Inspector General Says CBP's Device Search Program Still A Mess, Still (Ironically) Mostly Undocumented
from the PAPERS-PLS dept
The CPB continues to increase the number of electronic devices (at least temporarily) seized and searched at border crossings and international airports. Basic searches — ones that don’t involve any additional tech or software — can be performed for almost any reason. For deeper searches, the CBP needs only a little bit more: articulable suspicion.
Even though it’s only a very small percentage of the total, it continues to increase, both in total numbers and as a percentage of the whole.
In fiscal year 2018, OFO processed more than 413 million travelers arriving at U.S. POEs and conducted an estimated 33,062 basic and advanced electronic device searches of those inbound travelers (.008 percent). In FY 2019, CBP processed more than 414 million travelers and conducted an estimated 40,610 basic and advanced electronic device searches of those inbound travelers (.010 percent).
That’s from the DHS Inspector General’s latest investigation [PDF] of CBP device searches. The last time the IG stopped by the CBP to perform some oversight in this area, it declared the whole thing a catastrophe. There was very little direct supervision of searches, documentation was almost nonexistent, and the CBP had no idea whether more searches were resulting in more investigations or arrests of criminals. Not only that, but the CBP had yet to implement any method of quantifying the security/safety gains of performing invasive device searches at border crossings.
Right at the top, the IG refers to the CBP’s policy on device searches, which clearly and succinctly states the agency’s obligations:
CBP’s Directive requires CBP officers to fully document all information related to searches of electronic devices.
You can already guess where this is headed.
First, there’s a callback to the last investigation by the IG:
In our first audit of CBP’s searches of electronic devices at POEs [Ports of Entry], we reported deficiencies in supervision, guidance, equipment management, and performance measures and made five recommendations to improve the program’s effectiveness. CBP concurred with all five recommendations and has taken some actions to improve oversight, such as streamlining license renewals, developing processes to conduct annual field office reviews, and updating its self-inspection worksheet to better identify deficiencies. As of May 2021, CBP had not fully implemented four of five recommended corrective actions.
Since there’s been no improvement on the back end, there’s been no improvement on the front end.
Here’s a more detailed description of what’s required when a phone is searched by CBP personnel:
CBP’s Directive requires CBP officers to include all information related to the search, such as whether the device’s wireless data connection was disabled, a tear sheet was provided, and if a supervisor approved advanced searches. In instances in which OFO detains or seizes an electronic device, officers document such incidents on DHS Form 6051D, Detention Notice and Custody Receipt for Detained Property and DHS Form 6051S, Custody Receipt for Seized Property and Evidence, to demonstrate chain of custody. The Directive also tasks supervisors with ensuring officers complete thorough inspections and that all notification, documentation, and reporting requirements are met.
Here’s what happened instead:
OFO [Office of Field Operations] did not always adhere to all requirements outlined in the Directive when conducting electronic device searches nor properly document searches. Of the 100 from FYs 2018 and 2019 that we reviewed, 79 had one or more instances of non-compliance, which totaled 139 instances. […] We also identified 32 EMRs [electronic media reports] not approved by a supervisor within 7 days.
The largest number of infractions came from two areas: no indication of whether the device’s data connection was disabled (27) — something that’s supposed to prevent agents from intercepting incoming communications or accessing content stored in the cloud — and no indication of whether a supervisor was present for advanced searches (44), which is a violation of CBP policy.
That’s just the problem with the stuff that’s (apparently incompletely) documented. Then there are the cases where no documentation occurred at all.
During site visit… we identified instances in which OFO officials used advanced screening equipment to conduct advanced searches of electronic devices without documenting these searches in TECS. For example, in reviewing DOMEX activity log entries from the three POEs, we identified 33 advanced searches that were not documented in TECS.
CBP officials said these didn’t need to be tracked because they were not related to new searches, but rather to ongoing investigations, training, and “ongoing maintenance.” As proof of this claim, the officials offered nothing.
We could not confirm these assertions because OFO did not have controls to ensure all advanced searches were traceable to the officer conducting the search.
As for seeing if these searches are actually resulting in any net security and public safety gains, the CBP is still sort of working on that. There are existing metrics the CBP could use, but it has simply chosen not to.
According to an OFO official, OFO does not see the benefit of receiving the outcomes of referrals, or tracking prosecutions and convictions, and does not have a system to track or receive this information. Without tracking final legal disposition of devices and information transferred to other Federal agencies, OFO cannot fully evaluate the program’s effectiveness or whether advanced searches are achieving their intended purpose to detect evidence and identify crimes.
The refusal to properly track and document searches also causes problems elsewhere.
For example, OFO equipment used to search computers [equipment name redacted] has not functioned since July 2018 due to network compatibility issues. Because of these technical issues, officers at POEs cannot conduct advanced searches of computers on-site.
Here’s the punchline:
Despite technical issues, OFO renewed the software licenses for all equipment in 2019 and 2020, including for equipment that does not function, at a total cost of $330,629.
Which leads to yet another punchline in the OIG’s recommendations:
We recommend the Executive Assistant Commissioner for the Office of Field Operations: a. Suspend the renewal of licenses for nonfunctional equipment, as appropriate.
The report concludes like the last one did. Recommendations for the CBP to something — anything! — to improve its tracking and documentation of phone searches. And like last time, the CBP has promised to get right on that… eventually. And we the people can all expect more of the same in the 2022 report, given the lack of progress since the last IG review.