Thursday, February 16, 2017

Your Cell Phone and Computer at the Border

"Let's see your computer. . . What's your password?
A record number of Americans, about 73 million, travelled abroad in 2015; an equal number visited the United States from abroad, about 77 million. That makes for approximately 150 million border crossings. Those crossings are primarily monitored by the Customs and Border Protection Service (CBP), a division of the Department of Homeland Security.

Border crossings can be tense: “where have you been?” “Where do you live?” “What do you do?” Agents wear guns. They don’t mean to put us at ease; they are trained to intimidate, to be direct, and firm. It mostly comes off as rude. It increases blood pressure at the best of times.

The U.S. Supreme Court has recognized that when we approach a border we enter a kind of no-mans-land when it comes to our constitutional protections against searches and seizures, and arbitrary treatment. There is a “long-standing right of the sovereign to protect itself by stopping and examining persons and property crossing into this country,” said the court in U.S. v. Ramsey, 431 U.S. at 616. At the border, officers can detain us for secondary questioning at a whim; they can make us miss our planes.

Foreign visitors can be arbitrarily denied entry, and in the current hysterical climate regarding terrorism more and more of them are being turned away. Trump’s recent Executive Order on immigration suspended our refugee program for four months even though the risk of getting killed in a terrorist attack by a refugee is infinitesimal: 1 in 3.64 billion. [Compare that to the 1 in 10,000 chance of being killed in a car crash; and we’re not seeing politicians clamoring for a four months suspension of all driving "so we can figure out what’s going on!”]

In Israel, since Netanyahu assumed power in 2009, the arbitrary detention and rejection of visitors at the border has increased eleven fold. Trump’s executive order on immigration signals that he aims to impose a similar hockey stick graph on our border statistics.

Trump has been talking about “extreme vetting” of refugees. In a recent NPR interview, Trump’s Director of Homeland Security, John Kelly, explained what he has in mind:

 “The thing that we're looking for is when a person comes in . . . we ask them to give us a list of websites that they visit and the passwords to get on those websites to see what they're looking at . . . –(what) social media, to see what they tweet; cell phones - cell phone conversations or cell phone contact books to where we can run them against databases, telephone numbers, people's names. Europe, the United States maintains databases and shares those databases. So these are some of the things we're thinking about.”

Our immigration officials at the border don’t mean to limit such inquiries to refugees. On December 8, 2016, the Electronic Frontier Foundation described three examples of such detention and questioning: one, a Canadian photojournalist, two, a U.S. citizen and reporter for the Wall Street Journal, and three, a dual Iranian-U.S. citizen. On January 30, 2017, a U.S. born NASA scientist, Sidd Bikannavar, was detained for questioning at customs in Houston, and not allowed to leave until he provided the password information to his smart phone.

Are we Really Required to Hand over our Computers and Cell Phones to CBP and Give them our Passwords when they Ask?

The Fourth Amendment to the U.S. constitution generally prohibits unreasonable searches and seizure and requires that searches be made pursuant to a warrant granted upon a showing of probable cause.  The border search doctrine and the “search incident to arrest” doctrine are two exceptions to the rule.

The Supreme Court said in U.S. v. Ramsey (1977) that the right to question people crossing the border, and to search goods, and mail, crossing the border is “plenary” and does not require probable cause. “It’s the border, stupid” and this makes such searches reasonable. The court observed that the border exception is similar to the “search incident to arrest” doctrine.

In U.S. v. Cotterman 709 F.3d 952 (9th Circuit 2013) the court reiterated the broad sovereign interests that prevail at the border, but emphasized that, even at the border it’s not “anything goes.” The 4th Amendment still applies and “reasonableness” is the standard. But the court held that in the border context, it is reasonable for officers to snoop through your computer without any reasonable suspicion. In U.S. v. Arnold 533 F.3dd 1003 (2008) the court said: "we are satisfied that reasonable suspicion is not needed for customs officials to search a laptop or other personal electronic storage devices at the border.”

So you can see where John Kelly gets the idea that his policy of inspecting our phones and computers on a whim during border searches will stand muster.

[In Cotterman the court also held that a forensic examination of your computer by customs officials requires “reasonable suspicion,” but let’s set that aside for now]

The CBP also thinks they have the authority to force you to tell them your password. They point to 19 U.S.C 507 as statutory authority. Section 507 says “every customs official  shall. . . have authority to seek the assistance of any person in making . . . any search. . . .” Orin Kerr, an expert on the 4th Amendment and computer law at George Washington Law School, is skeptical that this says we must turn over our computer and phone passwords when asked, and he suggests there are no cases interpreting the statute in such a manner. It also seems that a compulsion to disclose a password would violate the 5th Amendment right against self-incrimination. See Miranda v. Arizona 384 U.S. 436 (1966)(extending the Fifth Amendment protection against self-incrimination to encompass any situation outside of the courtroom that involves the curtailment of personal freedom).

U.S. v. Riley

But there is reason to believe that Cotterman, Arnold, and other cases holding immigration officials have the right to examine the contents of our cellphones and computers without probable cause (or any articulable suspicion), will not survive a trip to the Supreme Court.

In U.S. v. Riley 573 U.S. __ (2014) a unanimous Supreme Court removed cell phones (and by implication computers) from the “search incident to arrest” exception to the 4th Amendment probable cause and warrant requirement. Cell phones are different from other personal property we carry around. Cell phones are uniquely private. They contain digitial data, much of which is not even located on the phone, but in remote locations (“the cloud”) that are only accessed through the phone. Cell phones contain our whole life: our communications for months and years, what we look at, where we’ve been, what we’re interested in; they reflect our inner most private thoughts and concerns, our photo albums, our address books. Digital data is as different from a crumpled cigarette pack as, in John Robert’s memorable phrase, a trip down a country lane in a buggy is different from a rocket ride to the moon.

“Absent more precise guidance from the founding era,” explained the Chief Justice in Riley, “we generally determine whether to exempt a given type of search from the warrant requirement by assessing, on the one hand, the degree to which it intrudes upon an individual’s privacy and, on the other hand, the degree to which it is needed for the promotion of legitimate government interests.” In the case of an arrest, the legitimate interests of the police are (1) to remove any weapon that presents a threat, and that might lead to resistance or escape; and (2) to seize evidence on the person relevant to the crime that is the subject of the arrest to prevent its concealment or destruction. The right or warrantless search extends to an area within the immediate control of the defendant. The examination of a cell phone serves neither of these purposes, the Riley court found, and so the police may not examine cell phones incident to making an arrest without probable cause and a search warrant.

The same analysis should apply to the warrantless examination of cell phones and computers during a border search. As the court noted in Ramsey (1977), there is a two-part rationale for border searches: (1) to have the traveler identify himself or herself as being someone legally entitled to enter the country; and (2) to verify that the traveler’s belongings are things that may lawfully be brought into the country. These rationales do not support invading the heightened privacy interest we have in cell phones and computers (as recognized by Riley) without probable cause and a warrant—certainly not for citizens and other lawful residents.

Citizens automatically have a legal right to enter the country. Compare the opinions of ACLU lawyer, Nathan Freed Wessler, as reported in this ARS Technica article, and Orin Kerr’s analysis. Detaining a citizen is a seizure and a seizure can’t be unlimited, notes Kerr. The sovereign has no right to exclude a citizen, and absent probable cause that it contains evidence of a crime, there is no basis to seize a computer or cell phone and to examine the digital data these devices contain. Personal computers are not objects prohibited from entering the country.

The situation is less clear for foreign visitors. The role of CBP is to have the traveler identify himself or herself as being someone legally entitled to enter the country. An examination of a cell phone or computer might be relevant to such an identification. If you sport a picture of Bin Laden or Mohammad Atta as your screen shot—this might legitimately prompt some follow up questions.

[Constitutional rights generally apply to anyone present in the country alike, i.e. to citizens and non-citizens alike; but that’s another issue]


CBP has cases they can point to in support of their desire to look at your cell phone and computer at a  whim without probable cause or reasonable suspicion that it contains evidence of any wrongdoing. Riley suggests they shouldn’t have that right.

We have gotten used to universal searches at airports before boarding a plane. The mechanical and universal way TSA now conducts these searches is reasonably unobtrusive. But imagine that Silicone Valley develops a way to down-load all the contents of your computer and cell phone data as easily as we now scan our computers for explosives before boarding a plane!  Do we really want to sit by and let the government do this every time we cross a border?  I don’t think so.

The only way to guard our privacy is to stand up for it. I, for one, am resolved that if asked to turn over my phone or computer at a border check I will not voluntarily do so . . . , and I will not provide a password to these devices to CBP short of torture. 

Like with all things Trump, the watchword is RESIST.

Follow me on Twitter @RolandNikles

No comments:

Post a Comment