The Most Comprehensive Data Protection Solution

Discover, classify, and protect your data from all threats with the only Gartner Magic Quadrant DLP and Forrester Wave EDR Leader.

First and Only Solution to Converge:

  • Data Loss Prevention
  • Endpoint Detection and Response
  • User and Entity Behavior Analytics
DATAINSIDER

Digital Guardian's Blog

The Thin Border Between Privacy and Security



Digital rights and privacy advocates are urging a court of appeals to require law enforcement agents at the U.S. border to obtain warrants when they want to search someone’s digital device.

The plea comes at a time when the federal government is asserting more and more authority to demand information from people entering the country, including United States citizens in some cases. The law in some of these areas is still evolving and many people coming through a U.S. border likely don’t know whether they have to give up their devices and passwords if asked or whether they have the right to say no.

The EFF is asking the United States Court of Appeals for the Fifth Circuit to make this clear by saying that border agents must have search warrants in order to do either forensic or manual searches of phones, laptops, tablets, and other devices. The case in question here involves a woman whose phone was searched at the U.S. border without a warrant as part of a prosecution for allegedly trying to bring drugs into the country.

“Our cell phones and laptops provide access to an unprecedented amount of detailed, private information, often going back many months or years, from emails to our coworkers to photos of our loved ones and lists of our closest contacts,” said EFF Staff Attorney Sophia Cope.

“This is light years beyond the minimal information generally contained in other kinds of personal items we might carry in our suitcases. It’s time for courts and the government to acknowledge that examining the contents of a digital device is highly intrusive, and Fourth Amendment protections should be strong, even at the border.”

There is an exception to the Fourth Amendment’s general prohibition against warrantless searches that applies to routine searches at the border for immigration and customs purposes. But the Supreme Court created that exception long before cell phones and laptops were standard equipment. And those devices carry far more personal information in them than any suitcase or backpack does. In its brief, the EFF said searches of digital devices therefore should not fall under the exception for routine searches at the border.

“All border searches of the data stored or accessible on digital devices—whether ‘manual’ or ‘forensic’—are ‘non-routine’ and thus fall outside the border search exception. This is because any search of digital data is a ‘highly intrusive’ search that implicates the ‘dignity and privacy interests’ of the traveler,” the EFF brief says.

This is something that is particular to the modern world. In the past, most travelers, even those crossing a border, didn’t carry much in the way of personal information. Aside from a passport or some other identifying documents, most people generally traveled with clothing, money, and maybe a camera. That was true as recently as about 15 years ago.

But the advent of small, highly portable, and extremely powerful phones and laptops has changed the equation dramatically. Now, virtually every traveler reaching a U.S. border is carrying a device that likely holds gigabytes of personal information. This could include photos, contact names and numbers, bank and credit card information, and health data. That is precisely the kind of information that is meant to be protected against warrantless searches by law enforcement, the EFF said.

“Any search of data stored on a digital device, whether performed using special forensic software or conducted manually after obtaining and entering the owner’s password, provides access to a person’s entire private life,” said EFF Senior Staff Attorney Adam Schwartz.

Dennis Fisher

ANALYST REPORTS

Gartner 2017 Magic Quadrant for Enterprise Data Loss Prevention (DLP)

Nate Lord

Nate Lord is the former editor of Data Insider and is currently an account manager covering the southeast, Great Lakes, and Latin America regions at Digital Guardian. He has over 7 years of experience in the information security industry, working at Veracode prior to joining Digital Guardian in 2014. Nate enjoys learning about the complex problems facing information security professionals and collaborating with Digital Guardian customers to help solve them.