DHS Reveals Some Data On Border Laptop Searches

from the was-that-so-tough? dept

The Department of Homeland Security has pushed hard for the past few years to make sure it retains the right to search your laptop at the border with no real limitations. It is, indeed, (as defenders of this policy always like to point out) established law that the border is not in the country, so Constitutional 4th Amendment rights do not apply. That still doesn't make it right. I, like many others, would not have a problem with searches due to probable cause. Nor do we have any real problem with searches of physical luggage at the border. But a blank slate, seems like a bit much -- for a few reasons. First, the purpose of a border search is to see what you're bringing into the country. But, when it comes to digital data, no one's bringing it across the border to get it into the country. You could just send it over any number of internet protocols to get it into the country without using a laptop. So, the very rationale doesn't make sense. Second, when people travel, they specifically pick and choose what physical goods to put into their luggage. With a computer, the situation is the opposite. You automatically bring everything (including, potentially access to remote drives).

Still, DHS has insisted it wants to keep this right, even as some politicians have looked to protect against laptop searches at the border. Earlier this year, DHS put out slightly clearer rules, but which still allowed for no probable cause in doing a search.

One big question hanging over all of this, however, was how often such searches took place. Thomas O'Toole alerts us to a new DHS report that finally reveals the numbers -- and, it's at least marginally good news: these sorts of searches happen very rarely. That's a good thing and suggests that the policy isn't widely abused:

Of the more than 144 million travelers that arrived at U.S. ports of entry between Oct. 1, 2008 and May 5, 2009, searches of electronic media were conducted on 1,947 of them, the DHS said.

Of this number, 696 searches were performed on laptop computers, the DHS said. Even here, not all of the laptops received an "in-depth" search of the device, the report states. A search sometimes may have been as simple as turning on a device to ensure that it was what it purported to be. U.S. Customs and Border Protection agents conducted "in-depth" searches on 40 laptops, but the report did not describe what an in-depth search entailed.

I'm certainly happy to see that such a policy is used so rarely, but I still question why it should be used at all.

41 Comments | Leave a Comment..

Homeland Security Still Plans To Search Laptops At Borders With No Probable Cause

from the ain't-no-due-process-at-the-border dept

There's been plenty of concern over the past few years with regards to Homeland Security's claims that it has the right to inspect the contents of your laptop at the border, even without any probable cause. While it may be well established that the 4th Amendment doesn't apply until you're actually in the country, that doesn't mean there aren't some serious questions raised. I, like many others, have no problem with border searches of actual physical containers and luggage at the border. That makes perfect sense, because it's physical goods that you're purposely trying to bring directly into the country. You packed them with the specific idea of bringing them into the country.

But stuff on your laptop is different in two very important ways:

1. You mostly store everything on your laptop. So, unlike a suitcase that you're bringing with you, it's the opposite. You might specifically choose what to exclude, but you don't really choose what to include.
2. The reason you bring the contents on your laptop over the border is because you're bringing your laptop over the border. If you wanted the content of your laptop to go over the border you'd just send it using the internet. There are no "border guards" on the internet itself, so content flows mostly freely across international boundaries. Thus if anyone wants to get certain content into a country via the internet, they're not doing it by entering that country through border control.

Thus, it makes little sense for border control to search the contents of your laptop other than if the gov't wants a random "free pass" at checking out some content about you. DHS' insistence that it needed the right to search laptops at the border made little sense, and some of our elected officials pushed out bills to curb such border searches, though none have passed.

Instead, the new head of DHS has "revised" the rules for laptop searches, but they're only slightly better in that the old rules were "anything goes," while the new rules are "we're still searching laptops, but we have a few rules." The main components of the new rules are that you're allowed to be present in the same room as your laptop, phone or device as it's being searched -- but not necessarily to see what border patrol is doing. Also, they can't keep your laptop for more than five days, which seems pretty damn long to me. Though, as some note, this basically means that you should make sure any encryption on your laptop takes more than five days to crack.

DHS boss Janet Napolitano's reasoning for the searches is hardly compelling:

"Keeping Americans safe in an increasingly digital world depends on our ability to lawfully screen materials entering the United States,"

Um... right, but, again, the contents of the a computer laptop can easily enter the United States via the internet with no border control process whatsoever. The whole claim that this has anything to do with screening materials entering the US is totally bogus.

On top of this, the other thing that's not at all clear is how far the "search" can go. With a growing number of "cloud" based services in use, many of which act as if they're local, can the border patrol search those as well? For example, I use Jungledisk, which gives me a virtual drive that shows up in my file system as if it were a local hard drive, even though it's hosted in some data center somewhere. It looks like a local drive... but it's not actually on my laptop. Would border patrol have the right to search that, even though the contents of that drive are not actually traveling across the border?

95 Comments | Leave a Comment..

Homeland Security Cuts Newspaper/Magazine Subscriptions; Says To Use The Web

from the seems-smart dept

BullJustin writes in to alert us to the news that the Department of Homeland Security is cutting subscriptions to paper newspapers and magazines, cutting $47,160 from the budget over the next two years. Of course, for Homeland Security that's a tiny drop in the bucket (hell, it's not even that big). But, the writeup (somewhat tongue in cheek) suggests that this is unfair to newspapers who are "hurting enough financially" already. Of course, on the flip side, I'd think most people agree that not wasting taxpayer money on content that people are probably reading for free online anyway, is a good thing...

12 Comments | Leave a Comment..

Wait, You Mean Homeland Security Isn't Already Scanning Blogs & Forums For Terrorists?

from the uh,-yikes? dept

USA Today is reporting that Homeland Security is looking to start scanning blogs, forums and message boards to try to track terrorists and terrorist activity. My first reaction to this, honestly, was shock. Shouldn't they have been doing this already? As in, for many, many years? To be fair, the article suggests that the real difference here is that in the past Homeland Security has done static searches that they check on every so often -- and now they're hoping for a more real-time solution. Even so, it strikes me as odd that Homeland Security didn't already have something that was at least close to real-time in alerting them to certain things online. For all the talk of sophisticated monitoring on internet activities, could it be that we're really that far behind in internet terrorist monitoring?

23 Comments | Leave a Comment..

Next Stage Of Security Theater: Homeland Security Wants More Info To Let You Board A Plane

from the feel-safer? dept

Apparently, the Department of Homeland Security would like to add another layer of security theater to the airplane boarding process. Homeland Security is now taking over the process of matching your identity to government watch lists at airports (away from the airlines), and they're going to start demanding more info. You will not be allowed to fly if you don't provide your first and last names, birth date and gender. This is positioned as a way to avoid the various "false positives" we've heard so much about with fliers who have similar names to those on the no-fly list. While it's good that they want to cut down on those false positives, it's not as if this makes you any safer. It just requires giving up more privacy to fly.

Also worth noting is that this is the first time that the government has actually admitted how many people are on the no fly list (about 2,500) as well as the "selectee" list for extra careful searches (another 16,000). They also noted that it's quite rare for anyone on the no-fly list to actually try to fly (about once a month -- and it's almost always initiating in a foreign country). Of course, if you were actually a terrorist, would you fly under your real identity?

37 Comments | Leave a Comment..

Bills Introduced To Protect Laptops At Border Searches

from the restoring-the-4th-amendment dept

As was widely expected following earlier statements from politicians such as Russ Feingold, legislation has now been introduced that would curb Homeland Security's ability to randomly search laptops at the border, instead, requiring them to have a "reasonable suspicion" of illegal activity before they can search or copy a hard drive. This would be a huge step forward in terms of reasonable levels of privacy at the border. While defenders of the random search program claim that it's necessary, they give little proof. You can tell because their arguments could equally be applied to searching a random person on the street as well, as they just give vague platitudes about protecting the country from harm. Yet our country has privacy rights and probable cause for a very good reason. It's nice to actually see some politicians standing up to make sure that Homeland Security live up to those ideals.

66 Comments | Leave a Comment..

Homeland Security Gets Closer To Minority Report-Style Crime Predictor

from the arrest-first,-ask-questions-later dept

Ever since the film Minority Report came out, we've seen a series of stories about efforts to predict future crimes before they happen. Most of these are more about data mining to predict high crime areas and times -- but some are going much further. Slashdot points us to a story about Homeland Security apparently making progress on a "pre-crime detector." It was originally called "Project Hostile Intent," but after some folks figured that the name was a bit... ominous, it seems to have been renamed as "Future Attribute Screening Technologies" (FAST). Basically the system is designed to spot "shifty" people who may be getting ready to commit a crime of some sort. The researchers behind it say that the early tests are incredibly effective: "We are running at about 78% accuracy on mal-intent detection, and 80% on deception." Of course, there are tons of questions about privacy violations and how long it will take criminals to figure out ways to "beat the system."

41 Comments | Leave a Comment..

Homeland Security Continues To Expand Border Searches: Now Can Copy Your Paper-Based Documents

from the probable-cause-is-so-last-millennium dept

We've been covering the stories of how the Department of Homeland Security has a policy in place that lets it search and copy the contents of your laptop as you cross the border without any probable cause. DHS's reasoning for why it needs this power are not particularly convincing -- focusing mainly on scare mongering rather than rational argument. Now, the EFF has discovered, thanks to a Freedom of Information Act request, that it's not just computer data that DHS wants to copy. Last year, it quietly changed its policies to allow customs and border guards to read and copy any personal papers the traveler has, even without "reasonable suspicion" or "probable cause." Compared to searching through and copying your hard drive, this may seem like a minor deal, but it's yet another example of DHS expanding its authority in ways that are very likely to be abused.

63 Comments | Leave a Comment..

Feingold Points Out That DHS's Chertoff Is Misleading On Border Laptop Searches

from the reasonable-cause? dept

Following the release of Homeland Security's policies for searching laptops at the border, where the rules are, effectively, "anything goes," DHS boss Michael Chertoff claimed that laptop searches were only done when the border guard had a "suspicion" and placed that individual in "secondary inspection." However, Senator Russ Feingold has now hit back, pointing out that the official DHS policies say absolutely nothing about there needing to be a suspicion or that laptop searches only happen on secondary inspection. If Chertoff were being honest, why wouldn't those things be in the official policy? And, if Chertoff insists that DHS will only do searches when there is a real suspicion, what's wrong with following the "probable cause" standard that it insists it should be allowed to ignore? It's nice to see Senator Feingold asking these questions.

14 Comments | Leave a Comment..

DHS Reveals Policies For Searching Laptops At The Border: Anything Goes

from the privacy-schmivacy dept

After courts repeatedly have ruled that border patrol customs agents can look through your computer hard drive, or even confiscate your computer, with no reasonable cause whatsoever, pressure from groups like the EFF have convinced Congress to investigate. As part of this process, the Department of Homeland Security has revealed its policies for border searches of electronic devices, and as you'd imagine, the policies are basically: "border patrol can do whatever it wants."

It does not need any reasonable cause. It take away your laptop for as long as it wants. It can copy the contents of your laptop and even share it with both other federal agencies and private entities for "language translation, data decryption or other reasons." Other reasons seems a bit broad.

We already explained how ridiculous the defense of this police was last month, by noting that it's not as if stopping this content at the border will actually prevent it from getting in the country. At that time we also pointed out how silly it was for a DHS supporter to claim that reasonable cause shouldn't be necessary because that's just not practical. That guy was unable to explain why it is practical throughout the rest of the country not to randomly search laptops, but at the border, suddenly it's not. However, this article now includes another defense from a customs official, saying that these searches "do not infringe on Americans' privacy." How do we know? Apparently, we just have to trust the DHS.

Luckily, this appears to be getting some attention from Congressional representatives who find the whole thing troublesome. The article notes that legislation to stop such searches will be forthcoming soon.

19 Comments | Leave a Comment..

Is This The Best Homeland Security Can Do In Defending Laptop Searches At The Border?

from the probable-cause-is-so-last-millennium dept

The courts have said that US Customs officials do not need probable cause to search laptops. While some Senators are questioning why Department of Homeland Security is searching laptops without probable cause, the administration is working hard to defend such searches at the border as reasonable. However, they're not making very much sense. The article trots out James Jay Carafano from the Heritage Foundation with a couple of interesting statements. Let's take them in order. First:

"The idea that we would create some kind of sanctuary for criminals and terrorists to carry things across the border to me is absolutely ludicrous."

Well, that's not just an exaggeration, it's wrong. Does Carafano actually believe that someone manually walking a laptop across the border is the only way that data gets across the border? Of course that's not true. Data flows across borders via the network all the time -- with no customs review whatsoever. No one is walking across the border with a laptop thinking that's the best way to get some data across the border. Then there's this statement:

"It's also unrealistic to require probable cause when you think about the millions of people a day who come in and go out of the country."

Let's just change a few words in that statement and see how Carafano feels about it: "It's also unrealistic to require probable cause when you think about the millions of people a day who walk up and down the streets of America." Yet, we don't hear Carafano pushing for a removal of probable cause for searches on the street, do we?

The border searches of laptops issue is a ridiculous one. Yes, it makes sense to search through what physical goods you might be bringing into the country -- because you specifically chose to bring those goods into the country. But the digital things you have stored on your laptop are an overall archive. You didn't choose to bring those specific things across the border -- and it's not like going through a border crossing is the best way to move that content across the border. There's simply no reason for why laptop searches should be allowed without probable cause.

27 Comments | Leave a Comment..

How Do You Legislate Fewer Attacks On Homeland Security's Network?

from the it's-called-wishful-thinking dept

While it is a bit troubling that the Department of Homeland Security has had some computer security problems recently, it's difficult to see exactly how that's solved by legislation. But, of course, to politicians with a legislative hammer, every little problem looks like a nail. Thus, we've got politicians proposing cybersecurity legislation that would require Homeland Security to decrease the number of successful cybersecurity attacks against its network. While that's certainly an admirable goal, it's not as if DHS was purposely letting the attacks go through before, and will suddenly shape up just because of this new law.

12 Comments | Leave a Comment..

New DHS Strategy On Real ID: We'll Just Pretend Everyone Implemented It

from the hell-no-means-yes dept

The Department of Homeland Security had been threatening that drivers' licenses in certain states wouldn't be valid federal IDs if states didn't promise by the end of March to implement the troubled Real ID rules. However, somewhere along the line (with a handful of states vehemently protesting the rules), it appears that Secretary Chertoff and the DHS simply decided that it would pretend every state agreed to implement Real ID and deal with reality later. DHS put out a press release claiming that all states had met the "initial requirements" for Real ID, and even painted its silly map green to show "compliance." The problem is that this simply isn't true. It looks as though DHS simply decided that any communication, even if it was to tell the DHS that there was no chance the state would implement Real ID, would be read as if it were the state agreeing to enact Real ID's rules. The whole thing is rather comical until you realize these are the folks who are supposed to be protecting the country.

41 Comments | Leave a Comment..

California Refuses To Play By Real ID Rules

from the waiting-it-out dept

The Department of Homeland Security's "Real ID" program is a classic case of "security theater." It's a project designed to give the appearance of increased security, but which will actually do the opposite (and cost a ton of taxpayer dollars at the same time). The good (and somewhat surprising) thing, is that almost everyone (outside of DHS) seems to recognize this. Not a single state plans to implement the rules by the original deadline. DHS has been granting "extensions" to states that promise to implement the rules by 2010 while threatening to make drivers' licenses no longer valid IDs for things like boarding airplanes or entering federal buildings for any state that doesn't comply. While there are a few states that haven't even asked for an extension, California asked for an extension while saying clearly that it wasn't promising to implement Real ID at all -- but would use the extension to study the matter. This was a test, and DHS has backed down, granting the extension, allowing California drivers' licenses to remain legitimate federal IDs. This could give more confidence to other states to not just blindly implement Real ID. At this point, you have to think that many states are just waiting this out, assuming that there will be a change in management at DHS after the election this November, and the whole concept of Real ID will get changed or scrapped.

87 Comments | Leave a Comment..

DHS Official: 'Real ID Has A Bad Bumper Sticker Reputation'

from the you-don't-say dept

CNet reports on a talk by Department of Homeland Security official Stewart Baker, in which he defended the Real ID Act against its many critics. Conceding that the proposal "has a bad bumper sticker reputation," he insisted that the Real ID Act will make it easier to catch identity thieves. But as my colleague Jim Harper has pointed out, the opposite is closer to the truth: by centralizing loads of private data in one database, the Real ID Act will make identity thieves' jobs a lot easier. One sign of how badly Real ID is faring can be judged from the fact that Baker is bragging about the fact that 45 states plus DC have been granted waivers to continue using their existing driver's licenses while they work toward complying with the law by next year. Why is it a victory that 45 states are going to miss the original deadline this coming May? Because the other 5 states have refused to comply at all. There are a couple of things to note about this. First, as Declan McCullagh points out, DHS has been practically begging states to request waivers, and a number of states have accepted waivers while continuing to express doubts about whether they'll ever comply. Second, there's no way the feds are actually going to impose the promised punishment -- refusing to accept state IDs in airports -- on the residents of the five states that have refused to comply with the law's requirements. Imagine the chaos if every traveler in South Carolina discovered that his or her South Carolina driver's license was no longer a valid form of identification. The feds will back down (especially since showing your ID isn't legally required at airports anyway) rather than risk being held responsible for chaos at the nation's airports.

Timothy Lee is an expert at the Insight Community. To get insight and analysis from Timothy Lee and other experts on challenges your company faces, click here.

24 Comments | Leave a Comment..

Homeland Security Can't Even Configure Its Mailing List Software Correctly?

from the that-makes-me-comfortable dept

Just after the federal gov't screwed up and shut off ca.gov, we find out that the Department of Homeland Security misconfigured its email list software causing a deluge of annoying emails to over seven thousand government employees. The list, normally used to broadcast news summaries of security news, apparently was set up so that any reply messages automatically were broadcast to all members. What happened next is familiar to lots of folks on mailing lists, where the "reply all" button is misused. The one difference, though, was that this wasn't a misuse of the reply all button, but on the mailing list automatically sending out anyone's message to everyone on the list. Many security experts on the list are apparently wondering what that says about Homeland Security's ability to deal with cybersecurity issues. Perhaps it was just a little configuration error, but you would think that the folks at the DHS would be a bit more careful about those things.

15 Comments | Leave a Comment..

Spying On Your Ex-Girlfriend Not Quite What Homeland Security's Database Is For

from the just-saying... dept

Every time we hear of yet another plan for the government to set up yet another database of information about people, we wonder about how it will be misused. Supporters always talk about how helpful such databases are (which is debatable), but rarely are willing to take into account how such systems are going to be abused -- and they're always abused. The latest such case involves an employee at the Department of Commerce who used a Department of Homeland Security database to track an ex-girlfriend. This wasn't just a one-off thing either. He apparently used the database 163 times to check up on her. Then he threatened to have the woman deported and her family killed. So, as the government continues to push the boundaries in trying to collect more and more data on everyone, it's at least worth asking if the potential for abuses is taken into consideration and how they're dealt with (if they're dealt with at all).

39 Comments | Leave a Comment..