Device Searches Have Created A Massive Database Of American Phone Data CBP Agents Can Search At Will

from the extending-the-constitution-free-zone-across-the-country dept

The “Constitution-free zone” — the area within 100 miles of any border crossing, port of entry, or international airport — now apparently covers the entire country in perpetuity.

Border agencies — mainly Customs and Border Protection (CBP) — have steadily increased the number of device searches they do every year. Sometimes the search is limited to scrolling through an unlocked phone, an act that can be performed by a CBP agent even without reasonable suspicion. Then there are the more invasive searches, where the phone is seized temporarily and hooked up to a device to extract information.

These searches should be covered by the Fourth Amendment, thanks to the Riley decision. But, because they happen near the border (or at an inland international airport), they aren’t. National/border security concerns are elevated above enshrined rights to allow invasive searches with little more than a bit of suspicion. Within this constitutional carve-out, the CBP operates. And the number of invasive device searches it performs has increased exponentially in recent years.

As concerning as this development is, it’s even more concerning that the CBP appears to have taken a hands-off approach to preventing abuse of the search process or abusive searches of the data collected from these searches. Despite this program having been in operation since 2007, the CBP’s Office of Field Operations (OFO) has done almost nothing to measure the program’s effectiveness or ensure searches are handled properly and responsibly. This is from a 2018 Inspector General’s report:

[B]ecause of inadequate supervision to ensure OFO officers properly documented searches, OFO cannot maintain accurate quantitative data or identify and address performance problems related to these searches. In addition, OFO officers did not consistently disconnect electronic devices, specifically cell phones, from networks before searching them because headquarters provided inconsistent guidance to the ports of entry on disabling data connections on electronic devices. OFO also did not adequately manage technology to effectively support search operations and ensure the security of data.

All of that leads us to this: the DHS is basically running a program that allows over 3,000 CBP officers to search a database compiled from data pulled from tens of thousands of devices, all without warrants, reasonable suspicion, or even adequate oversight. Here’s Drew Harwell with the details for the Washington Post:

U.S. government officials are adding data from as many as 10,000 electronic devices each year to a massive database they’ve compiled from cellphones, iPads and computers seized from travelers at the country’s airports, seaports and border crossings, leaders of Customs and Border Protection told congressional staff in a briefing this summer.

The rapid expansion of the database and the ability of 2,700 CBP officers to access it without a warrant — two details not previously known about the database — have raised alarms in Congress about what use the government has made of the information, much of which is captured from people not suspected of any crime.

That’s all taken from a briefing delivered to Congress earlier this summer, but only made public after Senator Ron Wyden publicly demanded answers from the CBP. His letter [PDF] exposes the breadth and depth of this previously secret program.

Getting into the database is easy: just be anywhere CBP officers are and carry a device. CBP officers will then misinform you about your rights and their intentions while searching your device, should they choose to go that route. Travelers are provided with some info, but much of it is (apparently deliberately) inaccurate, as Wyden’s letter points out.

CBP told my office that it provides travelers a “tear sheet” explaining their rights when it seizes a traveler’s device and copies their data. However, CBP confirmed to my office during a June 20, 2022 briefing that its officers are only required to provide the tear sheet at some time during the search, not at the beginning. Thus, travelers might not see it until after they are coerced into unlocking their devices.

Moreover, the tear sheet provides misleading information regarding their rights and CBP’s authority to search their devices. The tear sheet does not tell travelers that CBP will retain their data for 15 years and that thousands of DHS employees will be able to search through it. In fact, the tear sheet misleadingly suggests that CBP will not retain a copy of travelers’ data absent probable cause. The tear sheet also states that collection of travelers’ information is “mandatory,” but fails to convey that CBP may not arrest an American or prevent them from entering the country if they refuse to tell CBP their password.

The CBP is leveraging the lack of constraints in areas surrounding “borders” to engage in routine warrantless searches of devices. Then it leverages this lack of informed consent and/or border security mandates to compile a massive database that can retain 15 years of info it then searches seemingly at will. When people are faced with the prospect of not being allowed to move on toward their destination, they’ll often comply, especially when they are mislead both by CBP officers’ assertions and the “information” sheet full of incorrect information.

Lack of information is the guiding principle for the collection and use of this data. Wyden’s letter notes the CBP retains no records detailing the number of times it performs these advanced searches that pull all data from devices, nor how often it performs advanced searches in comparison to basic searches, which do not involve the 15-year retention of data. It also has not provided any data on how many devices have had their contents added to this database, nor how often officers access this collection.

The reason for this lack of data is explained later in Wyden’s letter. The CBP simply does not feel like this is information worth collecting. And it doesn’t appear to believe it should be closely monitoring use of this database full of Americans’ personal information.

CBP confirmed during this briefing that it stores this deeply personal data taken, without a warrant signed by a judge, from Americans’ phones for 15 years and permits approximately 2,700 DHS personnel to search this data at any time, for any reason. CBP officials also revealed that government personnel querying the data are not prompted to record the purpose of the search, even though auditable records of this sort are an important safeguard against abuse.

Wyden urges the CBP to align itself with Ninth Circuit precedent — precedent that only allows forensic examination of travelers’ phones to search for contraband. This would limit unreasonable searches and force the CBP to perform more direct oversight of the program to ensure rights aren’t violated.

But until that happens (and it will take the Supreme Court to make it happen), the CBP is going to continue doing what it’s doing. That its secret dragnet has been exposed won’t stop it from adding device contents tens of thousands of times a year. And it will take more than some Congressional heat to force it to collect and retain records on its own actions with the same enthusiasm it collects data from innocent Americans’ devices. Rather than waiting for the right case to land in the Supreme Court, Congress needs to take action to protect rights at the border and recognize that rights shouldn’t be suspended just because of where someone happens to be momentarily located.

Filed Under: , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Device Searches Have Created A Massive Database Of American Phone Data CBP Agents Can Search At Will”

Subscribe: RSS Leave a comment
9 Comments
Anonymous Coward says:

National/border security concerns are elevated above enshrined rights to allow invasive searches with little more than a bit of suspicion.

I was recently reading about Roxham Road:

For most of its history, it was possible to freely cross the [USA/Canada] border via Roxham Road, since it largely carried local traffic. Canada established a small customs station just north of the border; the U.S. never followed suit, leaving Roxham an uncontrolled border crossing, even after Canada closed its customs station in the 1950s. That ended when Canadian authorities decided, out of concerns that the terrorist killings at the 1972 Munich Olympics could also occur at the upcoming 1976 Summer Olympics in Montreal, […] to barricade all the uncontrolled land border crossings between Quebec and New York, as well as the neighboring U.S. state of Vermont.

Despite this, there was a fatal terrorist bombing at the Atlanta Olympics, among other attacks. Restrictions keep increasing, taking away the rights of the people, and there’s little evidence the restrictions have ever stopped any serious crime. The aforementioned road remained open even during alcohol prohibition in the USA, when it was known that people were abusing it. From its closure till 2004, official USA/Canada border crossings could be used by verbally stating citizenship, with no passport required.

I think we’d be better off disbanding the CBP entirely, and allowing federal borders to be crossed as freely as state borders—as many of them used to be, without issue, in more violent times. Wyden’s suggestion of aligning with 9th court precedent is a pretty weak one. And it’s not true that we have to wait for the Supreme Court here; the CBP has only the authority granted to it by lawmakers.

Anonymous Coward says:

Re: Re:

Alas, disbanding the CBP would do no good as long […] The successor organization

I think it was clear that the suggestion was to disband them and not replace them.

Anyway, courts (in theory) can only interpret law; the lawmakers have authority to override any precedent, within the bounds of the Constitution (which certainly doesn’t require anyone be granted authority to search private papers etc. at the border).

Ehud Gavron (profile) says:

Re: We

I think we’d be better off disbanding the CBP entirely

Yes, WE would be better off. Unfortunately WE do not get to decide, and OUR elected representatives do not represent OUR wishes. Sometimes they are outright criminal in their feigned ignorance of the law, duties, oath of office, etc. But enough about Trump and his brood of sows.

DHS has been a disaster since its formation. It’s had two decades and can’t improve. CBP is just one part of it. Neither is worth keeping as is.

WE can’t make a difference <– That is the unfortunate truth.

Anonymous Coward says:

No basis

I can’t come up with a single justification for CBP to examine any US citizen’s device, other than to ensure that it doesn’t contain some prohibited substance, such as drugs.

According to the CBP website:

These searches have resulted in evidence helpful in combating terrorist activity, child pornography, drug smuggling, human smuggling, bulk cash smuggling, human trafficking, export control violations, intellectual property rights violations and visa fraud.

They use the word “smuggling” but I have yet to see anyone smuggling humans or drugs inside electronic data.

This has nothing to do with protecting the border — it’s just a convenient fishing expedition to find criminals, as a 4th-Amendment-Free adjunct to “regular” law enforcement.

CPB should be able to wave a device past a drug-sniffing dog, or x-ray it to see if it’s hiding something. There is no rational reason to access it electronically, ever.

Anonymous Coward says:

Re:

They use the word “smuggling” but I have yet to see anyone smuggling humans or drugs inside electronic data.

Right. Frankly, the whole “argument” CBP is pushing around their “need” to search electronic devices for these things is insulting.

There’s really no need to transport data across the border physically through a phone when one can just sit in one’s living room and do it through a browser without ever leaving one’s home.

Naughty Autie says:

Re:

They use the word “smuggling” but I have yet to see anyone smuggling humans or drugs inside electronic data.

Actual statement: These searches have resulted in evidence helpful in combating terrorist activity, child pornography, drug smuggling, human smuggling, bulk cash smuggling, human trafficking, export control violations, intellectual property rights violations and visa fraud.

Whilst it’s true that these warrentless fishing expeditions are examples of overreach, you don’t exactly harm CBP’s case when you misrepresent what they actually said.

Anonymous Coward says:

Re: Re:

@Autie,

Rather, you’re misrepresenting (or misunderstanding) what I wrote, which was sarcastic.

I never accused the CBP of claiming that they found, say, humans being smuggled inside devices.

My point was that the CBP liberally used the word “smuggling” on that web page to give a reader who lacks critical thinking skills the impression that rifling through someone’s data is wholly justified because they might find evidence related to CBP’s actual charter — protecting the border from certain tangible things.

They give the game away, though, by mentioning offenses that aren’t necessarily related to the smuggling of tangible items, such as child pornography, terrorism, and intellectual property rights violations.

Leave a Reply to Ehud Gavron Cancel reply

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...