Many Americans know that the Fourth Amendment protects them from unreasonable searches and seizures by the state officials, but most are unaware that this protection is greatly reduced in the context of border crossings. Normally, a police officer or other official needs a warrant or probable cause to search someone’s laptop or other electronic device. However, when a U.S. citizen returns to the United States through an international border, the border officials may search and copy the traveler’s data without these traditional safeguards.
This loophole in data security is important to many professionals since it increases the risk that confidential information may get into the wrong hands. Business travelers, lawyers, doctors, or other professionals may have confidential or privileged information on their laptops or hard drives that they don’t want others to see or that they are obligated by law or contract to protect. Some travelers may simply have sensitive personal information on their computers, such as financial documents, medical records, or personal correspondence, which they wish to keep private. Regardless the types of documents travelers have in their possession, they all are at risk of being searched and copied at the border.
Newly released documents detail the government’s practice of using border crossings as a tool to search and seize specific Americans’ electronic data. These documents describe the secretive process that allows the government to create a travel alert for a person, who may not be a suspect in an investigation, then detain that person at a border crossing and confiscate or copy any electronic devices the person is carrying. The government creates the travel alert by entering a lookout into a government database called TECS. While this technique has been mainly used to combat illegal activities like drug smuggling, child pornography and terrorism, it has become so commonplace that anyone may become the next target. The Department of Homeland Security has said that it conducted electronic data searches on 4,957 people from October 1, 2010, through August 31, 2013.
The U.S. Supreme Court has not yet decided whether the government needs a reasonable suspicion of criminal activity to search a traveler’s laptop, but several lower court decisions have decided that such a reasonable suspicion is not needed. Examples include the Ninth Circuit cases United States v. Arnold and United States v. Romm, and the Texas district court case United States v. McAuley. A recent Ninth Circuit decision, United States v. Cotterman, held that a reasonable suspicion of criminal activity is required for forensic search of a device using software to analyze encrypted or deleted data, as opposed to more cursory examinations of documents, photos, or other files. Expanding on this requirement, the court held that reasonable suspicion is also required for searches of devices that conducted at a time and/or place removed from the initial border stop.
While border officials may have wide leeway in searching a traveler’s data, there are several steps anyone can use to make his or her data less vulnerable at the border. Even though none of these methods are 100% effective, they should offer you some peace of mind in the world of increasing data surveillance and warrantless searches.
- Travel with a bare computer. (Ask your company for a “forensically clean” computer for travel. These computers contain the operating system, required applications, and little or no data. You can then upload needed documents via secure private networks.)
- Turn off computer early. (Turn off your computer five minutes before reaching customs to remove temporary data, since computers store unencrypted information in random access memory (RAM) while the computer is running.)
- Back up your data. (If your data is confiscated at the border, you may still be able to recover your data and continue your work.)
- Partition and encrypt Your entire hard drive. (This will make it much harder for border officials to access your confidential information. You can also create different user accounts to hold sensitive information.)