Feeds

Of laptops and US border searches

Feds seek unfettered access

High performance access to file storage

Indeed, if we accept the government's argument, there is no reason to restrict this doctrine to border searches. A search at the border is permissible because it is "reasonable." It is "reasonable" because the government has a good reason to do it -- to protect the borders. But, just try flying domestically without being patted down and having your luggage examined. Certainly such a "search" on a domestic flight is "reasonable." Oh, and on a train or bus as well. Try entering any federal property, such as a federal office building, military facility, or courthouse. You and your belongings are subject to search, but does this give carte blanche for examining, copying, or analyzing the contents of electronic devices at any of these places? I think not.

A compromise

I'm all for catching child predators and terrorists, as I think the vast majority of us are. If we keep the warrantless and suspicion-less searches limited, then these types of searches might be "reasonable." Even without suspicion, it is reasonable at an international border (or even at the airport) to ask someone to boot up their computer to make sure it is really a computer, and is not being used to transport illegal bombs or drugs. That's what should be considered "reasonable."

If there is some suspicion (and perhaps what Arnold was doing was suspicious enough, perhaps not), the border agents can make a cursory inspection for a specific list of prohibited contraband (for example, child pornogrpahy), just as they could rifle through files in a briefcase to look for kiddie porn in a magazine. Anything more intrusive should require either greater suspicion or probable cause and a warrant. Sure it would be nice to be able to mirror the hard drives of suspected terrorists or their families, friends, or associates and create a super database of associates and communications (similar to what is done with computers seized on the battlefield in Iraq or Afghanistan). It would be nice to do that without a warrant, even if they didn't cross the border. But how do we know they are suspected terrorists? Shouldn't a "reasonable" search at the border require some level of suspicion?

What is needed is some limit on governmental search and seizure powers for electronic information, even at the border. Overall, to pass constitutional muster, the search must be reasonable, but more leeway could be granted to the Customs and Border Protection Service because of their mission, which is essentially to prevent contraband from entering the country. Once you expand that mission to gathering information about any violation of law (tax laws, copyright law, SEC reporting laws, or sodomy laws, to name a few) and to "gathering intelligence" about potential crimes (for example, terrorist patterns), the scope of the permissible search becomes, as in the government's argument, "plenary".

That's where reasonableness ends. To give border agents unfettered authority to search the full contents of anyone's computer, for any reason, defies common sense and constitutionality. To allow the "seized" data to be carted off to a massive and unrestricted law enforcement and intelligence database is likewise unreasonable. As James Madison stated in 1788 (anonymously, by the way) in Federalist 51:

If men were angels, no government would be necessary. If angels were to govern men, neither external nor internal controls on government would be necessary. In framing a government which is to be administered by men over men, the great difficulty lies in this: you must first enable the government to control the governed; and in the next place oblige it to control itself.

Some border searches of laptops are reasonable, even without suspicion. Some are reasonable with only "specific and articulable facts" to lead one to believe that there is evidence of specific wrongdoing on the computer. And some searches, seizures, and copying of computers are just flat out unreasonable. For example, reading attorney-client or priest-penitent privileged and personal files. It isn't all or nothing, despite the government's arguments to the contrary.

Now, can I get my laptop back?

SecurityFocus columnist Mark D. Rasch, J.D., is a former head of the Justice Department's computer crime unit, and specializes in computer crime, computer security, incident response, forensics and privacy matters as Managing Director of Technology for FTI Consulting, Inc.

This article originally appeared in Security Focus.

Copyright © 2008, SecurityFocus

High performance access to file storage

More from The Register

next story
Android engineer: We DIDN'T copy Apple OR follow Samsung's orders
Veep testifies for Samsung during Apple patent trial
Did a date calculation bug just cost hard-up Co-op Bank £110m?
And just when Brit banking org needs £400m to stay afloat
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
EFF: Feds plan to put 52 MILLION FACES into recognition database
System would identify faces as part of biometrics collection
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Big Content goes after Kim Dotcom
Six studios sling sueballs at dead download destination
Alphadex fires back at British Gas with overcharging allegation
Brit colo outfit says it paid for 347KVA, has been charged for 1940KVA
Jack the RIPA: Blighty cops ignore law, retain innocents' comms data
Prime minister: Nothing to see here, go about your business
Singapore decides 'three strikes' laws are too intrusive
When even a prurient island nation thinks an idea is dodgy it has problems
Banks slap Olympus with £160 MEEELLION lawsuit
Scandal hit camera maker just can't shake off its past
prev story

Whitepapers

Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.