Security: Airport: August 2009 Archives


August 31, 2009

DHS has posted their new laptop border search policy. Actually, there are two policies, one for Customs and Border Protection (CBP) and one for Immigration and Customs Enforcement. Don't ask my why they're different. Here's the CBP policy.
An Officer may detain electronic devices, or copies of information contained therein, for a brief, reasonable period of time to perform a thorough border search. The search may take place on-site or at an off-site location, and is to be completed as expeditiously as possible. Unless extenuating circumstances exist, the detention of devices ordinarily should not exceed five (5) days. Approval of and Time Frames for Detention. Supervisory approval is required for detaining electronic devices, or copies of information contained therein, for continuation of a border search after an individual's departure from the port or other location of detention. Port Director, Patrol Agent in Charge, or other equivalent level manager approval is required to extend any such detention beyond five (5) days. Extensions of detentions exceeding fifteen (15) days must be approved by the Director Field Operations, Chief Patrol Agent, Director, Air Operations, Director, Marine Operations, or other equivalent manager, and may be approved and re-approved in increments of no more than seven (7) days. Approvals for detention and any extension thereof shall be noted in appropriate CBP systems of records.

And here's the ICE policy:

Special Agents are to complete the search of detained electronic devices, or copies of information therefrom, in a reasonable time given the facts and circumstances of the particular search. Searches are generally to be completed within 30 calendar days of Border Searches of Electronic Devices the date of detention, unless circumstances exist that warrant more time. Such circumstances must be documented in the appropriate ICE systems. Any detention exceeding 30 calendar days must be approved by a Group Supervisor or equivalent, and approved again every 15 calendar days thereafter, and the specific justification for additional time documented in the appropriate ICE systems.

I've argued before that there isn't a very good analogy between ordinary border searches and electronic searches. I'm not surprised that that's not an opinion that's been taken onboard by the feds; after all, this is a convenient excuse to rummage through people's data. Nevertheless, it's frustrating that DHS still doesn't seem very interested in minimizing the impact on travellers. Having your laptop detained by DHS for 5 days, let alone 30, is a pretty large impact on your average business traveler; I would say that my average business trip is no more than a week long, so one could easily imagine that you would be denied access to your device for the entire duration of your stay in the US. A much lower impact procedure would simply be to image the traveler's hard drive and then send them on their way. It's certainly true that this means that DHS has a copy of all your data, but presumably if they have your computer for a week they could have taken an image in any case, so having them just take an image in front of you seems dominant

There is some text in these policies about that, but as far as I can tell it's basically at the discretion of the Special Agent. I would far rather see there be a hard requirement that absent some probable cause for believing there is extra data not present on the hard drive, any search default to a copy. It's important to remember here (again) that laptop searches aren't like drug searches: a laptop isn't a good way of carrying contraband into the country; rather people who are otherwise bad actors might happen to have evidence of their bad actions on their laptops. So, keeping the laptop itself from entering the country isn't anywhere near as important, especially if you're not detaining the traveller.

It's also worth noting that CBP seems to do surprisingly few such searches:

Between Oct. 1, 2008, and Aug. 11, 2009, CBP encountered more than 221 million travelers at U.S. ports of entry. Approximately 1,000 laptop searches were performed in these instances--of those, just 46 were in-depth.

It's hard to know what to make of that. On the one hand, one could say "the overall imposition to travelers is low". On the other hand, one could say that this can't be that valuable an investigative tool if they only use it 46 times in 9 months. I'd be interested to know how many arrests came out of those 46 searches.