall. The GPUs are based on AMD’s CDNA2 architecture and pack 58 billion transistors and up to 128GB of high-bandwidth memory into a dual-die package.

    Continue reading
  • New York City rips out last city-owned public payphones
    Y'know, those large cellphones fixed in place that you share with everyone and have to put coins in. Y'know, those metal disks representing...

    New York City this week ripped out its last municipally-owned payphones from Times Square to make room for Wi-Fi kiosks from city infrastructure project LinkNYC.

    "NYC's last free-standing payphones were removed today; they'll be replaced with a Link, boosting accessibility and connectivity across the city," LinkNYC said via Twitter.

    Manhattan Borough President Mark Levine said, "Truly the end of an era but also, hopefully, the start of a new one with more equity in technology access!"

    Continue reading
  • Cheers ransomware hits VMware ESXi systems
    Now we can say extortionware has jumped the shark

    Another ransomware strain is targeting VMware ESXi servers, which have been the focus of extortionists and other miscreants in recent months.

    ESXi, a bare-metal hypervisor used by a broad range of organizations throughout the world, has become the target of such ransomware families as LockBit, Hive, and RansomEXX. The ubiquitous use of the technology, and the size of some companies that use it has made it an efficient way for crooks to infect large numbers of virtualized systems and connected devices and equipment, according to researchers with Trend Micro.

    "ESXi is widely used in enterprise settings for server virtualization," Trend Micro noted in a write-up this week. "It is therefore a popular target for ransomware attacks … Compromising ESXi servers has been a scheme used by some notorious cybercriminal groups because it is a means to swiftly spread the ransomware to many devices."

    Continue reading
  • Twitter founder Dorsey beats hasty retweet from the board
    As shareholders sue the social network amid Elon Musk's takeover scramble

    Twitter has officially entered the post-Dorsey age: its founder and two-time CEO's board term expired Wednesday, marking the first time the social media company hasn't had him around in some capacity.

    Jack Dorsey announced his resignation as Twitter chief exec in November 2021, and passed the baton to Parag Agrawal while remaining on the board. Now that board term has ended, and Dorsey has stepped down as expected. Agrawal has taken Dorsey's board seat; Salesforce co-CEO Bret Taylor has assumed the role of Twitter's board chair. 

    In his resignation announcement, Dorsey – who co-founded and is CEO of Block (formerly Square) – said having founders leading the companies they created can be severely limiting for an organization and can serve as a single point of failure. "I believe it's critical a company can stand on its own, free of its founder's influence or direction," Dorsey said. He didn't respond to a request for further comment today. 

    Continue reading

Biting the hand that feeds IT © 1998–2022