CBP Privacy Impact Assessment Says It Can Pull All Sorts Of Data And Communications From Peoples' Devices At The Border
from the Privacy-Impact:-YES dept
The CBP is going to continue fishing in people’s devices, despite federal courts (including the Ninth Circuit Court of Appeals) telling it that suspicionless device searches are unconstitutional. The agency will just have to come up with something approximating suspicion to do it. Its latest Privacy Impact Assessment of its border device search policy gives it plenty of options for continuing its practice of performing deep dives into devices it encounters.
Travelers heading to the US have many reasons to be cautious about their devices when it comes to privacy. A report released Thursday from the Department of Homeland Security provides even more cause for concern about how much data border patrol agents can pull from your phones and computers.
In a Privacy Impact Assessment dated July 30, the DHS detailed its US Border Patrol Digital Forensics program, specifically for its development of tools to collect data from electronic devices.
The number of device searches performed at the border has been increasing exponentially. The DHS has amped up this program in very recent years. In 2015, the CBP searched less than 5,000 devices. In 2018, it searched 33,000.
The Impact Assessment [PDF] leaves the agency with plenty of options for warrantless searches. First of all, being anywhere near a border (in which “near” means “within 100 miles” and “border” means any port of entry, including actual ports and international airports) subjects people and their devices to additional scrutiny without any need to establish reasonable suspicion. As a border control and security agency, the CBP has the power to engage in a number of searches, detainments, and interrogations without worrying too much about Constitutional rights.
Going beyond that, the CBP can also badger people into consent. This is sometimes obtained by telling people they’re free to go but their devices aren’t. Considering how important some of these are to everyday life, people at checkpoints may agree to a search rather than lose the only thing connecting them to friends, family, legal assistance, job opportunities, bank accounts, employers, etc. The CBP can also search any device it considers “abandoned” without suspicion or probable cause. Finally, if there’s no other good reason to do so, the CBP can claim “exigent circumstances” demanded warrantless access. In far too many cases, exigent circumstances just means the government has decided to apologize to a court later rather than ask for permission first.
Here’s everything the CBP can pull from a device with or without a warrant:
• Contacts
• Call Logs/Details
• IP Addresses used by the device
• Calendar Events
• GPS Locations used by the device
• Emails; • Social Media Information
• Cell Site Information
• Phone Numbers
• Videos and Pictures
• Account Information (User Names and Aliases)
• Text/chat messages
• Financial Accounts and Transactions
• Location History
• Browser bookmarks
• Notes
• Network Information
• Tasks List
Does this impact privacy? Hell yeah it does! Will the CBP be changing anything about it? Nope. Sorry about that people whose rights we’ve decided are less important than protecting this nation from incoming visitors and immigrants less likely to be carrying the coronavirus than the proud Americans they’ll be encountering once they cross the border. The privacy risk is “mitigated” because [drum roll] the CBP has released this document declaring all the privacy-violating it will be doing:
CBP has provided notice and transparency about its digital forensic program and border search authority by publicly releasing the policy for these searches and publishing this and corresponding PIAs.
Fantastic.
More good news: the DHS and CBP have been unable to show these additional device searches have resulted in additional border security. The program is an unsupervised mess that violates rights without delivering corresponding gains in border protection.
Finally, [CBP’s] OFO [Office of Field Operations] has not yet developed performance measures to evaluate the effectiveness of a pilot program, begun in 2007, to conduct advanced searches, including copying electronic data from searched devices to law enforcement databases.
The DHS still isn’t checking to see if warrantless device searches are making the nation safer and doesn’t plan to in the future. The pot that is never watched troubles no one when it fails to reach a boil.
There are no changes to auditing and accountability as it relates to the new tools.
¯_(?)_/¯
Oh well… carry on, I guess.
Filed Under: 4th amendment, border, cbp, devices, privacy
Comments on “CBP Privacy Impact Assessment Says It Can Pull All Sorts Of Data And Communications From Peoples' Devices At The Border”
Wrong question
CBP have been unable to show these additional device searches have resulted in additional border security. "Security" is the cut-out story, fear is the pay-out. NAFTRA destroyed family farming in Mexico, forcing everyone into a "Job" (just as the English Midlands were gutted during the first ‘Industrial Revolution’) in maquiladoras or crossing into the US. Goods and Capital have no border, only wage slaves. Safe workplaces, overtime, rest periods, the minimum wage et. al. doesn’t apply to our ‘illegals’ that make California the fifth largest economy in the world. A win-win.
Simple solution, for the smart people
There is a simple solution for the smart people. If you are frugal, yank your normal hard drive, put in a virgin replacement for the trip. When you return, replace the drive.
If you have bucks, get a cheapo phone/laptop for the trip and only use it on the trip.
After all, you are going somewhere for a purpose, the phone/computer is just a tool. If the phone/computer needs to be disposable, the that is just part of the cost of the trip. If the trip is for business, which needs security, then at the end of the business dealings send an encrypted zip file home and physically smash the hard disk. (Don’t forget, the postal system is not all that insecure, sending a physical DVD/CDR via snail mail also works.)
Inconvenient, certainly. A significant problem, not at all.
This is just more evidence of how stupid and corrupt government security has become. No smart businessman, traveler or terrorist will be hindered in the slightest. No new, REAL, "terrorist " threats will be found. This is just corrupt, stupid bureaucrats abusing those who refuse to learn how to use their tools, in order to advance the bureaucratic budget and appearance of power.
In many respects this actually aids terrorism. This forces the terrorists to become technology savvy, more savvy than the security forces. The situation is very similar to the misuse/over use of antibiotics!
Yes, new bureaucrats are needed, right after the rejection of both Republicans and Democrats at the polls. (Yes, wishful thinking here.)
Re: Simple solution, for the smart people
If I’m visiting the US on a trip, I’m going to need, at a minimum, my contacts list and the credentials to access my work VPN to grab the documents I’m going to be using.
And because work installs my laptop image with the required certificates for remote access on it, and I can’t go to an office and have IT do this for me, this means that for any trip to the US, I need to request a clean laptop weeks in advance, and then ensure I add just enough data to make it useful while "crossing the border". This means I don’t get to work on powerpoint presentations on the airplane, go over my speech in my hotel room, or anything else. When I get to my hotel room (likely within the 100 mile zone), I’ll be spending my time trying to bring things back up on my laptop and get myself connected to the work network. And then before I leave, I’ll have to wipe the drive, which will look suspicious at the border.
Re: Re: Simple solution, for the smart people
I’m told that in the legal field, SOP for Canadian lawyers who are crossing the border is to be issued a clean laptop before leaving, download everything they need from their home office after they reach their destination and do complete wipe before returning home.
(The IT dept. has most of this automated, the lawyer contacts the office to access/authorize the download, etc.)
Re: Re: Re: Simple solution, for the smart people
It also applies to phones – the Canadians I’m engaged with at the minute also issue a fresh iPhone that once you are Stateside, you’re given a QR code to sync up to corporate eMail, contacts, calendar, etc. All encrypted. Takes about half-an-hour. All documents are centralized not local. Admins remote wipe when you’re leaving.
But as the AC above says, you can’t really do anything when travelling to/from the States.
Re: Re: Simple solution, for the smart people
As far as VPN credentials the passqord van be changed afyer your clear Customs
When i go on road trips i change all my passwords on ky home neyworks VPN afyer crossimg the border so that if they trunto access my neteork they are locked out
Changing your password for that purpose does break amy laws in canada, mexico, or the usa
Re: Re: Simple solution, for the smart people
It has been over 10 years since I worked for a UK defence contractor and this was exactly what we had to do for every visit. It was an instant dismisal to take any piece of IT equipment that was not wiped with a clean image. For one visit organised at short notice it was easier to get the employee to buy a laptop and phone out there and just bin them at the end of the trip.
And this was for work visits to the US military and US military contractors for work relating to US homeland security and anti-terrorism. We could not trust the US not to take the opportunity to download everything they could.
I’ll keep all this in mind next time I visit one of the five or so countries that will allow US travelers.
Objecting to a digital cavity search makes you suspicious, of course. Search justified!
Turn it on its head
Sue them for every single violation of the constitution that they just admitted too. Charge them 1 million per violation and then when they can’t pay, shut them down. Any US agency that violates the constitution as part of its operation is illegal and can be sued out of existence. If that doesn’t apply, then this isn’t a government by, of and for the people.
please explain how this is right, given that we are supposedly living in a democracy, a country that is supposed to support freedom and free speech as opposed to the practices of countries like China, N.Korea, Russia and (Nazi) Germany? how can any government of a supposed ‘free’ country not just allow but condone these agancies and their actions? i dont understand the path we seem to be on or the direction we’re heading. i do know that i sure as hell dont like it!!
Re: Re:
This isn’t a democracy. It’s a representative republic.
Re: Re: Re:
I am so tired of this kind of obnoxious response. A representative republic where those representatives are elected democratically is a form of democracy FFS.
Re: Re:
Well, I hear that protecting the border from smugglers and terrorists even includes assaulting and kidnapping peaceful protesters in major cities — so obviously, searching any and every personal electronic device they feel might be interesting is clearly well within the bounds of their authority…
SUSPICION..
you are going to Canada, thats suspicious.
You are coming Back from Canada, thats suspicious.
You are Capt. Kirk, thats just weird.
Re: SUSPICION..
Waitaminute…. Isn’t that the guy who raided a nuclear sub, abducted an unconscious foreign agent from the hospital, stole marine life from a research facility, and disappeared for over forty years?
Forget weird, this is the man we’ve been searching for! Now we can justify the agencies’ existence!
You still have your 5th amendment right to remsom silent. You do not have to answer any questions
This 100 mile zone (actually 115.7) is.whyy whenever i drive to Disneyland or to Canafas Wonderland i out my phone on insane cip 0roof mode so that if a cop should pull me over and seize my phone they will not be able to access the contents when they get ir back to the cop shop.
When you go on a road trip, putting your phone on insane cop proof mode is a must.
mature russian moms
490M deal over capsule abuse
Alberta restaurant that accepted dog photos instead of QR codes closed to dining
A restaurant in central Alberta was ordered closed to indoor dining last week after an Alberta Health Services enquiry found it accepting dog photos in lieu of vaccination proof. your order was issued to The Granary in Red Deer on Jan. 14. Following symptoms to an AHS executive officer, Two test shoppers were sent to the eating place on Jan. 11 at a range of times. Both were able to enter and dine after presenting a photograph of a dog and personal i. d,identity to staff, in accordance with the oOne industry is at the heart of lowering carbon our footprint solar. on 2018, the overall Court reduced the fine by 12 million euros, how the EU executive paid back to Deutsche Telekom two months later.
Sky reports
Two men arrested in Birmingham and manchester over Texas synagogue siege
Counter terror police have arrested two men in the UK in association with the Texas synagogue siege in which Malik Faisal Akram, by way of Lancashire, Took four people hostage last tuesday. The suspects were held on Thursday morning in gatwick and Birmingham, Greater manchester Police (GMP) celebrity fad. some sort of men, Whose ages weren’t released, really are "In custody for wanting to know" And were <a href=https://www.bestbrides.net/how-to-tell-if-a-chinese-woman-likes-you/>how to tell if a chinese girl likes you</a> held while in an "Ongoing look for, GMP newly added.
Sky reports
Romance fraudster posing as Nicolas Cage scammed vulnerable woman out of thousands of pounds, Says Victim substantiate
Online daters have been warned about the dangers of fake celebrity profiles after a woman was duped out of a lot of money by a romance fraudster posing as Hollywood star Nicolas Cage. The woman believed she was updating messages with the Oscar winning actor on Facebook and lost about 10,000 in scam, The charity Victim Support explained. Reports of romance fraud have soared this pandemic but a senior detective told Sky News they were "the tip of the iceberg" As many victims are too self-conscious to come forward. in order to data posted to the health unit’s website, 79 cases happen to be in Greater Sudbury, Nine are in the Sudbury region, And six are in the Manitoulin centre. The probable exposure status of 20 cases is still under examination, And contact tracing knowledge for 61 cases is missing or lost to follow up. as well as, 42 cases are behind anFlourishing ice fishing village near Val d helps raise funds for brain injury survivors
Ren Corriveau can be frequently spotted early in morning on the frozen Thompson River in Abitibi Tmiscamingue, Ready to help fishermen who rent one of the several ice fishing shacks set up near the bridge. Ice fishing has been in full swing for the past a few months at this winter fishing village near Val d about 600 kilometres northwest of Montreal. Winter fishing collectors rent a shack by the day from Le Pillier, A non profit group that uses the funds to aid survivors of brain injuries livingMap of New Brunswick with Indigenous place names highlights continued presence
A new interactive map created by a Mi rights advocacy group is highlighting the continuing presence of Indigenous people in New Brunswick and their original names for important locations. Mi Tplu inc, A non profit organization from the nine Mi communities in New Brunswick, Curated the map in an effort to show non Indigenous people the continued use of the land by Indigenous people. Users can click on coloured items to find place names of places like landmarks, n.
[—-]