Create an Account
username: password:
  MemeStreams Logo

DHS Secretary Napolitano Announces New Directives on Border Searches of Electronic Media


Picture of Decius
Decius's Pics
My Blog
My Profile
My Audience
My Sources
Send Me a Message

sponsored links

Decius's topics
   Sci-Fi/Fantasy Literature
   Sci-Fi/Fantasy Films
   Electronic Music
  Finance & Accounting
  Tech Industry
  Telecom Industry
  Markets & Investing
Health and Wellness
Home and Garden
Current Events
  War on Terrorism
  Cars and Trucks
Local Information
  United States
   SF Bay Area
    SF Bay Area News
  Nano Tech
  Politics and Law
   Civil Liberties
    Internet Civil Liberties
   Intellectual Property
  Computer Security
  High Tech Developments

support us

Get MemeStreams Stuff!

DHS Secretary Napolitano Announces New Directives on Border Searches of Electronic Media
Topic: Civil Liberties 4:37 pm EDT, Aug 28, 2009

Thanks to two other MemeStreams users I learned that the new Obama flavor DHS laptop search policies are out and that the ACLU is suing DHS for more specific information.

I read through all of this stuff.

The most important take away is that Obama is continuing the civil liberties excesses of the Bush years. That impression is no longer theoretical. This isn't some lawsuit that they were already up to their ears in when he took office. This is administration policy that was radically expanded during the Bush years which Obama's team took the time to review, reconsider, and rewrite. This is Obama on civil liberties. Its not pretty.

While I'm glad that DHS took the step of publishing this information it will not resolve the substantive policy debate in any way.

Janet Napolitano seems to disagree:

“The new directives announced today strike the balance between respecting the civil liberties and privacy of all travelers while ensuring DHS can take the lawful actions necessary to secure our borders.”

In fact, with one minor exception that I'll discuss, there is no "civil liberty" acknowledged here, so this policy cannot be said to strike any sort of balance.

These documents explain that DHS randomly seizes laptops, cellphones, and cameras and "detains" them for indepth forensic analysis in search of evidence of any crime. They will usually keep these items for less than 5 days but they can keep them for extended periods of time. By randomly I mean without any suspicion at all. They literally pick you out of the line at random.

We're told that DHS will store the electronics in a secure location and destroy any copies when they are done with them, but anything else would be totally irresponsible. The mere fact that they aren't leaving your laptop in an insecure location doesn't balance your civil liberties interests!

The privacy impact study does take the time in its introduction to acknowledge that "the... central privacy concern is the sheer volume and range of types of information available on electronic devices as opposed to a more traditional briefcase or backpack." It almost sounds like they are off to a good start, but the document never directly addresses the privacy implications of having Customs officers forensically examine that information, which includes detailed records of personal correspondence, work product, web surfing history, photographs and music collections, etc. That is the central concern here and the document steps around it with a creepy degree of bureaucratic blindness:

CBP and ICE have identified six privacy risks associated with the examination, detention, retention, and/or seizure of a traveler’s electronic device or information during a border search: (1) travelers may need additional information regarding the authority to conduct border searches; (2) the traveler may be unaware of the viewing or detention of his/her information by CBP and ICE; (3) personally identifiable information (PII) may be detained where it is not needed; (4) PII may be misused by CBP and ICE officers; (5) CBP and ICE may disclose PII to other agencies that may misuse or mishandle it; and (6) new privacy risks may arise as the technology involved in this activity is ever-changing. The first risk is disposed of by the overwhelming precedent in U.S. law which affords CBP and ICE latitude in conducing searches of individuals and their belongings as they cross the United States borders.

The number one privacy risk associated with suspicionless Customs searches of laptops is the fact that Customs officers will view innocent people's personal information. That is true regardless of what legal authority exists for the searches. Their complete failure to acknowledge that obvious fact stands out as a fundamental weakness in the argument that this document balances civil liberties and security concerns. You can't say you balanced something that you didn't even mention.

However, buried in here is one interesting line that they did draw in the sand. It is drawn way, way back from where I think it ought to be drawn, but its interesting nonetheless. When they take your laptop they can send it out to third parties if they need technical help with file formats or encryption or language translation. However, they cannot send your information out to another agency for "subject matter expertise" unless they have "reasonable suspicion."

What does that mean? The only example given is the case where the officer would need assistance from an engineer to explain technical or scientific papers found on the disk. Does Customs believe that you have a constitutional right not to have subject matter experts involved in your suspicionless search? Its really hard to say without more information, but I think it might just be a cost control measure - they don't want agents forking out hundreds per hour to a consultant to interpret information unless they have established some sort of suspicion on their own.

All in all, the most useful factoid was not in the privacy impact study, but in the press release that was delivered along with it:

Between Oct. 1, 2008, and Aug. 11, 2009, CBP encountered more than 221 million travelers at U.S. ports of entry. Approximately 1,000 laptop searches were performed in these instances—of those, just 46 were in-depth.

This sort of statistic is really what we need in order to understand the real world privacy impacts of these searches. Its this kind of data that the ACLU is looking to collect with their lawsuit, which was well covered in this article.

They don't define what "in depth" means, but what this statistic tells me is that there is absolutely no operational need for the laptop search policies to be this broad. According to the policy they could have done in-depth searches of hundreds of thousands or even millions of laptops during this timeframe. Given the 5 day turn around window it would be possible to set up a national processing center using overnight mail if they had the funding. Its the same turn around time that laptop repair shops have.

In my view there is ample room for Congress to craft a rule that acknowledges and defends the legitimate right of the people to be secure against random or suspicionless forensic investigations of their computers without any impact on the legitimate law enforcement activities of CBP and ICE.

I don't really understand why this is so difficult. The difference between 46 in-depth searches and 221 million in-depth searches is a gap that you could drive the policy equivalent of a transport truck through without anyone so much as noticing. Its time for the forces of authoritarianism to stop being stupid about this.

DHS Secretary Napolitano Announces New Directives on Border Searches of Electronic Media

Powered By Industrial Memetics