Feeds

Of laptops and US border searches

Feds seek unfettered access

Reducing the cost and complexity of web vulnerability management

Indeed, if we accept the government's argument, there is no reason to restrict this doctrine to border searches. A search at the border is permissible because it is "reasonable." It is "reasonable" because the government has a good reason to do it -- to protect the borders. But, just try flying domestically without being patted down and having your luggage examined. Certainly such a "search" on a domestic flight is "reasonable." Oh, and on a train or bus as well. Try entering any federal property, such as a federal office building, military facility, or courthouse. You and your belongings are subject to search, but does this give carte blanche for examining, copying, or analyzing the contents of electronic devices at any of these places? I think not.

A compromise

I'm all for catching child predators and terrorists, as I think the vast majority of us are. If we keep the warrantless and suspicion-less searches limited, then these types of searches might be "reasonable." Even without suspicion, it is reasonable at an international border (or even at the airport) to ask someone to boot up their computer to make sure it is really a computer, and is not being used to transport illegal bombs or drugs. That's what should be considered "reasonable."

If there is some suspicion (and perhaps what Arnold was doing was suspicious enough, perhaps not), the border agents can make a cursory inspection for a specific list of prohibited contraband (for example, child pornogrpahy), just as they could rifle through files in a briefcase to look for kiddie porn in a magazine. Anything more intrusive should require either greater suspicion or probable cause and a warrant. Sure it would be nice to be able to mirror the hard drives of suspected terrorists or their families, friends, or associates and create a super database of associates and communications (similar to what is done with computers seized on the battlefield in Iraq or Afghanistan). It would be nice to do that without a warrant, even if they didn't cross the border. But how do we know they are suspected terrorists? Shouldn't a "reasonable" search at the border require some level of suspicion?

What is needed is some limit on governmental search and seizure powers for electronic information, even at the border. Overall, to pass constitutional muster, the search must be reasonable, but more leeway could be granted to the Customs and Border Protection Service because of their mission, which is essentially to prevent contraband from entering the country. Once you expand that mission to gathering information about any violation of law (tax laws, copyright law, SEC reporting laws, or sodomy laws, to name a few) and to "gathering intelligence" about potential crimes (for example, terrorist patterns), the scope of the permissible search becomes, as in the government's argument, "plenary".

That's where reasonableness ends. To give border agents unfettered authority to search the full contents of anyone's computer, for any reason, defies common sense and constitutionality. To allow the "seized" data to be carted off to a massive and unrestricted law enforcement and intelligence database is likewise unreasonable. As James Madison stated in 1788 (anonymously, by the way) in Federalist 51:

If men were angels, no government would be necessary. If angels were to govern men, neither external nor internal controls on government would be necessary. In framing a government which is to be administered by men over men, the great difficulty lies in this: you must first enable the government to control the governed; and in the next place oblige it to control itself.

Some border searches of laptops are reasonable, even without suspicion. Some are reasonable with only "specific and articulable facts" to lead one to believe that there is evidence of specific wrongdoing on the computer. And some searches, seizures, and copying of computers are just flat out unreasonable. For example, reading attorney-client or priest-penitent privileged and personal files. It isn't all or nothing, despite the government's arguments to the contrary.

Now, can I get my laptop back?

SecurityFocus columnist Mark D. Rasch, J.D., is a former head of the Justice Department's computer crime unit, and specializes in computer crime, computer security, incident response, forensics and privacy matters as Managing Director of Technology for FTI Consulting, Inc.

This article originally appeared in Security Focus.

Copyright © 2008, SecurityFocus

Security and trust: The backbone of doing business over the internet

More from The Register

next story
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
JINGS! Microsoft Bing called Scots indyref RIGHT!
Redmond sporran metrics get one in the ten ring
Driving with an Apple Watch could land you with a £100 FINE
Bad news for tech-addicted fanbois behind the wheel
Murdoch to Europe: Inflict MORE PAIN on Google, please
'Platform for piracy' must be punished, or it'll kill us in FIVE YEARS
Phones 4u website DIES as wounded mobe retailer struggles to stay above water
Founder blames 'ruthless network partners' for implosion
Found inside ISIS terror chap's laptop: CELINE DION tunes
REPORT: Stash of terrorist material found in Syria Dell box
Sony says year's losses will be FOUR TIMES DEEPER than thought
Losses of more than $2 BILLION loom over troubled Japanese corp
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Protecting users from Firesheep and other Sidejacking attacks with SSL
Discussing the vulnerabilities inherent in Wi-Fi networks, and how using TLS/SSL for your entire site will assure security.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.