Wednesday, June 25, 2008

Laptop Seizures Pose Security Threat

Customs and Border Patrol’s practice of seizing laptop computers and other electronic devices from American travelers returning to the United States without notifying them of what will happen to the data could negatively affect the U.S. economy, according to travel and privacy analysts who are scheduled to testify before a Senate panel on Wednesday.

The hearing before a Senate Judiciary subcommittee comes two months after the 9th Circuit Court of Appeals ruled that CBP officials do not need reasonable suspicion to search laptops, BlackBerrys, cell phones and other personal electronic storage devices at U.S. borders. The seizures can include downloading personal information and data from the devices. The Electronic Frontier Foundation and the Association of Corporate Travel Executives filed amicus briefs earlier this month asking the court to reverse the decision.

CBP’s practice places undue burdens on travelers and could have a harmful impact on the economy, said Susan Gurley, executive director of the Association of Corporate Travel Executives, who plans to testify at the hearing. “Our argument is that essentially in today’s world you carry your office with you on electronic devices such as a cell phone, laptop or BlackBerry,”

Gurley said. “In the old days, if you were physically sitting in your office, you need a warrant to search it. Now basically one does not need a warrant.”

Peter Swire, a professor at Moritz College of Law at Ohio State University who served for two years as chief counselor for privacy under President Bill Clinton, also is concerned about the privacy implications of the ruling. “Opening my suitcase at the border is not the same as opening my laptop and making a permanent record of everything in it,” he said.

Swire said he plans to tell the subcommittee how laptop border searches are similar to the failed encryption policies of the 1990s. “The government policy violates good security practices,” he said. “It asks for password and encryption keys, which people are trained to never reveal. It violates privacy, chills free speech and compromises business secrets.”

The travel association has informally studied the potential economic impact on business travelers. Gurley said lawyers carrying confidential client materials on their laptops or small business owners worried about the integrity of their business plans must make alternate arrangements such as purchasing another computer for travel and adjusting the way they transfer information.

“There is anxiety over not knowing what the rules are,” she said. “Companies are implementing costly measures. If the rules were posted, we would know how long it takes to get the information returned.”

The association is calling for CBP to conduct privacy impact assessments to reveal the number of laptops and other devices it has seized and to disclose how long the agency takes to return them to their owners if it finds no criminal activity. The association also is concerned about what happens to data that CBP downloads or copies.

“If the information will be copied, we want to know that there are safeguards in place so they are sure of the integrity of the data,” Gurley said. “That way individuals know they will get their information back and that it is still private, not potentially shared with hundreds, even if it is inadvertent.”

But travelers should not have an expectation of privacy when crossing the border, said Nathan Sales, a professor of law at George Mason University who also is scheduled to testify. He said that all information and possessions carried by individuals across the border such as documents or photo albums are fair game for search without reasonable suspicion and that the law doesn’t provide an expectation of privacy just because information is stored digitally.

“We ought to have a law that is technologically neutral,” Sales said. “The amount of privacy shouldn’t depend on the format, digital or analog.” He noted that the 11 challenges to the legality of the laptop searches were made by convicted child pornographers.

Sales agreed that the Homeland Security Department should consider adopting policies concerning the information of ordinary travelers, calling the suggestion “eminently reasonable.” He said one such policy should be destroying the information because DHS would have a difficult time justifying why it needs to keep it.

Asked last week to respond to the foundation’s and association’s amicus filings, CBP issued a statement saying that its officers “have the responsibility to check items such as laptops and other personal electronic devices to ensure that any item brought into the country complies with applicable law and is not a threat to the American public. Laptop computers and other personal electronic devices may be detained for violations of law including child pornography, intellectual property offenses, ties to terrorism, or other violations of law. CBP officers are dedicated to protecting the civil rights of all travelers. It is not CBP’s intent to subject legitimate business travelers to undue scrutiny, but to ensure the safety of the American public.”


No comments: