Federal court: 'Reasonable suspicion' required for forensic laptop search at border

Score one for We the People and our constitutionally-protected Fourth Amendment right to be free of unreasonable searches (sort of). Two out of every three Americans have lost Fourth Amendment protections to DHS since Homeland border agents do not need reasonable suspicion to search mobile devices at the border and the Department of Homeland Security decided that such search and seizures do not violate your Fourth Amendment protection against unreasonable search and seizure. But the Ninth Circuit Court of Appeals said that while routine border searches do not require probable cause or reasonable suspicion, 'reasonable suspicion' is required before your electronic device is forensically examined at the border.

Federal court says 'reasonable suspicion' required for forensic laptop search at border

There was a lot of ground covered in the 82-page decision of US vs. Cotterman, but it’s not “anything goes” at the border and your digital life cannot be “hijacked” by crossing it. While this ruling makes things better than they were, it’s also a good news/bad news scenario with examples including a bit of background; a Customs and Border Protection agent copied Cotterman’s hard drive and then had it forensically analyzed 170 miles away from the border, but the court said this was not an “extended border search.” The judges said that password-protected files do not automatically justify “reasonable suspicion” and even pointed out that federal cybersecurity standards require password protection on mobile devices. "To contribute to reasonable suspicion, encryption or password protection of files must have some relationship to the suspected criminal activity." In this case, "making illegal files difficult to access makes perfect sense for a suspected holder of child pornography."

Good news

Judge M. Margaret McKeown wrote for the appeals court majority [PDF]:

The average 400-gigabyte laptop hard drive can store over 200 million pages -- the equivalent of five floors of a typical academic library. Even a car full of packed suitcases with sensitive documents cannot hold a candle to the sheer, and ever-increasing, capacity of digital storage. The nature of the contents of electronic devices differs from that of luggage as well. Laptop computers, iPads and the like are simultaneously offices and personal diaries. They contain the most intimate details of our lives: financial records, confidential business documents, medical records and private emails. This type of material implicates the Fourth Amendment's specific guarantee of the people's right to be secure in their "papers."

A person's digital life ought not be hijacked simply by crossing a border. When packing traditional luggage, one is accustomed to deciding what papers to take and what to leave behind. When carrying a laptop, tablet or other device, however, removing files unnecessary to an impending trip is an impractical solution given the volume and often intermingled nature of the files. It is also a time-consuming task that may not even effectively erase the files.

With the ubiquity of cloud computing, the government’s reach into private data becomes even more problematic. In the “cloud,” a user’s data, including the same kind of highly sensitive data one would have in “papers” at home, is held on remote servers rather than on the device itself. The digital device is a conduit to retrieving information from the cloud, akin to the key to a safe deposit box. Notably, although the virtual “safe deposit box” does not itself cross the border, it may appear as a seamless part of the digital device when presented at the border. With access to the cloud through forensic examination, a traveler’s cache is just a click away from the government.

Mixture of good and bad:

In Judge Milan Smith’s dissenting opinion, he mentions how “reasonable suspicion” could cripple law enforcement and have national security implications. While I disagree with that, he did make some thought-provoking points: “Reasonable suspicion exists when an officer is aware of specific, articulable facts which, when considered with objective and reasonable inferences, form a basis for particularized suspicion.” But he believes that pinning reasonable suspicion on TECS alerts will “dismisses out of hand the numerous factors weighing against reasonable suspicion, and paves the way for a government database to target entire categories of people without any individualized suspicion of the particular person to be stopped.”

Judge Smith added, “Under the majority’s application of reasonable suspicion, an individual who committed a sex offense 30 years ago cannot visit the Charles Bridge in Prague, the Cristo Redentor in Rio de Janeiro, or even the ‘lost city’ of Machu Picchu, without arousing a ‘reasonable’ suspicion of sex tourism.

I would find a password-protected file to be not at all suspicious, unless we want to start basing reasonable suspicion on locked diaries and briefcases. Reasonable suspicion has no place in property searches at the border… Additionally, I would hold the government to its burden of proof in determining that reasonable suspicion was absent here. Under the doctrine of this case, the majority sweeps in thousands of innocent individuals whose electronic equipment can now be taken away from the border and searched indefinitely, under the border search exception.

Mapping our privacy rights by the amount of information we carry with us leads to unreasonable and absurd results. Under the majority’s reasoning, a Mini Cooper filled with documents is entitled to less privacy protection at the border than a stretch Rolls-Royce filled with documents; a pickup truck filled with documents is entitled to less protection than an 18 wheeler filled with documents. It appears that those who cannot afford a 64 gigabyte iPad, or the “average” 400 gigabyte hard drive discussed by the majority, will alone be subject to suspicionless searches. The majority’s reasoning also protects the rich (who can generally afford more sophisticated devices) to a greater extent than the poor (who are presumably less able to afford those more capable devices.)

Back to the good news, emphasis mine, the majority ruling concluded:

After their initial search at the border, customs agents made copies of the hard drives and performed forensic evaluations of the computers that took days to turn up contraband. It was essentially a computer strip search. An exhaustive forensic search of a copied laptop hard drive intrudes upon privacy and dignity interests to a far greater degree than a cursory search at the border. It is little comfort to assume that the government—for now—does not have the time or resources to seize and search the millions of devices that accompany the millions of travelers who cross our borders. It is the potential unfettered dragnet effect that is troublesome.

International travelers certainly expect that their property will be searched at the border. What they do not expect is that, absent some particularized suspicion, agents will mine every last piece of data on their devices or deprive them of their most personal property for days (or perhaps weeks or even months, depending on how long the search takes). Such a thorough and detailed search of the most intimate details of one's life is a substantial intrusion upon personal privacy and dignity. We therefore hold that [a forensics exam requires] a showing of reasonable suspicion, a modest requirement in light of the Fourth Amendment.

This is most probably headed for the Supreme Court.

Computerworld's IT Salary Survey 2017 results
Shop Tech Products at Amazon