Risk
1/15/2010
03:08 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Laptop Search Documents Revealed

Though some travelers object to border agents reading their e-mail and viewing their digital images, the government insists "they're like pages in a book" and defends its right to review them.

Documents detailing nine months of searches and seizures of electronic devices by U.S. Customs and Border Protection (CBP) agents were released on Thursday by the American Civil Liberties Union, offering previously unavailable insight into border searches.

Last summer, the Department of Homeland Security released new rules governing searches of laptops and other electronic devices at airports and other border crossings. The rules, regarded as an improvement in terms of clarity, nonetheless continued Bush administration policies giving government agents the right to search electronic devices as if they were suitcases or backpacks, without cause.

In February, 2009, the U.S. Supreme Court let stand an appeals court ruling that laptops are like suitcases and can be searched at borders without reasonable suspicion.

Business travel groups and rights groups have objected to treating electronic devices like baggage, arguing that electronic information deserves a higher degree of privacy protection.

The U.S. government maintains that its search policy is necessary to fight crime and terrorism.

The documents, obtained through a Freedom of Information Act request, "show that the constitutional rights of thousands of travelers were put at risk and violated by the CBP's policy," said Catherine Crump, staff attorney with the ACLU First Amendment Working Group, in a statement.

The documents show that over 1,500 devices were searched over a nine month period, including 360 laptops and 560 cell phones. CBP agents copied files from searched devices and provided them to undisclosed government agencies almost 300 times.

The documents also include a variety of letters from citizens and government officials expressing concerns about border searches. Some of the letters present complaints about delays or unprofessional treatment.

One of the letters asks," If a CBP agent requests my password or encryption key and I refuse to provide it, willi be denied entry, will my laptop be seized, neither or both?"

The CBP's reply, on August 12, 2009, is, "The short answer is yes." This is followed by a lengthy explanation. It asserts that the CBP can be trusted with confidential business data.

"[T]o allay any concerns the business community or others may have that their personal or trade information might be put at risk by traveling with their laptops , I urge you to look at our track record," the CBP reply states. "Every day, thousands of commercial entry documents, shipping manifests, container content lists , and detailed pieces of company information are transmitted to CBP so we can effectively process entries and screen cargo shipments bound for the United States. This information is closely guarded and governed by strict privacy procedures. Information from passenger laptops or other electronic devices is treated no differently."

Also among the complaints is a letter charging that a traveler, after being searched, had his or her -- the names have been redacted -- baggage returned and found someone else's camera among his or her possessions.

Crump charges that the CBP's ability to take and view the personal files of any traveler fails to protect the personal data people store on their laptops and mobile devices.

"There's a meaningful difference between searching through someone's diary and searching through someone's shoe," she said in a phone interview.

Crump said the ACLU supports the government's right to conduct border searches of devices when there's a reason. The problem, she says, is what she calls "suspicionless searches."

On Wednesday, the Electronic Frontier Foundation said that another civil rights group, the National Association of Criminal Defense Lawyers, is seeking plaintiffs willing to challenge the search policy in court.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading December Tech Digest
Experts weigh in on the pros and cons of end-user security training.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-2382
Published: 2014-11-20
The DfDiskLo.sys driver in Faronics Deep Freeze Standard and Enterprise 8.10 and earlier allows local administrators to cause a denial of service (crash) and execute arbitrary code via a crafted IOCTL request that writes to arbitrary memory locations, related to the IofCallDriver function.

CVE-2014-3625
Published: 2014-11-20
Directory traversal vulnerability in Pivitol Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling.

CVE-2014-7194
Published: 2014-11-20
TIBCO Managed File Transfer Internet Server before 7.2.4, Managed File Transfer Command Center before 7.2.4, Slingshot before 1.9.3, and Vault before 1.1.1 allow remote attackers to obtain sensitive information or modify data by leveraging agent access.

CVE-2014-7195
Published: 2014-11-20
Spotfire Web Player Engine in TIBCO Spotfire Web Player 6.0.x before 6.0.2 and 6.5.x before 6.5.2, Spotfire Deployment Kit 6.0.x before 6.0.2 and 6.5.x before 6.5.2, and Silver Fabric Enabler for Spotfire Web Player before 1.6.1 allows remote authenticated users to obtain sensitive information via u...

CVE-2014-8000
Published: 2014-11-20
Cisco Unified Communications Manager IM and Presence Service 9.1(1) produces different returned messages for URL requests depending on whether a username exists, which allows remote attackers to enumerate user accounts via a series of requests, aka Bug ID CSCur63497.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Now that the holiday season is about to begin both online and in stores, will this be yet another season of nonstop gifting to cybercriminals?