Shock! US border cops need 'reasonable suspicion' of a crime before searching your phone, laptop

Massachusetts judge reminds America of that little thing called the Fourth Amendment

The seizure and search of phones and laptops at the US border is unconstitutional, a judge said Tuesday in a landmark ruling.

Massachusetts district court judge Denise Casper declared [PDF] that the practice breaks the Fourth Amendment on unreasonable search, and that border agents need to have a “reasonable suspicion” of illegal activity before they can search electronic devices.

“The CBP [Customs and Border Protection] and ICE [Immigration and Customs Enforcement] policies for ‘basic’ and ‘advanced’ searches, as presently defined, violate the Fourth Amendment to the extent that the policies do not require reasonable suspicion that the devices contain contraband for both such classes of non-cursory searches and/or seizure of electronic devices,” Casper declared.

As such, she noted, “the non-cursory searches and/or seizures of Plaintiffs’ electronic devices, without such reasonable suspicion, violated the Fourth Amendment.”

Despite ruling that such searches are unconstitutional, the judge declined to issue an injunction that would require border agents to get a warrant before probing such devices or to have “probable cause” before searching a device. That means border agents will continue to be able to search devices at the border, though will have to justify doing so.

A senior lawyer at the Electronic Frontier Foundation that fought the case, Adam Schwartz, told The Register that he is confident the decision will have a real-world impact on what happens at the border.

“There are all kinds of checks if there is a requirement for reasonable suspicion,” he noted, in large part because a judge would throw out any evidence in a subsequent trial if there wasn’t found to be reasonable suspicion when a device was searched. Equally, if innocent people had their phones searched without reasonable suspicion they could file a lawsuit claiming injury.

Frontline officers can expect to have a supervisor “look over their shoulders” if they decide there is in fact a reasonable suspicion that someone has “digital contraband” on their devices.

A big win

The decision is a huge win for privacy advocates and the 11 plaintiffs that brought the case back in 2017. Ten of the plaintiffs are US citizens and one is a permanent resident. It’s not clear whether the ruling will apply to all visitors to the United States or just citizens and permanent residents, but Schwartz argues that the “logic should be” that all visitors are given equal protections.

(Bear in mind, if you show up on a visa, you can be turned away for whatever reason, realistically speaking.)

The judge addressed the point on citizens and immigrants briefly. She notes that nothing presented by the government makes the case that any “evidence would be contained on the electronic devices, particularly of plaintiffs, all US citizens and one lawful resident alien, that would prevent their admission.”

She goes on: “Even as to an alien, where CBP posits that an electronic device might contain contradictory information about his/her intentions to work in the US contrary to the limitations of a visa, there is no indication as to the frequency of same or the necessity of unfettered access to the trove of personal information on electronic devices for this purpose.”

She also repeatedly dismisses the government’s main argument in favor of being allowed to search electronic devices - the possible discovery of child abuse images. “The record of the prevalence of such digital contraband encountered at the border remains unclear."

"Given the dearth of information of the prevalence of digital contraband entering the US at the border, the Court cannot conclude that requiring a showing of some cause to search digital devices would obviate the deterrent effect of the border search exception.”

All that said, it is a virtual certainty that the case will be appealed to the Supreme Court and the judge effectively acknowledges as much in her lengthy 48-page judgment.

Quote unquote

The judgment falls down very firmly on the side of the plaintiffs in asserting that the search of electronic devices at the border is not justified under the current rules. In reaching that decision, she quotes extensively from other judgments, particularly Supreme Court judgments.

Most integral to her argument is another landmark decision (Riley) by the Supreme Court where it found, unanimously, that the warrantless search and seizure of digital contents of a mobile phone during an arrest is unconstitutional.

Among the many arguments taken from that Riley decision, Judge Casper that it “rejected the notion that searches of electronic devices are comparable to searches of physical items or persons” - a key argument put forward by the government in this case.

As the Supreme Court noted in that case: “Modern cell phones, as a category, implicate privacy concerns far beyond those implicated by the search of a cigarette pack, a wallet, or a purse.”

The judgment extensively picks apart the government’s defense and even throws out a recent change made by the CBP over how it does searches. Thanks in large part to this case, the CBP in January 2018 created two different categories of searches - basic and advanced - in an effort to retain its ability to search any electronic device at its agents’ discretion.

A “basic” search would not require anything more than an agent’s say-so, whereas an “advanced” search, using forensic software, required an additional level of authorization. But the judge refused to accept the distinction and declared that there were effectively the same thing, with both searches breaking the Fourth Amendment.

“Even a basic search alone may reveal a wealth of personal information,” she notes. “Such information can be accessed during not just the forensic searches under the CBP and ICE policies, but also under a basic search.”

Border law

At the same time, the judge goes to some length to reflect other decisions by the Supreme Court highlighted by the government in its case that the border represents a unique place legally. However, she repeatedly makes the same argument: that the government has to balance what is reasonable when it comes to people’s privacy with the risk of damage to national interests.

When it comes to searching people’s phones and laptops, she notes that “there are a number of reasons and ‘a convincing case for categorizing forensic searches of digital devices as nonroutine’: the ‘scale’ and ‘sheer quantity’ of personal information they contain, the ‘uniquely sensitive nature of that information,’ and the portable nature of same such that it is neither ‘realistic nor reasonable to expect the average traveler to leave his digital devices at home when traveling’”.

US Border Patrol logo

Harvard freshman kicked out of US over OTHER people's posts on his social media


In other words, our phones contains so much highly personal and confidential information that any search should be considered highly significant.

In the judgement, the broad range of plaintiffs is used to show the breadth and depth of that information: a journalist’s notes and sources in one; a client-attorney conversations in another; personal pictures offending religious rights in another; business secrets in a fifth; and so on.

The judge stopped short of saying that border agents needed to get a warrant, and she also refused to order the deletion (expungement) of the material that the CBP and ICE have already gathered, although she did note that the plaintiffs have standing to push that point further in the legal process.

In not pushing those issues, and in largely steering clear of First Amendment arguments, it appears clear that the judge was determined to allow the fundamental decision that searches of electronic devices at the border break the Fourth Amendment stand until the case reaches the Supreme Court - something that it is almost certainly destined to do.

In short: another privacy win for the digital era, but a small win in a much larger war that still isn't settled. ®

Other stories you might like

  • Lonestar plans to put datacenters in the Moon's lava tubes
    How? Founder tells The Register 'Robots… lots of robots'

    Imagine a future where racks of computer servers hum quietly in darkness below the surface of the Moon.

    Here is where some of the most important data is stored, to be left untouched for as long as can be. The idea sounds like something from science-fiction, but one startup that recently emerged from stealth is trying to turn it into a reality. Lonestar Data Holdings has a unique mission unlike any other cloud provider: to build datacenters on the Moon backing up the world's data.

    "It's inconceivable to me that we are keeping our most precious assets, our knowledge and our data, on Earth, where we're setting off bombs and burning things," Christopher Stott, founder and CEO of Lonestar, told The Register. "We need to put our assets in place off our planet, where we can keep it safe."

    Continue reading
  • Conti: Russian-backed rulers of Costa Rican hacktocracy?
    Also, Chinese IT admin jailed for deleting database, and the NSA promises no more backdoors

    In brief The notorious Russian-aligned Conti ransomware gang has upped the ante in its attack against Costa Rica, threatening to overthrow the government if it doesn't pay a $20 million ransom. 

    Costa Rican president Rodrigo Chaves said that the country is effectively at war with the gang, who in April infiltrated the government's computer systems, gaining a foothold in 27 agencies at various government levels. The US State Department has offered a $15 million reward leading to the capture of Conti's leaders, who it said have made more than $150 million from 1,000+ victims.

    Conti claimed this week that it has insiders in the Costa Rican government, the AP reported, warning that "We are determined to overthrow the government by means of a cyber attack, we have already shown you all the strength and power, you have introduced an emergency." 

    Continue reading
  • China-linked Twisted Panda caught spying on Russian defense R&D
    Because Beijing isn't above covert ops to accomplish its five-year goals

    Chinese cyberspies targeted two Russian defense institutes and possibly another research facility in Belarus, according to Check Point Research.

    The new campaign, dubbed Twisted Panda, is part of a larger, state-sponsored espionage operation that has been ongoing for several months, if not nearly a year, according to the security shop.

    In a technical analysis, the researchers detail the various malicious stages and payloads of the campaign that used sanctions-related phishing emails to attack Russian entities, which are part of the state-owned defense conglomerate Rostec Corporation.

    Continue reading
  • FTC signals crackdown on ed-tech harvesting kid's data
    Trade watchdog, and President, reminds that COPPA can ban ya

    The US Federal Trade Commission on Thursday said it intends to take action against educational technology companies that unlawfully collect data from children using online educational services.

    In a policy statement, the agency said, "Children should not have to needlessly hand over their data and forfeit their privacy in order to do their schoolwork or participate in remote learning, especially given the wide and increasing adoption of ed tech tools."

    The agency says it will scrutinize educational service providers to ensure that they are meeting their legal obligations under COPPA, the Children's Online Privacy Protection Act.

    Continue reading
  • Mysterious firm seeks to buy majority stake in Arm China
    Chinese joint venture's ousted CEO tries to hang on - who will get control?

    The saga surrounding Arm's joint venture in China just took another intriguing turn: a mysterious firm named Lotcap Group claims it has signed a letter of intent to buy a 51 percent stake in Arm China from existing investors in the country.

    In a Chinese-language press release posted Wednesday, Lotcap said it has formed a subsidiary, Lotcap Fund, to buy a majority stake in the joint venture. However, reporting by one newspaper suggested that the investment firm still needs the approval of one significant investor to gain 51 percent control of Arm China.

    The development comes a couple of weeks after Arm China said that its former CEO, Allen Wu, was refusing once again to step down from his position, despite the company's board voting in late April to replace Wu with two co-chief executives. SoftBank Group, which owns 49 percent of the Chinese venture, has been trying to unentangle Arm China from Wu as the Japanese tech investment giant plans for an initial public offering of the British parent company.

    Continue reading
  • SmartNICs power the cloud, are enterprise datacenters next?
    High pricing, lack of software make smartNICs a tough sell, despite offload potential

    SmartNICs have the potential to accelerate enterprise workloads, but don't expect to see them bring hyperscale-class efficiency to most datacenters anytime soon, ZK Research's Zeus Kerravala told The Register.

    SmartNICs are widely deployed in cloud and hyperscale datacenters as a means to offload input/output (I/O) intensive network, security, and storage operations from the CPU, freeing it up to run revenue generating tenant workloads. Some more advanced chips even offload the hypervisor to further separate the infrastructure management layer from the rest of the server.

    Despite relative success in the cloud and a flurry of innovation from the still-limited vendor SmartNIC ecosystem, including Mellanox (Nvidia), Intel, Marvell, and Xilinx (AMD), Kerravala argues that the use cases for enterprise datacenters are unlikely to resemble those of the major hyperscalers, at least in the near term.

    Continue reading

Biting the hand that feeds IT © 1998–2022