The ACLU has published documents showing the US government has been using "travel alerts" to nonconsensually take and search civilians' electronic devices since st least 2010.
This form of search and seizure - and data copying - occurs even if the individual is not the subject of any investigation.
The US government does not need suspicion or a warrant to search people’s electronic devices at the border.
- See also:
The ACLU docs reveal that the US government places travel alerts on people whose data they'd like to look at - without a warrant or formal investigation - and nabs computers, phones, or anything else it wants to search.
The documents published by the ACLU are from its lawsuit on behalf of David House (a legal defense fundraiser for Chelsea Manning).
Mr. House had his devices held, copied and his data was hacked and searched for six months - when coming back to the US from a vacation in November 2010.
The settlement documents reveal that an agent with Homeland Security Investigations (HSI) - an Immigration and Customs Enforcement (ICE) subdivision that is now the second largest law enforcement agency in the United States - entered a “lookout” into a government database called TECS (see the document here), effectively notifying government agents throughout the country that House was wanted for questioning in connection with the Department of Justice’s investigation into Manning and WikiLeaks.
A travel alert, and the border guards take your data for various US government deaprtments to search.
It's as simple as that.
The ACLU maintains that, "the settlement documents demonstrate that the seizure of House’s computer was unrelated to border security or customs enforcement. It was simply an opportunity to conduct a suspicionless search that no court would ever have approved inside the country."
This process has been secret until now.
It is reminiscent of what happened to the husband of reporter Glenn Greenwald recebtly in the UK, when David Miranda was detained, interrogated and his electronic devices were kept.
The UK used an anti-terrorism law to seize Mr. Miranda's electronics in what is being widely regarded as an abuse of the UK laws, and to engage in what is regarded as state-sponsored hacking and search.
In some countries, modifying confiscated devices in any way is either illegal or requires suspicion of serious crime.
In the UKas early as 2011.
The ACLU now shows us that the US has been practicing legally hazy confiscation and intrusion on citizens since as early as 2010.
Lawful interception? Not so fast.
The ACLU Blog posts the documents, a result of its lawsuit on behalf of Mr. House, and analyzes the situation.
House was stopped at Chicago’s O'Hare International Airport coming back from vacation in November 2010.
(...) DHS agents detained House, interrogated him about his political activities and beliefs, and then seized his laptop computer, mobile phone, camera, and USB drive. The agents returned House’s phone after inspecting it, but the government kept the rest of his devices for seven weeks while agents searched his files for evidence.
Even after the government returned House’s physical devices, it continued to actively investigate copies of his files for nearly six more months.
The ACLU releases their lawsuit's documents - including the chain of custody paper - to show what it believes to be a similar abuse of search and seizure laws in the United States.
ACLU also draws a direct line between the Miranda case and what DHS/ICE have done to an estimated 4,957 Americans who have had their electronic devices searched between October 1, 2012 and August 31, 2013, "and an additional 4,898 individuals were subject to electronic device searches the previous year."
Like Mr. Miranda, Mr. House was not charged with any crime.
Mr. House today told the New York Times,
Americans crossing the border are being searched and their digital media is being seized in the hopes that the government will find something to have them convicted.
I think it’s important for business travelers and people who consider themselves politically inclined to know what dangers they now face in a country where they have no real guarantee of privacy at the border.
Finland-based F-Secure Senior Researcher that when electronics are confiscated, authorities can hack your passwords or file encryption and basically do:
Phone calls, call records, SMS messages and SMS records, email messages, physical location, ability to use device as a listening bug, websites visited (and visit duration), screenshots of user activity, all windows interacted with, all internet connections made, all app usage (and use duration), all files used and deleted, all documents opened, all chatroom conversations, all computer usage sessions, etc.
German researcher Felix "FX" Lindner explained in more direct terms,
However, just imagine I get your phone and computer and put every data point I can find in Maltego.
The secondary and following layers reveal everything, especially if the authority doing it also has the power to go to the central service providers you use (Facebook, Twitter, Google).
The ACLU thinks that crossing a border shouldn't be a loophole by which a US government department can rifle through what's become the repositories for the most intimate and private areas of our lives.
A federal appeals court recently said that the forensic examination of a person’s laptop is so “comprehensive and intrusive” that the government should not be allowed to search such devices at the border without reasonable suspicion of wrongdoing.
But I think that what the ACLU documents show is that we've got a system that's been exploited several steps too far - and suspicion of wrongdoing has fallen victim to "eye of the beholder" syndrome.