Feeds

Of laptops and US border searches

Feds seek unfettered access

Top three mobile application threats

Indeed, if we accept the government's argument, there is no reason to restrict this doctrine to border searches. A search at the border is permissible because it is "reasonable." It is "reasonable" because the government has a good reason to do it -- to protect the borders. But, just try flying domestically without being patted down and having your luggage examined. Certainly such a "search" on a domestic flight is "reasonable." Oh, and on a train or bus as well. Try entering any federal property, such as a federal office building, military facility, or courthouse. You and your belongings are subject to search, but does this give carte blanche for examining, copying, or analyzing the contents of electronic devices at any of these places? I think not.

A compromise

I'm all for catching child predators and terrorists, as I think the vast majority of us are. If we keep the warrantless and suspicion-less searches limited, then these types of searches might be "reasonable." Even without suspicion, it is reasonable at an international border (or even at the airport) to ask someone to boot up their computer to make sure it is really a computer, and is not being used to transport illegal bombs or drugs. That's what should be considered "reasonable."

If there is some suspicion (and perhaps what Arnold was doing was suspicious enough, perhaps not), the border agents can make a cursory inspection for a specific list of prohibited contraband (for example, child pornogrpahy), just as they could rifle through files in a briefcase to look for kiddie porn in a magazine. Anything more intrusive should require either greater suspicion or probable cause and a warrant. Sure it would be nice to be able to mirror the hard drives of suspected terrorists or their families, friends, or associates and create a super database of associates and communications (similar to what is done with computers seized on the battlefield in Iraq or Afghanistan). It would be nice to do that without a warrant, even if they didn't cross the border. But how do we know they are suspected terrorists? Shouldn't a "reasonable" search at the border require some level of suspicion?

What is needed is some limit on governmental search and seizure powers for electronic information, even at the border. Overall, to pass constitutional muster, the search must be reasonable, but more leeway could be granted to the Customs and Border Protection Service because of their mission, which is essentially to prevent contraband from entering the country. Once you expand that mission to gathering information about any violation of law (tax laws, copyright law, SEC reporting laws, or sodomy laws, to name a few) and to "gathering intelligence" about potential crimes (for example, terrorist patterns), the scope of the permissible search becomes, as in the government's argument, "plenary".

That's where reasonableness ends. To give border agents unfettered authority to search the full contents of anyone's computer, for any reason, defies common sense and constitutionality. To allow the "seized" data to be carted off to a massive and unrestricted law enforcement and intelligence database is likewise unreasonable. As James Madison stated in 1788 (anonymously, by the way) in Federalist 51:

If men were angels, no government would be necessary. If angels were to govern men, neither external nor internal controls on government would be necessary. In framing a government which is to be administered by men over men, the great difficulty lies in this: you must first enable the government to control the governed; and in the next place oblige it to control itself.

Some border searches of laptops are reasonable, even without suspicion. Some are reasonable with only "specific and articulable facts" to lead one to believe that there is evidence of specific wrongdoing on the computer. And some searches, seizures, and copying of computers are just flat out unreasonable. For example, reading attorney-client or priest-penitent privileged and personal files. It isn't all or nothing, despite the government's arguments to the contrary.

Now, can I get my laptop back?

SecurityFocus columnist Mark D. Rasch, J.D., is a former head of the Justice Department's computer crime unit, and specializes in computer crime, computer security, incident response, forensics and privacy matters as Managing Director of Technology for FTI Consulting, Inc.

This article originally appeared in Security Focus.

Copyright © 2008, SecurityFocus

Combat fraud and increase customer satisfaction

More from The Register

next story
Lavabit loses contempt of court appeal over protecting Snowden, customers
Judges rule complaints about government power are too little, too late
Don't let no-hire pact suit witnesses call Steve Jobs a bullyboy, plead Apple and Google
'Irrelevant' character evidence should be excluded – lawyers
Record labels sue Pandora over vintage song royalties
Companies want payout on recordings made before 1972
EFF: Feds plan to put 52 MILLION FACES into recognition database
System would identify faces as part of biometrics collection
Edward Snowden on his Putin TV appearance: 'Why all the criticism?'
Denies Q&A cameo was meant to slam US, big-up Russia
Systems meltdown plunges US immigration courts into pen-and-paper stone age
Massive outage could last four weeks, sources claim
Ex-Tony Blair adviser is new top boss at UK spy-hive GCHQ
Robert Hannigan to replace Sir Iain Lobban in the autumn
Judge halts spread of zombie Nortel patents to Texas in Google trial
Epic Rockstar patent war to be waged in California
US Supreme Court supremo rakes Aereo lawman in oral arguments
Antenna-array content streamers: 'Ruling against us could dissipate the cloud'
prev story

Whitepapers

Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.