DHS, CBP Admit They Have No Legal Authority To Access Americans' Social Media Accounts

from the CBP-reminded-of-this-2-months-after-Wyden's-letter dept

Since at least 2009, the DHS has asserted a legal right to copy/search the contents of anyone's electronic devices at the border. Its privacy assessment said no one has much privacy, at least not near US borders. Building on years of judicial national security deference, the DHS has recently expanded its searches of electronic devices, eliminating most of its adherence to the Fourth Amendment in the process. If your devices wander into the country's Constitution-free zones, you can expect to suffer diminished expectations of privacy.

Noting that border searches of electronic devices were increasing exponentially (more searches in February 2017 alone than in all of 2015), Senator Ron Wyden did two things: introduced a bill creating a warrant requirement for border electronic device searches and asked the CBP (Customs and Border Protection) about its new demands for social media/email account passwords.

The DHS has responded [PDF] to Wyden's questions, and the answers are a bit surprising.

U.S. border officers aren't allowed to look at any data stored only in the "cloud" — including social media data — when they search U.S. travelers' phones, Customs and Border Protection acknowledged in a letter obtained Wednesday by NBC News.

The letter (PDF), sent in response to inquiries by Sen. Ron Wyden, D-Ore., and verified by Wyden's office, not only states that CBP doesn't search data stored only with remote cloud services, but also — apparently for the first time — declares that it doesn't have that authority in the first place.

This admission about a lack of legal authority contradicts the assertions made in its 2009 Privacy Impact Assessment, which placed CBP agent hunches above anything resembling reasonable suspicion or probable cause. But the answer aren't quite as clear-cut as it might appear from the NBC New summation.

With or without legal authority, the CBP is still performing searches of thousands of devices. Returning US citizens aren't exempted from these searches. They are often free to go, even if their devices might need to be left behind so the CBP can search/copy the device's contents. This may be done without reasonable suspicion because, as the letter puts it, any device might hold evidence of criminal activity (terrorism, smuggling, and child porn are specifically named).

What the CBP cannot do -- at least according to this letter -- is retrieve information and data not stored on the phone itself. But this would only prevent CBP officers from accessing cloud-based storage. Much of the information contained in email and social media accounts is not stored locally, but there's no practical way to separate local/cloud data when officers have access to the entire device. The letter appears to indicate officers need to restrict their searches to SMS messages, call logs, and photos/videos stored on the device.

How this operates in practice is another matter. The letter states CBP cannot demand passwords/pins from American travelers, but points out this may result in their electronics being detained indefinitely even as the citizens themselves are free to go. It says CBP officers have been instructed to stay away from social media/email accounts, but the April 2017 "reminder" appears to be the direct result of Wyden's probing questions, which were sent to the DHS at the end of February. What CBP was doing before the senator started asking questions is anyone's guess, but anecdotal evidence suggests CBP is treating US citizens as badly as it does foreign visitors.

What isn't in the letter is a direct response to Wyden's question about the number of US citizens subjected to these intrusive searches. The DHS claims not to have this information on hand but has promised to turn over some data later this year.

In the meantime, American citizens are receiving only slightly better treatment than arriving foreigners. Assertion of rights are the border will often be taken as unprompted admission of guilt. While the CBP may not have a legal basis to demand access to social media accounts, it does appear its demands for access to people's phones isn't stifled by many legal hurdles. Considering most phones/laptops contain social media account info, it's up to Americans to believe the CBP isn't accessing data it's been told to stay away from.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: 4th amendment, cbp, cloud, device searches, dhs, laptop searches, local storage, privacy

Reader Comments

Subscribe: RSS

View by: Time | Thread

  1. identicon
    Anonymous Coward, 14 Jul 2017 @ 12:00pm

    account info

    Considering most phones/laptops contain social media account info, it's up to Americans to believe the CBP isn't accessing data it's been told to stay away from.

    The story says they can't look at data stored only in the cloud. They have not been told to stay away from social media account info contained in the phone/laptop. If you have Facebook pictures, stored conversations etc., delete them before crossing the border.

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here

Subscribe to the Techdirt Daily newsletter

Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Insider Shop - Show Your Support!

Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Report this ad  |  Hide Techdirt ads
Recent Stories
Report this ad  |  Hide Techdirt ads

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it

Email This

This feature is only available to registered users. Register or sign in to use it.