Risk
1/15/2010
03:08 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Laptop Search Documents Revealed

Though some travelers object to border agents reading their e-mail and viewing their digital images, the government insists "they're like pages in a book" and defends its right to review them.

Documents detailing nine months of searches and seizures of electronic devices by U.S. Customs and Border Protection (CBP) agents were released on Thursday by the American Civil Liberties Union, offering previously unavailable insight into border searches.

Last summer, the Department of Homeland Security released new rules governing searches of laptops and other electronic devices at airports and other border crossings. The rules, regarded as an improvement in terms of clarity, nonetheless continued Bush administration policies giving government agents the right to search electronic devices as if they were suitcases or backpacks, without cause.

In February, 2009, the U.S. Supreme Court let stand an appeals court ruling that laptops are like suitcases and can be searched at borders without reasonable suspicion.

Business travel groups and rights groups have objected to treating electronic devices like baggage, arguing that electronic information deserves a higher degree of privacy protection.

The U.S. government maintains that its search policy is necessary to fight crime and terrorism.

The documents, obtained through a Freedom of Information Act request, "show that the constitutional rights of thousands of travelers were put at risk and violated by the CBP's policy," said Catherine Crump, staff attorney with the ACLU First Amendment Working Group, in a statement.

The documents show that over 1,500 devices were searched over a nine month period, including 360 laptops and 560 cell phones. CBP agents copied files from searched devices and provided them to undisclosed government agencies almost 300 times.

The documents also include a variety of letters from citizens and government officials expressing concerns about border searches. Some of the letters present complaints about delays or unprofessional treatment.

One of the letters asks," If a CBP agent requests my password or encryption key and I refuse to provide it, willi be denied entry, will my laptop be seized, neither or both?"

The CBP's reply, on August 12, 2009, is, "The short answer is yes." This is followed by a lengthy explanation. It asserts that the CBP can be trusted with confidential business data.

"[T]o allay any concerns the business community or others may have that their personal or trade information might be put at risk by traveling with their laptops , I urge you to look at our track record," the CBP reply states. "Every day, thousands of commercial entry documents, shipping manifests, container content lists , and detailed pieces of company information are transmitted to CBP so we can effectively process entries and screen cargo shipments bound for the United States. This information is closely guarded and governed by strict privacy procedures. Information from passenger laptops or other electronic devices is treated no differently."

Also among the complaints is a letter charging that a traveler, after being searched, had his or her -- the names have been redacted -- baggage returned and found someone else's camera among his or her possessions.

Crump charges that the CBP's ability to take and view the personal files of any traveler fails to protect the personal data people store on their laptops and mobile devices.

"There's a meaningful difference between searching through someone's diary and searching through someone's shoe," she said in a phone interview.

Crump said the ACLU supports the government's right to conduct border searches of devices when there's a reason. The problem, she says, is what she calls "suspicionless searches."

On Wednesday, the Electronic Frontier Foundation said that another civil rights group, the National Association of Criminal Defense Lawyers, is seeking plaintiffs willing to challenge the search policy in court.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-1544
Published: 2014-07-23
Use-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Network Security Services (NSS) 3.x, as used in Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, allows remote attackers to execute arbitrary code via vectors that trigger cer...

CVE-2014-1547
Published: 2014-07-23
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

CVE-2014-1548
Published: 2014-07-23
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

CVE-2014-1549
Published: 2014-07-23
The mozilla::dom::AudioBufferSourceNodeEngine::CopyFromInputBuffer function in Mozilla Firefox before 31.0 and Thunderbird before 31.0 does not properly allocate Web Audio buffer memory, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and applica...

CVE-2014-1550
Published: 2014-07-23
Use-after-free vulnerability in the MediaInputPort class in Mozilla Firefox before 31.0 and Thunderbird before 31.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging incorrect Web Audio control-message ordering.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Sara Peters hosts a conversation on Botnets and those who fight them.