The Most Comprehensive Data Protection Solution

Discover, classify, and protect your data from all threats with the only Gartner Magic Quadrant DLP and Forrester Wave EDR Leader.

First and Only Solution to Converge:

  • Data Loss Prevention
  • Endpoint Detection and Response
  • User and Entity Behavior Analytics
DATAINSIDER

Digital Guardian's Blog

Privacy Ends at the Border



For people who are interested in personal privacy and protecting their online lives, these are troubling times.

The new administration in the United States has taken a number of steps in the last month that indicate a willingness to weaken some of the basic privacy principles that Americans have relied upon for decades, and now there are rumbling that Customs and Border Protection agents are asking Americans returning from overseas for their PINs to unlock their phones.

Already, there have been reports of this kind of thing happening at U.S. borders. And Department of Homeland Security John Kelly said recently that he supports the idea of CBP agents having the ability to get passwords to social media accounts from foreigners visiting the U.S. The idea is to inspect their posts, even ones that are hidden from public view, to see if they contain any concerning material.

Not surprisingly, the idea isn’t sitting well with privacy advocates and legislators who worry about how the changes could affect not just the privacy of Americans, but also that of foreign visitors. There are also potential economic effects from the proposed changes. A large group of security and privacy experts, technologists, trade groups, and other organizations has published a statement condemning the idea of demanding access to social media accounts and devices as a condition of entry, saying that it violates basic privacy rights.

“This proposal would enable border officials to invade people’s privacy by examining years of private emails, texts, and messages. It would expose travelers and everyone in their social networks, including potentially millions of U.S. citizens, to excessive, unjustified scrutiny. And it would discourage people from using online services or taking their devices with them while traveling, and would discourage travel for business, tourism, and journalism,” says the statement, which was signed by dozens of groups and individuals, including the ACLU, CDT, EFF, Bruce Schneier, Susan Landau, and Steve Bellovin, among many others.

“Demands from U.S. border officials for passwords to social media accounts will also set a precedent that may ultimately affect all travelers around the world. This demand is likely to be mirrored by foreign governments, which will demand passwords from U.S. citizens when they seek entry to foreign countries. This would compromise U.S. economic security, cybersecurity, and national security, as well as damage the U.S.’s relationships with foreign governments and their citizenry.”

The fact that we have arrived at a place where the idea of demanding access to visitors’ devices and online accounts at the border is being seriously considered is frightening and absurd. Not only does it make no sense from an economic standpoint, it makes even less from a human decency one. Some lawmakers on Capitol Hill have looked at the current landscape, read the signs, and seen the illogical conclusion of what’s going on. Worried that what would only apply to visitors to the U.S. at the beginning would likely soon apply to Americans as well, Sen. Ron Wyden is planning to write a bill that would prohibit CBP agents from searching citizens’ phones without a search warrant.

“There are well-established procedures governing how law enforcement agencies may obtain data from social media companies and email providers. The process typically requires that the government obtain a search warrant or other court order, and then ask the service provider to turn over the user’s data,” Wyden said in a letter to DHS’s Kelly.

“I intend to introduce legislation shortly that will guarantee that the Fourth Amendment is respected at the border by requiring law enforcement agencies to obtain a warrant before searching devices, and prohibiting the practice of forcing travelers to reveal their online account passwords.”

In essence, this would be a law requiring the government to follow the Constitution. Strange things are afoot, and it’s clear that now more than ever, individuals must take responsibility for protecting their own privacy and data. The government is not in that business.

Dennis Fisher

ANALYST REPORTS

Gartner 2017 Magic Quadrant for Enterprise Data Loss Prevention (DLP)

Dennis Fisher

Dennis Fisher is editor-in-chief at Duo Security. He is an award-winning technology journalist who has specialized in covering information security and privacy for the last 15 years. Prior to joining Duo, he was one of the founding editors of On the Wire, Threatpost and previously covered security for TechTarget and eWeek.