Border agents could be forced to get a warrant before searching devices

By pressuring travelers to hand over locked phones and the means to unlock them, US Customs & Border Patrol (CBP) is “short-circuiting” well-established laws about how law enforcement is supposed to apply for warrants to get data from social media and email providers. That’s the view of Senator Ron Wyden as set out in his letter to John Kelly, secretary of homeland security.

In the letter, dated Monday, the senator said that he’s working on legislation that would require border agents to get a warrant before they can search devices. The legislation will also prohibit forcing travelers to reveal their account passcodes.

The checks and balances of the long-established warrant application process include giving an ISP or social media company the chance to ask that the terms of an overly broad warrant be narrowed, Wyden said.

As it is, the CBP’s “digital dragnets” are distracting the patrol from actual threats, he said:

These digital dragnet border search practices weaken our national and economic security. Indiscriminate digital searches distract CBP from its core mission and needlessly divert agency resources away from those who truly threaten our nation.

…as well as potentially causing businesses to cut back on nonessential employee travel, given fears that their business data may be seized when they cross the border.

That, in fact, is exactly what happened to a NASA employee recently.

As NASA engineer and US citizen Sidd Bikkannavar tells it, he flew back into the US on January 30. He claims that he was detained by CBP agents at the airport and pressured to hand over his NASA-issued phone and the PIN to get into it – even though it could have contained sensitive information relating to his employment at the space agency.

What Wyden’s after, essentially, is for the Constitution to enter border zones. As it is, border zones are commonly called “Constitution-free” in the US.

That’s not strictly true, as the ACLU notes. While Border Patrol agents don’t need a warrant – or even suspicion of wrongdoing – to conduct a routine search (say, of your car or your luggage), they still can’t pull anyone over without “reasonable suspicion” of an immigration violation or crime. Reasonable suspicion, as in, more than a hunch.

Still, search rules certainly are different than outside of these so-called ports of entry, which extend to within 100 miles of a land or coastal border and hence affect roughly two thirds of the US population.

Wyden says his legislation will guarantee that the Fourth Amendment – which protects Americans from random and arbitrary stops and searches – is respected at those border zones.

In his letter, Wyden had a series of questions for Homeland Security regarding what legal authority allows CBP to demand devices and passwords, and how often CBP has done so over the past five years.

Here’s the full list of his questions:

1. What legal authority permits CBP to ask for or demand, as a condition of entry, that a US person disclose their social media or email account password?
2. How is CBP use of a traveler’s password to gain access to data stored in the cloud consistent with the Computer Fraud and Abuse Act?
3. What legal authority permits CBP to ask for or demand, as a condition of entry, that a US person turn over their device PIN or password to gain access to encrypted data? How are such demands consistent with the Fifth Amendment?
4. How many times in each calendar year 2012-2016 did CBP personnel ask for or demand, as a condition of entry, that a US. person disclose a smartphone or computer password, or otherwise provide access to a locked smartphone or computer? How many times has this occurred since January 20 2017?
5. How many times in each calendar year 2012, 2013, 2014, 2015, and 2016 did CBP personnel ask for or demand, as a condition of entry, that a US person disclose a social media or email account password, or otherwise provide CBP personnel access to data stored in an online account? How many times has this occurred since January 20 2017?