Public Pressure Mounts Against Invasive Border Searches

Random, invasive laptop searches and other digital privacy violations at the U.S. border are facing increasing pressure from the public and Congress. One of the big complaints EFF and others have had is the lack of information and accountability about the intrusive examination of computer files, cell phone directories, and other private information -- and the indiscriminate copying of that data -- as Americans come back home from overseas.

The good news is that the government has finally made public its policy guidelines for digital searches and data seizures at U.S. borders. The bad news is that it is claiming expansive powers to randomly search your laptop, decrypt and translate any information on the machine, and even seize the device for an "off-site" search. As news coverage of the guidelines have pointed out, there is no limit to how long the government can keep your computer, iPod, camera, or any other digital device, leaving travelers just about helpless to protect their personal property and private information from the whims of a border agent.

EFF has long been involved in the battle against these random and intrusive searches, and has called on Congress to crack down on the government's claim of blanket search and seizure power of your electronic devices and the data inside. Congresswoman Zoe Lofgren has decided to take action, introducing a bill to curb the baseless searches. (Update: Reps. Ron Paul and Eliot Engle have also introduced a border search bill). In the meantime, EFF is working to uncover more information about the border search program with a Freedom of Information Act suit filed with the Asian Law Caucus.

The government is working hard as well. The Transportation Security Administration recently announced that its Secure Flight program should start operating before the end of the year. Secure Flight will allow the government to collect the passenger records you are obliged to hand over to airlines when you travel, and then connect that personal data with other government databases. But as EFF pointed out in comments to the Department of Homeland Security last year, individuals will be prevented from discovering what data is kept on them, lack the ability to correct that data, and lack the right to judicial review to force data to be corrected. Check out our Travel Screening resources for more.

[Permalink]

Congress Must Investigate Privacy Violations at U.S. Borders

This morning, EFF Senior Staff Attorney Lee Tien testified in a Senate hearing on laptop searches and other privacy violations faced by Americans at the U.S. border. Lee's testimony [PDF] outlined the dangers of random and invasive searches of travelers' digital devices, and urged more congressional investigation and oversight.

Today's hearing comes as Americans are increasingly complaining about how the Department of Homeland Security searches laptops, cell phones, and other digital devices as they come home from overseas travel. Agents often confiscate the devices, copy the contents, and sometimes even provide a copy of the data to the Department of Justice -- even when the traveler is not suspected of criminal activity.

EFF is deeply concerned about this blanket search and seizure power. We've participated as amicus in US v. Arnold, an important case concerning suspicionless searches at the border. We've also teamed up with other privacy and professional associations to ask lawmakers for answers, and we've sued DHS for refusing to make their policies public.

If you are concerned about your privacy at the border, you can read up on our tips to protect yourself. But without better polices at the border, there are no guarantees. The unique nature of electronic information stored on computers and other portable devices requires search standards that protect the privacy of Americans in the Information Age, and we hope that Congress soon starts work on this important issue.

[Permalink]

EFF Answers Your Questions About Border Searches

Readers of my deeplink on safeguarding your laptop and digital devices from warrantless searches at the border responded with both questions and answers. Some readers wondered whether you have an obligation not to destroy information on your laptop. Others pointed out that U.S. citizens may be detained, but not turned away, at the U.S. border. Many technologists wrote to offer cryptographic solutions, or warnings about encryption schemes that are not as secure as they should be. In this post, I answer the question about destruction of information and reproduce or summarize, with permission, others' suggestions about protecting your laptop from arbitrary searches. I haven't done any independent analysis of these techniques or tools, so your mileage may vary.

• Duty to delete? A complete discussion of the federal law of destruction of evidence, and of state law on the topic, is beyond the scope of this post (see here for a textbook on the subject). However, individuals who are not anticipating being sued and who do not know they are under criminal investigation generally have no obligation to preserve information on their laptops. If you have notice of an impending civil suit or government investigation, then you are obligated to preserve relevant material. Failure to preserve evidence for a civil suit can result in any of the potential sanctions for discovery violations, including fines and adverse jury instructions. Under federal criminal law, knowing destruction of evidence relevant to a pending judicial proceeding or administrative investigation can be punished with up to twenty years in prison. Further, destroying evidence in furtherance of an illegal scheme may also be aiding and abetting, or conspiracy.

  In sum, international travelers trying only to protect privileged information, trade secrets or private communications or photos, have no obligation under federal law to preserve these documents on a laptop so that they may be reviewed by border guards.

• Secure passwords: As for techniques to protect yourself and your privacy, security expert Bruce Schneier offers a guide to securing passwords against an offline password-guessing attack.
• Whit Diffie's advice to Mac users: Don't allow passphrases for encrypted disk files to be saved on your keychain.

  Crypto pioneer Whitfield Diffie observes that while the Mac Disk Utility encryption offers perfectly fine AES128 encryption, you must opt out to avoid having the key you give stored on you keychain, i.e., encrypted in your login password. Since login passwords are rarely more than a few characters long the effect is render your encrypted file vulnerable to a forensic study of the disk. Once a key has been written on the disk, you have to scrub the whole disk very carefully before you can be sure it is gone.

• Gone but not forgotten: EFF co-founder John Gilmore warns that merely deleting files will not remove them from your hard drive. You must overwrite the file contents. Macs have a "Secure Erase Trash" and Linux machines have "shred -u", that also overwrites the file contents and the file names before removal. A variety of Windows secure wipe utilities are available online.

  John adds that secure erasure doesn't work on flash drives (which have an extra layer of data allocation software to do "wear leveling" so that lots of writing to particular parts of the chip don't wear out that part prematurely). There are technical ways to physically erase some parts of some flash drives, but I don't know any file systems that can actually do it.

• Power off before the border: Shut your machine down totally before taking it through customs, ideally many minutes in advance so that the RAM storage insecurity discovered by EFF, Princeton University and other researchers cannot be used to get your disk encryption keys.
• Eight steps to secure data: Chris Soghoian, a graduate student at the School of Informatics at Indiana University, offers his "Guide to Safe International Data Transport." (Disclosure: I represented Chris pro-bono in connection with his boarding pass generator in 2006 and 2007.)
• Truecrypt: Finally, many people wrote in about Truecrypt and its provision of "plausable deniability." A user can have an encrypted partition (which can be hidden as any file on your hard drive) and within that partition hide another partition. One password will reveal one partition and another separate password will reveal the other. Because of the way Truecrypt encrypts the partition table itself, an observer cannot detect a hidden partition even if she has access to the "regular" encrypted share. This gives a traveler something to decrypt if a Customs official asks, while keeping the rest of your information secure. Remember, however, that lying to a federal law enforcement officer about material facts is a crime, so if you choose to answer a question about whether there are additional encrypted partitions, you are obligated to answer truthfully.

I hope these pragmatic tips help people keep their data secure from arbitrary searches at the border.

For more information on digital border searches, view our open letter to Congress or visit EFF's Action Center.

[Permalink]

Protecting Yourself From Suspicionless Searches While Traveling

The Ninth Circuit's recent ruling (pdf) in United States v. Arnold allows border patrol agents to search your laptop or other digital device without limitation when you are entering the country. EFF and many civil liberties, travelers’ rights, immigration advocacy and professional organizations are concerned that unfettered laptop searches endanger trade secrets, attorney-client communications, and other private information. These groups have signed a letter asking Congress to hold hearings to find out what protocol, if any, Customs and Border Protection (CBP) follows in searching digital devices and copying, storing and using travelers’ data. The letter also asks Congress to pass legislation protecting travelers’ laptops and smart phones from unlimited government scrutiny.

If privacy at the border is important to you, contact Congress now and ask them to take action!

In the meantime, how can international travelers protect themselves at the U.S. border, short of leaving their laptops and iPhones at home?

Many travelers practice security through obscurity. They simply hope that no border agent will rummage through their private data. Too many people enter the country each day for agents to thoroughly search every device that crosses the border, and there is too much information stored on most devices for agents to find the most revealing and confidential tidbits. But for travelers who may be targeted based on their celebrity, race or other distinguishing factor, obscurity is not an option. As last week's news that Microsoft is giving away forensic tools that can quickly search an entire hard drive on a USB “thumb drive” shows, it won't be long before customs agents can efficiently perform a thorough search on every machine. So long as there are no protocols or oversight for these searches, every traveler's personal information is at risk.

Encryption is one (imperfect) answer.

If you encrypt your hard drive with strong crypto, it will be prohibitively expensive for CBP to access your confidential information. This answer is imperfect for two reasons—one is practical, the other is technological.

[Read the entire post]

No Cause Needed to Search Laptops at the Border

On April 21st, the Ninth Circuit held in United States v. Arnold that the Fourth Amendment does not require government agents to have reasonable suspicion before searching laptops or other digital devices at the border, including international airports. Customs and Border Patrol are likely to use the opinion to argue that almost every property search at the border is constitutionally acceptable.

EFF filed an amicus brief in the case, arguing that laptop searches are so revealing and invasive that the Fourth Amendment requires agents to have some reasonable suspicion to justify the intrusion. Not only are laptops capable of storing vast amounts of information, the information tends to be of the most personal sort, including letters, finances, diaries, photos, and web surfing histories. Prior border search cases distinguished between "routine" suspicionless searches and invasive "non-routine" searches that require reasonable suspicion. Our amicus brief and the lower court opinion relied on these cases to say that the government must also have some cause to search laptops. The Ninth Circuit panel rejected our argument that the privacy invasion resulting from searching computers is qualitatively different from, and requires higher suspicion than, searching luggage or other physical items.

The opinion is almost certainly wrong to classify laptop searches as no different from other property searches. Fourth Amendment law constrains police from conducting arbitrary searches, implements respect for social privacy norms, and seeks to maintain traditional privacy rights in the face of technological changes. This Arnold opinion fails to protect travelers in these traditional Fourth Amendment ways.

The defendant has time to petition the Ninth Circuit to rehear the case en banc, and the Court might agree to do so. The panel included a District Court judge sitting by designation. Additionally, the opinion sets up Arnold's reliance on cases protecting highly private areas like the home from suspicionless searches as a straw man and then knocks the argument down by pointing out "the simple fact that one cannot live in a laptop". This strained and strange argument suggests that Arnold is not the last word on border searches of laptops. In the meantime, travelers carrying their corporation's trade secrets, personal emails, or health and financial information are at risk of arbitrary and capricious fishing expeditions at the border.

[Permalink]

Privacy Office Slams Secure Flight Testing, But Doesn't Call It Illegal

According to a report released today by the Department of Homeland Security Privacy Office, the Transportation Security Administration publicly misrepresented how it handled commercial data while testing the controversial Secure Flight program. "As ultimately implemented, the commercial data test conducted in connection with the Secure Flight program testing did not match TSA's public announcements," the Privacy Office said.

The Privacy Act of 1974 requires an agency to give public notice when it establishes or changes a system of records. The Privacy Office stopped short of explicitly saying that TSA violated the law during the testing, though did note, "However well-meaning, material changes in a federal program's design that have an impact on the collection, use, and maintenance of personally identifiable information of American citizens are required to be announced in Privacy Act system notices and privacy impact assessments."

[Read the entire post]

Chertoff Shocked(!) at Privacy Uproar Over "Targeting" System

In a fascinating article by Shane Harris in the National Journal, Homeland Security Secretary Michael Chertoff professes great surprise at the public uproar over the Automated Targeting System (ATS). He claims that he has discussed the "collection" and "analysis" of personal data -- including airline Passenger Name Records (PNR) -- "incessantly." The Secretary says that critics of the system -- which assigns "risk assessment" scores to all travelers, including U.S. citizens, and retains them for 40 years -- just haven't been paying attention:

"Yeah, they missed about 100 speeches that I gave," an exasperated Chertoff told National Journal on December 5. "I've talked about... PNR data and biographic data and using it to analyze and connect the dots about people before they come into the country; I have to have given at least 20 speeches about it."

Well, many of us have paid attention, and despite our best efforts, we've been unable to learn much about Homeland Security's collection and use of personal data.

Read on for more after the jump.

[Read the entire post]

DHS "Targeting" Program Attracts Scrutiny -- Comment Period Still Open!

The Department of Homeland Security's attempt to quietly assign "risk assessment" scores to tens of milions of law-abiding American citizens (not to mention foreign nationals) may be approaching a roadblock. According to an Associated Press article:

Incoming Senate Judiciary Chairman Sen. Patrick Leahy of Vermont pledged greater scrutiny of such government database-mining projects after reading that during the past four years millions of Americans have been evaluated without their knowledge to assess the risks that they are terrorists or criminals.

"Data banks like this are overdue for oversight," said Leahy, who will take over Judiciary in January. "That is going to change in the new Congress."

EFF sounded the alarm on the Automated Targeting System last week, in a press release and formal comments submitted to DHS. The system has now drawn strong criticism from a number of quarters, including the ACLU and the Business Travel Coalition.

Comments can still be submitted to DHS until midnight ET on December 4 at www.regulations.gov. To submit comments, you must enter the appropriate "keyword or ID," which is DHS-2006-0060-0001 (no, they don't make this easy).

[Permalink]

Guardian on the Consequences of Secure Flight and Other Security Theatre

In a recent article, the Guardian covers the many privacy-invasive initiatives being implemented as part of airport security screening. The journey starts with a seemingly innocous event -- finding another traveler's ticket stub:

"If the expert was right, this stub would enable me to access Broer's personal information, including his passport number, date of birth and nationality. It would provide the building blocks for stealing his identity, ruining his future travel plans - and even allow me to fake his passport.

"It would also serve as the perfect tool for demonstrating the chaotic collection, storage and security of personal information gathered as a result of America's near-fanatical desire to collect data on travellers flying to the US - and raise serious questions about the sort of problems we can expect when ID cards are introduced in 2008."

[Permalink]

TSA Grounds Secure Flight Program... For Now

Citing data security concerns, the TSA on Thursday informed a Senate committee that its controversial Secure Flight program would be delayed indefinitely. In written testimony, the Government Accountability Office also noted that Secure Flight "may not be adequately protected against unauthorized access and use or disruption."

The Secure Flight Program, billed as an improvement to the current Computer Assisted Passenger Pre-Screening (CAPPS), has raised enormous privacy and security concerns from the start. Unlike CAPPS, in which airline employees compare passenger information against a government-supplied no-fly list, the Secure Flight program envisions placing that responsibility squarely in the hands of government officials. Since the program was announced, the TSA has been caught repeatedly lying to Congress about its use of information provided by commercial data brokers.

In September, EFF launched an effort to uncover the scope of the TSA's use of commercial data, assisting travelers who flew during a "test period" identified by the TSA to request information from the agency under the Freedom of Information Act. EFF continues to review the results of that investigation.

[Permalink]