Travel group warns: Corporate data at risk from laptop searches at border
The Association of Corporate Travel Executives warns of potential security breaches
Computerworld - The Association of Corporate Travel Executives (ACTE) is warning its members to limit the amount of proprietary business information they carry on laptops and other electronic devices because of fears that government agents can seize that data at U.S. border crossings.
The group is worried that corporate data could be downloaded by agents, leading to potential security breaches and the exposure of information that is supposed to be private. Among the devices that could be searched by border agents are cell phones, handhelds, digital cameras and USB storage devices.
The warning follows a recent ruling from the Ninth Circuit Court of Appeals that basically upheld the right of U.S. Customs and Border Protection officials to search laptops and other electronic devices at U.S. borders without reasonable cause or suspicion.
The appeals court decision involved an individual who was arrested in 2005 on charges of child pornography after a warrantless search of his computer by customs officers at Los Angeles International Airport. A district court judge had previously ruled that the evidence presented by the prosecution should be suppressed because it was gained via an unreasonable search. That decision was later overturned.
Susan Gurley, executive director of the ACTE, said the appeals court's decision means that corporate travelers need to pay close attention to the kind of information they carry on their business laptops during international travel.
"Right now, the U.S. Customs department has the right to look at the data on your computer and download that data if they want to," Gurley said. "The Ninth Circuit held that it is within the purview of the U.S. government to look at or download anything" on laptops and other electronic devices at the border, she said.
Companies need to review their policies to see if such searches will cause privacy problems for them or their customers, she said.
"For example, if you are carrying personnel information on your laptop, there are certain privacy violations that can ensue" if that data is accessed and downloaded as part of a border search, Gurley said. Other kinds of sensitive and proprietary information -- including intellectual property -- can sometimes be exposed via such searches, she said.
Many companies, especially in Europe, are having compliance officers look at the broader implications of such searches and have begun curtailing the kind of information their executives can carry on their laptops when traveling to the U.S, she said.
According to Gurley, the biggest concern is the lack of information or policy guidance about such searches. Currently, companies don't know exactly what to do about data that might be accessed and downloaded during a border search.
"There may be some legitimate reasons for wanting to look at the data" on a traveler's electronic device, Gurley said. "But what are the parameters for such searches? Once they have the information, what do they do with it? What are the policies for retention and for data destruction? This shouldn't be such a hidden secret."
The ACTE filed a Freedom of Information Act (FOIA) request with the U.S. Department of Homeland Security (DHS) last July for information about the government's policies on searching laptops and other electronic devices at U.S borders. Though the DHS responded to that request, the document it provided was too heavily redacted to be of much use.
In February, a lawsuit was filed in U.S. District Court in San Francisco by the Asian Law Caucus (ALC) and the Electronic Frontier Foundation (EFF). In the legal filing (download PDF), the two groups asked the court to order the Customs and Border Protection division of the DHS to release records about its policies and procedures on the "questioning, search and inspection" of travelers entering or returning to the U.S. at various ports of entry.
On Thursday, both organizations and nearly 30 other civil rights and individual privacy rights advocates are submitting a letter to lawmakers asking for a congressional oversight hearing on the issue. The letters are being sent to the House and Senate judiciary committees and to the House and Senate homeland security committees, said Marcia Hoffmann, staff attorney at the EFF.
"I think that [appeals court] decision has focused this issue for us," Hoffman said. "The courts certainly are not stepping in to act as check to abusive searches. On top of that, it has been difficult getting information from the DHS on such searches.
"We hope members of Congress will look into this and force the DHS to disclose information on what it practices. Ideally, it would be wonderful if Congress would pass legislation to put some safeguards for travelers," she said.
Read more about Privacy in Computerworld's Privacy Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Pay-as-you-Grow Data Protection: IBM Tivoli's Full-featured Data Protection Suite for Small to Medium Businesses IBM Tivoli Storage Manager Suite for Unified Recovery gives small and medium businesses the opportunity to start out with only the individual solutions...
- Streamline Data Protection with IBM Tivoli Storage Manager Operations Center IBM Tivoli Storage Manager (TSM) has been an industry-standard data protection solution for two decades. But, where most competitors focus exclusively on Backup...
- Simplify and Consolidate Data Protection for Better Business Results Learn about IBM® Tivoli® Storage Manager Operations Center, which provides advanced visualization, built-in analytics and integrated workflow automation features that leapfrog traditional backup...
- HP HAVEn: See the big picture in Big Data HP HAVEn is the industry's first comprehensive, scalable, open, and secure platform for Big Data. Enterprises are drowning in a sea of data...
- Data Protection and Disaster Recovery with iSCSI and VMware Get this on demand webcast now
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well... All Privacy White Papers | Webcasts