Feds Say They Can Search Bradley Manning's Friend's Laptop Because They Can

from the leave-us-alone dept

Back in May, we noted that Homeland Security’s ICE group had taken David House’s laptop and had kept it for 49 days because he’s friends with Bradley Manning, who is accused of leaking the State Department cables to Wikileaks. House was traveling back to the US from a vacation in Mexico and Homeland Security has long held that it can take your laptops at the border for any reason whatsoever. House (with the help of the ACLU) sued the government over this. Not surprisingly, the Justice Department is defending the actions of ICE, basically using the “we did it because we can, so shut up” argument.

There is no basis for the Court to conclude that searches of laptops or other electronic devices at the border should be subjected to a different standard than that for other closed containers. Nor is there a basis for the Court to conclude that Plaintiff?s First Amendment rights were violated by the routine search and detention of his devices at the border.

This is, at best, disingenuous and, at worst, dishonest. There is a tremendous “basis” for a court to conclude that searches of electronic devices differ than searches of a closed container. That’s because, as we’ve discussed at length before, what’s in your laptop and what’s in a container at the border are entirely different:

  • You mostly store everything on your laptop. So, unlike a suitcase that you’re bringing with you, it’s the opposite. You might specifically choose what to exclude, but you don’t really choose what to include. With a suitcase, you specifically choose what to include.
  • The reason you bring the contents on your laptop over the border is because you’re bringing your laptop over the border. If you wanted the content of your laptop to go over the border you’d just send it using the internet. There are no “border guards” on the internet itself, so content flows mostly freely across international boundaries. Thus if anyone wants to get certain content into a country via the internet, they’re not doing it by entering that country through border control.

More to the point: the reason why ICE is supposed to be stationed at the border is to stop those who should not be in the country and to prevent items that should not be in the country from getting it. It is abundantly clear that taking House’s laptop furthered neither of those goals, but instead it was done solely in an attempt to further an unrelated legal claim by the government (the case against Manning). It seems crazy to me that the courts do not seem to take into consideration the purpose of a border search in determining whether or not they are appropriate. This border search had nothing to do with the border and everything to do with the feds using a questionable opportunity to seize data that it could not otherwise get access to via legal means. If House’s laptop were really crucial to the case, then the Justice Department should have gotten a warrant to view it, rather than use this loophole at the border. The fact that they did not get a warrant shows pretty clearly that they knew outside of the border situation, they had no right to look at the contents of House’s hard drive.

On a separate note, the reason given for having to keep House’s laptop for so long? Because the laptop ran both Linux and Windows and the tech geniuses at Homeland Security had trouble understanding how to deal with that.

Filed Under: , , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Feds Say They Can Search Bradley Manning's Friend's Laptop Because They Can”

Subscribe: RSS Leave a comment
81 Comments
Ima Fish (profile) says:

There is no basis for the Court to conclude that searches of laptops or other electronic devices at the border should be subjected to a different standard than that for other closed containers.

When the feds search a closed container. They open it up, search it, and then immediately give it back.

When the feds search a laptop or other electronic device, they send it to a computer foresnic division and they search it for months.

That’s a huge fricken difference, nimrods!

el_segfaulto (profile) says:

Re: Re:

From my experience (and as always your own mileage may vary) most of the forensic techs at local police departments and FBI field offices have enough technical knowledge to slap in a preconfigured CD and run a suite of software. They have no idea what’s going on in the backend. I was asked once to figure out why their proprietary scanner wouldn’t read a particular partition, turns out the owner had used EXT3 combined with a Windows driver to act as a shared drive between his two systems. The fact that they were stumped by the fact that it was neither FAT nor NTFS was a real eye-opener.

That isn’t to say that the real guys at the main offices and research labs don’t know their stuff…they do. It’s just that data forensics is not exactly an entry level job and most of these guys only get a week of training and don’t bother to keep up with the state-of-the-art. Not to mention the fact that often, they’re handling a ton of other projects.

HothMonster says:

Re: Re: Re:

“That isn’t to say that the real guys at the main offices and research labs don’t know their stuff…they do.”

Unfortunately they have to spend all their time refining the “preconfigured CD, suite of software and manuals” for the chumps instead of doing any actual investigating

G Thompson (profile) says:

Re: Re: Re:

They would be using a windows based product on USB that is very similar to, if not actually the one used (Gawd I hope not) called COFEE (Computer Online Forensic Evidence Extractor) by Micro$oft. What’s COFEE like? Well from a Professional viewpoint as an actual Digital Forensic Consultant myself, I won’t talk ill of products that bear little resemblence to actual Forensic Evidence investigation tools. [Mike did an article on it a while back]

Either SIFT by SANS Institute, or “Sleuth Kit”, both GPL and *nix based are so much better and wonders of wonders work on Windows, and Linux/Unix based Systems since they are booted from the USB/CD itself.

Booting up a Laptop by its own O/S is NOT forensically Sound practice since it is guaranteed to corrupt & change evidence.

Does anyone know of any cases from ICE/DHS seizing laptops, then using whatever so called ‘evidence’ found in a criminal (or civil) case that has gone to conclusion? I had a quick look and could not find any.

James Plotkin (user link) says:

“In Re: shut up hippie liberals.”

Seriously…To say with a straight face that a person’s laptop is the same as a suitcase as far as searchability is just ridiculous.

I agree hat a balance must be struck between the legitimate rights of individuals and the ability of law enforcement to do their jobs. Still…8 weeks of detention is simply ridiculous and in my mind, doesn’t represent a fair limitation on peoples rights for the benefit gained by law enforcement…

Anonymous Coward says:

I also noted their "technical difficulties" with a dual-boot system

But I’m split on whether or not that’s the truth.

Surely an forensic analyst worthy of the job title knows enough to boot House’s laptop from external media and copy the hard drive (byte-for-byte) onto analysis media. They should also know how to perform differential comparison against a stock install of the operating system(s) involved in order to determine what’s installed, where, how, etc. before then moving on to data (documents, email, bookmarks, web browser cache, IM logs, etc.). None of this is hard — just tedious. (Although automated tools do help quite a bit.)

So are they really so miserably incompetent? Well, maybe. They’re certainly incompetent at lots of other related things (see GAO report referenced in TechDirt article earlier today).

Or…

Was House clever enough to encrypt files of interest or perhaps an entire disk/disk partition with something like TrueCrypt? And is the delay therefore not for the reasons stated but because they’ve been busy trying to break the encryption and haven’t managed to do so? (Note in passing: this wouldn’t stop them from copying the drive(s), though; they’d just end up with copies of the encrypted material.)

So I don’t know. I was inclined at first to just chalk it up to incompetence, but after considering just whose laptop this is and why they wanted to get it, I have difficulty imagining that House left anything interesting unencrypted. And I’ll bet the feds really really really want whatever’s in there.

I hope he left them a nice cache of midget clown goat porn.

Anonymous Coward says:

Re: Re: I also noted their "technical difficulties" with a dual-boot system

In re “deleted files”: I have to presume that someone of House’s abilities is aware of common techniques for not only overwriting deleted files, but modifying the directories they used to be in so that little, if any, evidence that they ever existed remains.

Incidentally, Linux systems support a large number of different filesystems, some of which are intended for use with Linux, some of which are intended to provide cross-platform capability. I’d like to think (but maybe I’m overestimating their ability) that they’d be able to read any of the contemporary ones listed here: http://en.wikipedia.org/wiki/List_of_file_systems

aldestrawk says:

Re: I also noted their "technical difficulties" with a dual-boot system

I may get into trouble saying this, but once a forensic analyst copies the hard drive they can give the computer back. Copying the hard drive should nearly always be the very first step. If the computer is turned off when law enforcement obtains custody, making a copy should always be the first step. Since a copy is made at a very low level without booting the target system, there is no consideration, at this step, of how the drive is formatted or how many different file systems there are. Why do they keep your computer for extended periods? The short answer is vindictive extrajudicial punishment.

Anonymous Coward says:

Re: Re: Re: I also noted their "technical difficulties" with a dual-boot system

… a multi-terabyte hard drive could take several hours or more depending on the hardware.

Once the government has your hardware alone in their hot little hands for more than a few hours, then you’ve got to assume it’s as compromised as a voting machine.

Voting machines are a very hard problem. At least with a laptop, you can just get a new one from some random store.

G Thompson (profile) says:

Re: Re: I also noted their "technical difficulties" with a dual-boot system

absoultely a forensically verified mirror image of a drive is the minimum that you do on any investigation. You then verify the hash values (MD5 at a bare minimum, SHA is industry norm) In fact you normally perform two mirror images so that you always have one as pure form,,. just in case you breach the fundamental rule of forensics. DO NOT CHANGE DATA!

Though if there is reasonable suspicion under the warrant that there is something to be found on the image you are analysing/investigating then the original evidence, ie: the physical laptop in this case, is kept in evidence under the chain of custody procedures. Mainly this is so if it goes to court you can show the actual physical item (so much easier for judges and juries to look at ;P ) and also that the other party has the oppurtunity to get their OWN independent analysis on the same item without trusting the mirror image the prosecution (in this case) took.

PrometheeFeu (profile) says:

Re: I also noted their "technical difficulties" with a dual-boot system

Yes. I’ve met several forensic court experts and the first step is to take the hard-drive out, setup a write block and dd the whole disk to an image. Then you backup the image and start working on the image itself. At that point, the hardware becomes useless.

Another way to put this is that ICE is practicing being childish. The drive is probably encrypted and they most likely are just doing that to be vindictive. Quite honestly, I just don’t see any good reason for ICE to even exist.

Prisoner 201 says:

Re: Re: SOP

And when a newer model comes along, you just wipe the old one (choose between “unfortuate accident” or “standard procedure”) and give it back to the guy you took it from.

“Here you go, we are done investigating your suitcase-like device now. I know it took a while but Apple can be damn slow… I mean these investigations do take time. Thank you for your cooperation.”

Anonymous Coward says:

When you bring something across the border, it is pretty much fair game. There is no presumption of legality in anything being imported into the US, rather it is a process of “check and allow”, not “assume it’s all good”.

If for any reasons that border guards suspect that you are carrying something illegal with you, they have the rights to detain you, they have the rights to seize the item(s) in question, and they have the rights in investigate.

When you bring a laptop over the border, you are presenting yourself at the border with the laptop and all that is on it. It is pretty much on par with showing up with boxes and boxes of paper with all of the same information printing. The border guards have the right to inspect every piece of paper you are bringing over the border, so why would they not have the right to check your laptop?

It is, at best, disingenuous and, at worst, dishonest to suggest that the border guards do not have the right to inspect anything and everything coming into the country. Oh yes, btw, they can (and do) check cell phones as well.

Anonymous Coward says:

Re: Re:

“If for any reasons that border guards suspect that you are carrying something illegal with you, they have the rights to detain you, they have the rights to seize the item(s) in question, and they have the rights in investigate.”

Ah, there’s the BIG IF. IF they suspect anything, they can do the searches and the detentions. They can’t just go around and bother every citizen with idiotic searches, and there should be BIG penalties for doing so.

Last I checked, the US is a democracy, and you don’t treat your citizens as criminals in a democracy. Or maybe it’s time to admit that it isn’t so anymore?

Anonymous Coward says:

Re: Re: Re:

You guys crack me up. Yes, the US is a democracy, but NO, you don’t automatically have the right to cross the border with anything you please without inspection.

US customs is one of those areas where your rights are fairly limited because until you clear customs, you are not “landed” in the US. This is particularly true of any goods of chattel that you happen to have with you. Until inspected, the border agency has the right to refuse it entry.

The “if” is very, very, very small. The if can be your shifty demeanour, lack of a good response to a question, or even admitting to dealing with people who are under law enforcement surveillance. If you go out of the country and meet up with narco traffickers, example, you should expect that you might get a cavity search.

The border isn’t like a street corner police stop. When you start learning not to apply those rules to a border crossing, the rest of it makes a whole lot more sense.

Considering the low number of Americans who have a passport, it isn’t surprising that there is a whole lot of ignorance.

Richard (profile) says:

Re: Re: Re: Re:

You guys crack me up. Yes, the US is a democracy, but NO, you don’t automatically have the right to cross the border with anything you please without inspection.

And if border patrols persistently abuse their powers (as they clearly have here) expect the democracy to remove those powers – if it doesn’t happen then you don’t have a democracy.

btr1701 (profile) says:

Re: Re: Re: Border

> US customs is one of those areas where your
> rights are fairly limited because until you
> clear customs, you are not “landed” in the US

Of course the they keep expanding the defintion of “the border” more and more to give themselves the authority to circumvent the Constitution anywhere they like.

If I recall correctly, “the border” is currently defined as being 150 miles inland from any international boundary.

That effectively makes the entire state of Florida a Constitution-free zone.

Anonymous Coward says:

Re: Re: Re: Re:

You have no rights…

Government has a dire shortage of smart, talented computer security workers willing to be loyal and devoted to a system where people have no rights.

Fortunately, there are plenty of other folks happy to work for a system where the border guards take keen pleasure in “vindictive, extrajudicial punishment”.

btr1701 (profile) says:

Re: Authority

> It is, at best, disingenuous and, at worst,
> dishonest to suggest that the border guards
> do not have the right to inspect anything
> and everything coming into the country.

Point me to the Article and Section of the Constitution that says the Bill of Rights is suspended at the border.

Hint: it doesn’t exist.

This ‘border authority’ is nothing but another one of those ever more frequent self-serving ‘interpretations’ of the Constitution by the government to justify not obeying a law which they find inconvenient and bothersome.

Roy Batty (profile) says:

Re: When you bring something across the border, it is pretty much fair game.

I respect your opinion/assertion. You should realize that you have decided to accept the government’s premise with regard to what is fair game. Perhaps the time has come to demand more from law enforcement at all levels. I have many years experience in l.e. and too many l.e.o.’s are pushing the limits of fairness. House didn’t have controlled substance. House didn’t have dangerous material. House did not have warrants outstanding. These federal agents wanted private information. They could have requested a search warrant. Hey, guess what? They didn’t have reasonable suspicion and they didn’t have probable cause. We are federal agents so we will just take what we want. It is time to restrict the intrusion under some circumstance. We could write a book here. A U.S. citizen? No contraband? No outstanding warrants? Leave us the hell alone!
And what about keeping the personal items 19 days beyond policy and saying “we’re under-staffed”. We, as citizens don’t have to accept the behavior. This is like sentencing someone to one year in jail and keeping them 18 months because “there weren’t enough guards to open the cell door”. So, again, your assertion is reasonable, if we accept the premise that federal agents can invade your privacy for one reason and pretend they are doing it for another.

Anonymous Coward says:

Because the laptop ran both Linux and Windows and the tech geniuses at Homeland Security had trouble understanding how to deal with that.

Makes one wonder how they would handle virtualization. I have more than half-dozen different virtual systems on my mac, mainly different linux distros, FreeBSD and a couple of windows versions. And now that Apple’s Lion license allows for virtual installs, I could really mess with the DHS geniuses and have OS “Inception” for them to unwind.

Dan (profile) says:

Physical searches make sense if your already spying...

“If you wanted the content of your laptop to go over the border you’d just send it using the internet.”

At which point, the NSA has it.

I know this isn’t the point of this particular topic, but Mike keeps rolling out the ‘this makes no sense’ argument. With the NSA tapping the cables, physical searches make sense (to the feds, at least).

Overcast (profile) says:

On a separate note, the reason given for having to keep House’s laptop for so long? Because the laptop ran both Linux and Windows and the tech geniuses at Homeland Security had trouble understanding how to deal with that

LOL, so what’s the point?

I mean, obviously if THIS was a problem for them – then the possibility of hidden data being found is pretty much Zero.

But again, if you have data you don’t want found on your laptop – put it on a flash drive and put it in the mail.

Anonymous Coward says:

Rules

1. Maintain factory disk drive, with almost-virgin(*) Windows install.

(*) Put some soft-core pr0n on the factory disk drive, so no-one gets too suspicious.

2. Do NOT ever devise your own encryptation algorithm. You are not a cryptographer (**). Use only carefully scrutinized implementations of well-regarded algorithms.

(**) If you are a cryptographer, then this only applies to operational use. And you know why.

3. ALWAYS generate your own random numbers.

ComputerAddict (profile) says:

Welcome to the Cloud

What will be really interesting is when you bring your ChromeOS CR-48 laptop across the border.

Nothing is stored on it, but when they boot it up and you checked “remember password” should they get to search all your data that isn’t even “on” the laptop as you crossed the boarder?

I bet I know their answer…

Joel Coehoorn says:

You make some good points about why this content should be treated differently, but I’m not sure the law as written makes those distinctions. Whether or not you purposefully chose to include or exclude something or could have sent it more easily another way, it’s still there on a laptop that was still carried across the border. So I think they do have the same right to search your laptop that they have for anything else.

What they don’t have the right to do, and what needs more emphasis here, is keep the laptop and send it away for forensic analysis: unless they first found something there locally and in a reasonable time frame that now justifies further seizure.

Anonymous Coward says:

The border patrol is trying to tromp over all sorts of rights. I am a US citezen, I have constitutionally protected rights no matter where I am. the US government is just as limited in what it can legally and morally do if I am at home, On the border entering the country, in France or on Mars. The fact that I left the country may establish reasonable suspicion for a search, but it does not mean my rights are null and void, no matter how much the border patrol may pretend it does.

Note that the constitution does not grant rights, it enumerates and protects rights that exist independantly from the government and limits what the government is allowed to do.

aikiwolfie (profile) says:

The USA steals your laptop at the border and the government there wonders why the USA’s economy is crap?

This actually means doing business with the USA almost by default increases the TCO of a laptop since you need to by a spare in the event the first one gets confiscated. But at the same time since you can’t afford to lose your data to ICEbaby you’ll keep everything in the “cloud” and make do with a cheapo laptop anyway lowering your TCO of a laptop.

America is a very confusing place to be. It’s better to stay at home.

Anonymous Coward says:

Searches

It’s perfectly reasonable to search things at the border, in general. Just about any physical container can contain something which is prohibited, and people do try to smuggle things.

The question becomes, what exactly were they expecting to find on that laptop? Did they think he was bringing in a prohibited item? If not, they had no business searching it.

The simple fact that they get to search, does not mean that they get to search everything for any reason. If a cop is patting you down for his own safety, that’s a legal search. But that doesn’t mean he then gets to go through your wallet. Similar situation here – they are guarding the border and therefore get to search. But ONLY for things illegally being taken over the border.

Anonymous Coward says:

The comment above mentioning Lupus got me thinking. (Sorry of this is a repeat of their comment, but it was unclear what they meant.)

Something we very much want to avoid is having the federal security apparatus become the equivalent of societal Lupus. I think if a lot of us start using this analogy in other places it could become a meme and perhaps lead to some sanity.

Another point about seizing computer equipment. we want to use computers an an extension of our minds. That is their power. But then encryption and freedom from searching becomes an extension of the right to remain silent. Unfortunately the average Joe does not view the right to remain silent as important for anyone but criminals. But anyway, taking someone’s computer and searching it is similar to having a brain scan technology – which is why they like to do it. I think the average Joe would appreciate that analogy.

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...