Device Searches Have Created A Massive Database Of American Phone Data CBP Agents Can Search At Will

Privacy

from the extending-the-constitution-free-zone-across-the-country dept

The “Constitution-free zone” — the area within 100 miles of any border crossing, port of entry, or international airport — now apparently covers the entire country in perpetuity.

Border agencies — mainly Customs and Border Protection (CBP) — have steadily increased the number of device searches they do every year. Sometimes the search is limited to scrolling through an unlocked phone, an act that can be performed by a CBP agent even without reasonable suspicion. Then there are the more invasive searches, where the phone is seized temporarily and hooked up to a device to extract information.

These searches should be covered by the Fourth Amendment, thanks to the Riley decision. But, because they happen near the border (or at an inland international airport), they aren’t. National/border security concerns are elevated above enshrined rights to allow invasive searches with little more than a bit of suspicion. Within this constitutional carve-out, the CBP operates. And the number of invasive device searches it performs has increased exponentially in recent years.

As concerning as this development is, it’s even more concerning that the CBP appears to have taken a hands-off approach to preventing abuse of the search process or abusive searches of the data collected from these searches. Despite this program having been in operation since 2007, the CBP’s Office of Field Operations (OFO) has done almost nothing to measure the program’s effectiveness or ensure searches are handled properly and responsibly. This is from a 2018 Inspector General’s report:

[B]ecause of inadequate supervision to ensure OFO officers properly documented searches, OFO cannot maintain accurate quantitative data or identify and address performance problems related to these searches. In addition, OFO officers did not consistently disconnect electronic devices, specifically cell phones, from networks before searching them because headquarters provided inconsistent guidance to the ports of entry on disabling data connections on electronic devices. OFO also did not adequately manage technology to effectively support search operations and ensure the security of data.

All of that leads us to this: the DHS is basically running a program that allows over 3,000 CBP officers to search a database compiled from data pulled from tens of thousands of devices, all without warrants, reasonable suspicion, or even adequate oversight. Here’s Drew Harwell with the details for the Washington Post:

U.S. government officials are adding data from as many as 10,000 electronic devices each year to a massive database they’ve compiled from cellphones, iPads and computers seized from travelers at the country’s airports, seaports and border crossings, leaders of Customs and Border Protection told congressional staff in a briefing this summer.

The rapid expansion of the database and the ability of 2,700 CBP officers to access it without a warrant — two details not previously known about the database — have raised alarms in Congress about what use the government has made of the information, much of which is captured from people not suspected of any crime.

That’s all taken from a briefing delivered to Congress earlier this summer, but only made public after Senator Ron Wyden publicly demanded answers from the CBP. His letter [PDF] exposes the breadth and depth of this previously secret program.

Getting into the database is easy: just be anywhere CBP officers are and carry a device. CBP officers will then misinform you about your rights and their intentions while searching your device, should they choose to go that route. Travelers are provided with some info, but much of it is (apparently deliberately) inaccurate, as Wyden’s letter points out.

CBP told my office that it provides travelers a “tear sheet” explaining their rights when it seizes a traveler’s device and copies their data. However, CBP confirmed to my office during a June 20, 2022 briefing that its officers are only required to provide the tear sheet at some time during the search, not at the beginning. Thus, travelers might not see it until after they are coerced into unlocking their devices.

Moreover, the tear sheet provides misleading information regarding their rights and CBP’s authority to search their devices. The tear sheet does not tell travelers that CBP will retain their data for 15 years and that thousands of DHS employees will be able to search through it. In fact, the tear sheet misleadingly suggests that CBP will not retain a copy of travelers’ data absent probable cause. The tear sheet also states that collection of travelers’ information is “mandatory,” but fails to convey that CBP may not arrest an American or prevent them from entering the country if they refuse to tell CBP their password.

The CBP is leveraging the lack of constraints in areas surrounding “borders” to engage in routine warrantless searches of devices. Then it leverages this lack of informed consent and/or border security mandates to compile a massive database that can retain 15 years of info it then searches seemingly at will. When people are faced with the prospect of not being allowed to move on toward their destination, they’ll often comply, especially when they are mislead both by CBP officers’ assertions and the “information” sheet full of incorrect information.

Lack of information is the guiding principle for the collection and use of this data. Wyden’s letter notes the CBP retains no records detailing the number of times it performs these advanced searches that pull all data from devices, nor how often it performs advanced searches in comparison to basic searches, which do not involve the 15-year retention of data. It also has not provided any data on how many devices have had their contents added to this database, nor how often officers access this collection.

The reason for this lack of data is explained later in Wyden’s letter. The CBP simply does not feel like this is information worth collecting. And it doesn’t appear to believe it should be closely monitoring use of this database full of Americans’ personal information.

CBP confirmed during this briefing that it stores this deeply personal data taken, without a warrant signed by a judge, from Americans’ phones for 15 years and permits approximately 2,700 DHS personnel to search this data at any time, for any reason. CBP officials also revealed that government personnel querying the data are not prompted to record the purpose of the search, even though auditable records of this sort are an important safeguard against abuse.

Wyden urges the CBP to align itself with Ninth Circuit precedent — precedent that only allows forensic examination of travelers’ phones to search for contraband. This would limit unreasonable searches and force the CBP to perform more direct oversight of the program to ensure rights aren’t violated.

But until that happens (and it will take the Supreme Court to make it happen), the CBP is going to continue doing what it’s doing. That its secret dragnet has been exposed won’t stop it from adding device contents tens of thousands of times a year. And it will take more than some Congressional heat to force it to collect and retain records on its own actions with the same enthusiasm it collects data from innocent Americans’ devices. Rather than waiting for the right case to land in the Supreme Court, Congress needs to take action to protect rights at the border and recognize that rights shouldn’t be suspended just because of where someone happens to be momentarily located.

Filed Under: 4th amendment, border searches, cbp, device searches, phone searches, ron wyden