Feeds

Of laptops and US border searches

Feds seek unfettered access

Beginner's guide to SSL certificates

Indeed, if we accept the government's argument, there is no reason to restrict this doctrine to border searches. A search at the border is permissible because it is "reasonable." It is "reasonable" because the government has a good reason to do it -- to protect the borders. But, just try flying domestically without being patted down and having your luggage examined. Certainly such a "search" on a domestic flight is "reasonable." Oh, and on a train or bus as well. Try entering any federal property, such as a federal office building, military facility, or courthouse. You and your belongings are subject to search, but does this give carte blanche for examining, copying, or analyzing the contents of electronic devices at any of these places? I think not.

A compromise

I'm all for catching child predators and terrorists, as I think the vast majority of us are. If we keep the warrantless and suspicion-less searches limited, then these types of searches might be "reasonable." Even without suspicion, it is reasonable at an international border (or even at the airport) to ask someone to boot up their computer to make sure it is really a computer, and is not being used to transport illegal bombs or drugs. That's what should be considered "reasonable."

If there is some suspicion (and perhaps what Arnold was doing was suspicious enough, perhaps not), the border agents can make a cursory inspection for a specific list of prohibited contraband (for example, child pornogrpahy), just as they could rifle through files in a briefcase to look for kiddie porn in a magazine. Anything more intrusive should require either greater suspicion or probable cause and a warrant. Sure it would be nice to be able to mirror the hard drives of suspected terrorists or their families, friends, or associates and create a super database of associates and communications (similar to what is done with computers seized on the battlefield in Iraq or Afghanistan). It would be nice to do that without a warrant, even if they didn't cross the border. But how do we know they are suspected terrorists? Shouldn't a "reasonable" search at the border require some level of suspicion?

What is needed is some limit on governmental search and seizure powers for electronic information, even at the border. Overall, to pass constitutional muster, the search must be reasonable, but more leeway could be granted to the Customs and Border Protection Service because of their mission, which is essentially to prevent contraband from entering the country. Once you expand that mission to gathering information about any violation of law (tax laws, copyright law, SEC reporting laws, or sodomy laws, to name a few) and to "gathering intelligence" about potential crimes (for example, terrorist patterns), the scope of the permissible search becomes, as in the government's argument, "plenary".

That's where reasonableness ends. To give border agents unfettered authority to search the full contents of anyone's computer, for any reason, defies common sense and constitutionality. To allow the "seized" data to be carted off to a massive and unrestricted law enforcement and intelligence database is likewise unreasonable. As James Madison stated in 1788 (anonymously, by the way) in Federalist 51:

If men were angels, no government would be necessary. If angels were to govern men, neither external nor internal controls on government would be necessary. In framing a government which is to be administered by men over men, the great difficulty lies in this: you must first enable the government to control the governed; and in the next place oblige it to control itself.

Some border searches of laptops are reasonable, even without suspicion. Some are reasonable with only "specific and articulable facts" to lead one to believe that there is evidence of specific wrongdoing on the computer. And some searches, seizures, and copying of computers are just flat out unreasonable. For example, reading attorney-client or priest-penitent privileged and personal files. It isn't all or nothing, despite the government's arguments to the contrary.

Now, can I get my laptop back?

SecurityFocus columnist Mark D. Rasch, J.D., is a former head of the Justice Department's computer crime unit, and specializes in computer crime, computer security, incident response, forensics and privacy matters as Managing Director of Technology for FTI Consulting, Inc.

This article originally appeared in Security Focus.

Copyright © 2008, SecurityFocus

Internet Security Threat Report 2014

Whitepapers

Go beyond APM with real-time IT operations analytics
How IT operations teams can harness the wealth of wire data already flowing through their environment for real-time operational intelligence.
The total economic impact of Druva inSync
Examining the ROI enterprises may realize by implementing inSync, as they look to improve backup and recovery of endpoint data in a cost-effective manner.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Mitigating web security risk with SSL certificates
Web-based systems are essential tools for running business processes and delivering services to customers.