Risk
1/15/2010
03:08 PM
Connect Directly
LinkedIn
Twitter
Google+
RSS
E-Mail
50%
50%

Laptop Search Documents Revealed

Though some travelers object to border agents reading their e-mail and viewing their digital images, the government insists "they're like pages in a book" and defends its right to review them.

Documents detailing nine months of searches and seizures of electronic devices by U.S. Customs and Border Protection (CBP) agents were released on Thursday by the American Civil Liberties Union, offering previously unavailable insight into border searches.

Last summer, the Department of Homeland Security released new rules governing searches of laptops and other electronic devices at airports and other border crossings. The rules, regarded as an improvement in terms of clarity, nonetheless continued Bush administration policies giving government agents the right to search electronic devices as if they were suitcases or backpacks, without cause.

In February, 2009, the U.S. Supreme Court let stand an appeals court ruling that laptops are like suitcases and can be searched at borders without reasonable suspicion.

Business travel groups and rights groups have objected to treating electronic devices like baggage, arguing that electronic information deserves a higher degree of privacy protection.

The U.S. government maintains that its search policy is necessary to fight crime and terrorism.

The documents, obtained through a Freedom of Information Act request, "show that the constitutional rights of thousands of travelers were put at risk and violated by the CBP's policy," said Catherine Crump, staff attorney with the ACLU First Amendment Working Group, in a statement.

The documents show that over 1,500 devices were searched over a nine month period, including 360 laptops and 560 cell phones. CBP agents copied files from searched devices and provided them to undisclosed government agencies almost 300 times.

The documents also include a variety of letters from citizens and government officials expressing concerns about border searches. Some of the letters present complaints about delays or unprofessional treatment.

One of the letters asks," If a CBP agent requests my password or encryption key and I refuse to provide it, willi be denied entry, will my laptop be seized, neither or both?"

The CBP's reply, on August 12, 2009, is, "The short answer is yes." This is followed by a lengthy explanation. It asserts that the CBP can be trusted with confidential business data.

"[T]o allay any concerns the business community or others may have that their personal or trade information might be put at risk by traveling with their laptops , I urge you to look at our track record," the CBP reply states. "Every day, thousands of commercial entry documents, shipping manifests, container content lists , and detailed pieces of company information are transmitted to CBP so we can effectively process entries and screen cargo shipments bound for the United States. This information is closely guarded and governed by strict privacy procedures. Information from passenger laptops or other electronic devices is treated no differently."

Also among the complaints is a letter charging that a traveler, after being searched, had his or her -- the names have been redacted -- baggage returned and found someone else's camera among his or her possessions.

Crump charges that the CBP's ability to take and view the personal files of any traveler fails to protect the personal data people store on their laptops and mobile devices.

"There's a meaningful difference between searching through someone's diary and searching through someone's shoe," she said in a phone interview.

Crump said the ACLU supports the government's right to conduct border searches of devices when there's a reason. The problem, she says, is what she calls "suspicionless searches."

On Wednesday, the Electronic Frontier Foundation said that another civil rights group, the National Association of Criminal Defense Lawyers, is seeking plaintiffs willing to challenge the search policy in court.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-2174
Published: 2015-05-24
Cisco TelePresence T, TelePresence TE, and TelePresence TC before 7.1 do not properly implement access control, which allows remote attackers to obtain root privileges by sending packets on the local network and allows physically proximate attackers to obtain root privileges via unspecified vectors,...

CVE-2015-0713
Published: 2015-05-24
The web framework in Cisco TelePresence Advanced Media Gateway Series Software before 1.1(1.40), Cisco TelePresence IP Gateway Series Software, Cisco TelePresence IP VCR Series Software before 3.0(1.27), Cisco TelePresence ISDN Gateway Software before 2.2(1.94), Cisco TelePresence MCU Software befor...

CVE-2015-0722
Published: 2015-05-24
The network drivers in Cisco TelePresence T, Cisco TelePresence TE, and Cisco TelePresence TC before 7.3.2 allow remote attackers to cause a denial of service (process restart or device reload) via a flood of crafted IP packets, aka Bug ID CSCuj68952.

CVE-2015-1894
Published: 2015-05-24
Cross-site request forgery (CSRF) vulnerability in IBM InfoSphere Optim Workload Replay 2.x before 2.1.0.3 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.

CVE-2015-1895
Published: 2015-05-24
IBM InfoSphere Optim Workload Replay 2.x before 2.1.0.3 relies on client-side code to verify authorization, which allows remote attackers to bypass intended access restrictions by modifying the client behavior.

Dark Reading Radio
Archived Dark Reading Radio
Join security and risk expert John Pironti and Dark Reading Editor-in-Chief Tim Wilson for a live online discussion of the sea-changing shift in security strategy and the many ways it is affecting IT and business.