CBP Privacy Impact Assessment Says It Can Pull All Sorts Of Data And Communications From Peoples' Devices At The Border

The CBP is going to continue fishing in people's devices, despite federal courts (including the Ninth Circuit Court of Appeals) telling it that suspicionless device searches are unconstitutional. The agency will just have to come up with something approximating suspicion to do it. Its latest Privacy Impact Assessment of its border device search policy gives it plenty of options for continuing its practice of performing deep dives into devices it encounters.

Travelers heading to the US have many reasons to be cautious about their devices when it comes to privacy. A report released Thursday from the Department of Homeland Security provides even more cause for concern about how much data border patrol agents can pull from your phones and computers.

In a Privacy Impact Assessment dated July 30, the DHS detailed its US Border Patrol Digital Forensics program, specifically for its development of tools to collect data from electronic devices.

The number of device searches performed at the border has been increasing exponentially. The DHS has amped up this program in very recent years. In 2015, the CBP searched less than 5,000 devices. In 2018, it searched 33,000.

The Impact Assessment [PDF] leaves the agency with plenty of options for warrantless searches. First of all, being anywhere near a border (in which "near" means "within 100 miles" and "border" means any port of entry, including actual ports and international airports) subjects people and their devices to additional scrutiny without any need to establish reasonable suspicion. As a border control and security agency, the CBP has the power to engage in a number of searches, detainments, and interrogations without worrying too much about Constitutional rights.

Going beyond that, the CBP can also badger people into consent. This is sometimes obtained by telling people they're free to go but their devices aren't. Considering how important some of these are to everyday life, people at checkpoints may agree to a search rather than lose the only thing connecting them to friends, family, legal assistance, job opportunities, bank accounts, employers, etc. The CBP can also search any device it considers "abandoned" without suspicion or probable cause. Finally, if there's no other good reason to do so, the CBP can claim "exigent circumstances" demanded warrantless access. In far too many cases, exigent circumstances just means the government has decided to apologize to a court later rather than ask for permission first.

Here's everything the CBP can pull from a device with or without a warrant:

Contacts
Call Logs/Details
IP Addresses used by the device
Calendar Events
GPS Locations used by the device
Emails; Social Media Information
Cell Site Information
Phone Numbers
Videos and Pictures
Account Information (User Names and Aliases)
Text/chat messages
Financial Accounts and Transactions
Location History
Browser bookmarks
Notes
Network Information
Tasks List

Does this impact privacy? Hell yeah it does! Will the CBP be changing anything about it? Nope. Sorry about that people whose rights we've decided are less important than protecting this nation from incoming visitors and immigrants less likely to be carrying the coronavirus than the proud Americans they'll be encountering once they cross the border. The privacy risk is "mitigated" because [drum roll] the CBP has released this document declaring all the privacy-violating it will be doing:

CBP has provided notice and transparency about its digital forensic program and border search authority by publicly releasing the policy for these searches and publishing this and corresponding PIAs.

Fantastic.

More good news: the DHS and CBP have been unable to show these additional device searches have resulted in additional border security. The program is an unsupervised mess that violates rights without delivering corresponding gains in border protection.

Finally, [CBP's] OFO [Office of Field Operations] has not yet developed performance measures to evaluate the effectiveness of a pilot program, begun in 2007, to conduct advanced searches, including copying electronic data from searched devices to law enforcement databases.

The DHS still isn't checking to see if warrantless device searches are making the nation safer and doesn't plan to in the future. The pot that is never watched troubles no one when it fails to reach a boil.

There are no changes to auditing and accountability as it relates to the new tools.

\_()_/

Oh well... carry on, I guess.