Feeds

Of laptops and US border searches

Feds seek unfettered access

The essential guide to IT transformation

Indeed, if we accept the government's argument, there is no reason to restrict this doctrine to border searches. A search at the border is permissible because it is "reasonable." It is "reasonable" because the government has a good reason to do it -- to protect the borders. But, just try flying domestically without being patted down and having your luggage examined. Certainly such a "search" on a domestic flight is "reasonable." Oh, and on a train or bus as well. Try entering any federal property, such as a federal office building, military facility, or courthouse. You and your belongings are subject to search, but does this give carte blanche for examining, copying, or analyzing the contents of electronic devices at any of these places? I think not.

A compromise

I'm all for catching child predators and terrorists, as I think the vast majority of us are. If we keep the warrantless and suspicion-less searches limited, then these types of searches might be "reasonable." Even without suspicion, it is reasonable at an international border (or even at the airport) to ask someone to boot up their computer to make sure it is really a computer, and is not being used to transport illegal bombs or drugs. That's what should be considered "reasonable."

If there is some suspicion (and perhaps what Arnold was doing was suspicious enough, perhaps not), the border agents can make a cursory inspection for a specific list of prohibited contraband (for example, child pornogrpahy), just as they could rifle through files in a briefcase to look for kiddie porn in a magazine. Anything more intrusive should require either greater suspicion or probable cause and a warrant. Sure it would be nice to be able to mirror the hard drives of suspected terrorists or their families, friends, or associates and create a super database of associates and communications (similar to what is done with computers seized on the battlefield in Iraq or Afghanistan). It would be nice to do that without a warrant, even if they didn't cross the border. But how do we know they are suspected terrorists? Shouldn't a "reasonable" search at the border require some level of suspicion?

What is needed is some limit on governmental search and seizure powers for electronic information, even at the border. Overall, to pass constitutional muster, the search must be reasonable, but more leeway could be granted to the Customs and Border Protection Service because of their mission, which is essentially to prevent contraband from entering the country. Once you expand that mission to gathering information about any violation of law (tax laws, copyright law, SEC reporting laws, or sodomy laws, to name a few) and to "gathering intelligence" about potential crimes (for example, terrorist patterns), the scope of the permissible search becomes, as in the government's argument, "plenary".

That's where reasonableness ends. To give border agents unfettered authority to search the full contents of anyone's computer, for any reason, defies common sense and constitutionality. To allow the "seized" data to be carted off to a massive and unrestricted law enforcement and intelligence database is likewise unreasonable. As James Madison stated in 1788 (anonymously, by the way) in Federalist 51:

If men were angels, no government would be necessary. If angels were to govern men, neither external nor internal controls on government would be necessary. In framing a government which is to be administered by men over men, the great difficulty lies in this: you must first enable the government to control the governed; and in the next place oblige it to control itself.

Some border searches of laptops are reasonable, even without suspicion. Some are reasonable with only "specific and articulable facts" to lead one to believe that there is evidence of specific wrongdoing on the computer. And some searches, seizures, and copying of computers are just flat out unreasonable. For example, reading attorney-client or priest-penitent privileged and personal files. It isn't all or nothing, despite the government's arguments to the contrary.

Now, can I get my laptop back?

SecurityFocus columnist Mark D. Rasch, J.D., is a former head of the Justice Department's computer crime unit, and specializes in computer crime, computer security, incident response, forensics and privacy matters as Managing Director of Technology for FTI Consulting, Inc.

This article originally appeared in Security Focus.

Copyright © 2008, SecurityFocus

The essential guide to IT transformation

More from The Register

next story
Super Cali signs a kill-switch, campaigners say it's atrocious
Remote-death button bad news for crooks, protesters – and great news for hackers?
UK government accused of hiding TRUTH about Universal Credit fiasco
'Reset rating keeps secrets on one-dole-to-rule-them-all plan', say MPs
Caught red-handed: UK cops, PCSOs, specials behaving badly… on social media
No Mr Fuzz, don't ask a crime victim to be your pal on Facebook
Ex US cybersecurity czar guilty in child sex abuse website case
Health and Human Services IT security chief headed online to share vile images
Don't even THINK about copyright violation, says Indian state
Pre-emptive arrest for pirates in Karnataka
The police are WRONG: Watching YouTube videos is NOT illegal
And our man Corfield is pretty bloody cross about it
Felony charges? Harsh! Alleged Anon hackers plead guilty to misdemeanours
US judge questions harsh sentence sought by prosecutors
prev story

Whitepapers

A new approach to endpoint data protection
What is the best way to ensure comprehensive visibility, management, and control of information on both company-owned and employee-owned devices?
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Maximize storage efficiency across the enterprise
The HP StoreOnce backup solution offers highly flexible, centrally managed, and highly efficient data protection for any enterprise.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.