US border cops harvest info from citizens' phones, build massive database

Texts, contacts, call logs, photos, and more centrally stored for years without a warrant in sight

US Customs and Border Protection (CBP) "routinely conducts warrantless searches of Americans' devices," downloading from up to 10,000 phones a year texts, photos, call logs, and more into a central database where it's stored for 15 years and searchable by some 2,700 federal employees.

This, according to US Senator Ron Wyden (D-OR), who on Thursday sent a letter [PDF] to the federal agency urging it to end this practice, which he called an "egregious violation of Americans' rights." 

While the US Supreme Court requires law enforcement to show probable cause before obtaining a search warrant for someone's electronic devices, CBP abuses the so-called border-search exception to the Fourth Amendment to search phones and laptops without suspecting the traveler of committing a crime, Wyden said.

This type of "basic search" allows border patrol agents to view people's text messages and photos as they travel into the United States.

If the agent has "reasonable suspicion" that someone has broken the law or poses a "national security concern," then, with a supervisor's approval, the border cop can escalate to an advanced search: downloading, if possible, data from the device into this sizable database that Department of Homeland Security staff can search.

According to the Beaver State senator, CBP doesn't keep records on the number of basic versus advanced searches, how many times its agents download data into its central database, nor how frequently Homeland Security searches this database.

Wyden's letter cited a June briefing with CBP during which federal employees estimated saving data — including instant chat conversations, call logs, contact lists, pictures, and other sensitive data — from "less than 10,000" phones every year. 

"CBP officials also revealed that government personnel querying the data are not promoted to record the purpose of the search, even though auditable records of this sort are an important safeguard against abuse," he wrote. 

Additionally, CBP reportedly pressures individuals into unlocking their devices for inspection, threatening fines of up to $1,000, legal action, and even threatening to deny entry to Americans who refuse to hand over their passwords, we're told.

These appear to be scare tactics: CBP told Wyden that the agency has never even attempted to levy a fine against a traveler for refusing to unlock a phone, and it can't legally deny an American citizen entry on that basis.

Foreign travelers entering the United States can also be subject to these searches, we note, and may be turned away by agents for non-cooperation or other reasons.

"Innocent Americans should not be tricked into unlocking their phones and laptops," Wyden wrote. "CBP should not dump data obtained through thousands of warrantless phone searches into a central database, retain the data for 15 years, and allow thousands of DHS employees to search through Americans' personal data whenever they want."

Wyden has also introduced a bill, the Protecting Data at the Border Act, that would end warrantless device searches at the border.

Here comes the cavalry

The Electronic Privacy Information Center (EPIC) and other privacy advocates have previously called on CBP to end this practice.

EPIC, for its part, filed court documents [PDF] in 2020 supporting a lawsuit that aimed to prohibit these types of warrantless border searches of phones.

"Today's cell phones and other electronic devices are filled with countless amounts of personal data — often more than what is contained in our homes," EPIC senior counsel Jeramie Scott told The Register. "This makes CBP's retention of data from tens of thousands of electronic devices through warrantless border searches an extremely invasive surveillance program that should be stopped immediately."

Plus, he added, the associated security and privacy risks are amplified because the agency retains all of this data in a searchable database for 15 years.

"It is well past time that a warrant requirement apply to searches of electronic devices at the border," Scott said.

It is well past time that a warrant requirement apply to searches of electronic devices at the border

The Center for Democracy and Technology's Jake Laperruque, who is deputy director of CDT's Security and Surveillance Project, called the warrantless border searches "incredibly disturbing."

The Fourth Amendment exception aims to stop criminals from smuggling contraband across borders — not allow federal agencies to stockpile huge amounts of personal data, he added.

"There's no way to justify using that exception to search electronic devices," Laperruque told The Register.

"CBP isn't searching phones because they think they'll find drugs or weapons inside your Gmail app, they're doing it to exploit a loophole and stockpile private data."

Last year, the ACLU and EFF petitioned the Supreme Court to hear a case about the legality of warrantless digital device searches. 

"I expect when it reaches the Supreme Court this practice will be struck down," Laperruque said. "But until then it's incredibly harmful for Americans' privacy."

Wyden's letter comes as other US lawmakers and watchdogs attempt to shine lights onto government and private corporations' surveillance and data privacy practices.

Much of the country's new-found attention on both stems from the Supreme Court's recent decision to overturn Roe. v. Wade, which triggered laws that made abortion illegal in more than a dozen states. It also made a larger percentage of the populace more aware that the vast amount of digital data organizations collect on private individuals — everything from search and map queries to doorbell camera videos, private chats and even health records – can be used to build a criminal case against an individual.

Also this week, 30 Democratic senators called on [PDF] the Biden administration to boost federal healthcare laws and restrict providers from sharing patients' reproductive health information without their explicit consent — especially with cops or in abortion-related legal proceedings.

And last week the US Federal Trade Commission held a hearing on commercial surveillance as it considers imposing stricter privacy rules on corporations to deter unwelcome online monitoring and shoddy data security. ® 

Similar topics


Other stories you might like

Biting the hand that feeds IT © 1998–2022