I have written before about the recent concerns regarding border searches of laptops and other electronic devices. More recently, you have probably read about the memo issued by U.S. Customs and Border Protection, entitled “Policy Regarding Border Search of Information.” The memo more clearly defines the broad rights granted agents to search “documents, books, pamphlets, and other printed material, as well as computers, disks, hard disks, and other electronic or digital storage devices.” Translation: border agents can search essentially everything even “absent individualized suspicion.”
These are, to say the least, very expansive rights that raise serious questions. While privacy has been the foremost issue discussed in connection with these searches, consider some other, less obvious, problems. What does the search right mean for information that is subject to a legal privilege (e.g., attorney-client, doctor-patient, clergy-congregation member, etc.)? What about information that constitutes trade secrets, which only has value if it is kept confidential? What about information provided to you by a business partner that is subject to a strict non-disclosure agreement? What about commercial software that is licensed for use by the owner of the laptop, but then is copied and used by border agents and their experts? What about the fact that all of the foregoing information is being shared with a government entity and, potentially, others without the benefit of a confidentiality agreement or court order that would otherwise limit disclosure? How long will copies, whether electronic or hardcopy, of the information be retained by the government? What, if any, measures will be used to securely delete or destroy the information after the government completes its review?
These are significant questions for which there are no clear answers. If confidential, trade secret, privileged information is shared with an unrelated third party (i.e., border agents and their designates) without the benefit of a non-disclosure agreement or court issued protective order, the information may lose its value and the ability to be protected.
Because of the foregoing, there have been calls for legislation to address this threat. Unfortunately, as with any legislation, the time until any new law takes effect is far in the future. In the meantime, I suggest businesses are likely under a duty to take steps to reduce exposure of their corporate information in these types of warrantless searches. This means considering removing sensitive data from laptops and other media being taken abroad and only using “data-free” laptops while travelling. That is, laptops would only access data through VPN’s to corporate servers or other cloud computing environments. While not a perfect or convenient solution, the loss of control over corporate data posed by these new boarder searches justifies appropriate efforts to mitigate the risk.
I have followed this story only recently here and in the Federal Times. Just because an agency issues a memo or guidline does not make it a law. This policy would seem to lack both legislative and\or judicial process.
It should simply be challanged in a federal court and a restraining order sought until the issue is settled. Who pays for it? Those hurt by it. Go for a class-action. Simply accepting agency rulings as a given is the least wise choice available.
Mr. Overly: I have been following this issue closely as a regular international traveller often working in sensitive areas of Rule of Law. A significant problem not discussed is the international principle of "reciprocity." What one country does in international practices is permitted by another county equally. The simple example is visa fee are often based on reciprocity.
This practice by the US now permits the reciprocal practice on entry to another country. If the US starts seizing data as described from visitor laptops, a US citizen's laptop is also now fair game on entry in any other country. Each of us could create our own list of countries where that would be a very bad occurance. Likewise, whatever assurance the US government gives, you can bet that these assurance will not be legitimate if given by any number of foreign governments.
Your trade secrets etc issues are magnified once one starts to think of other governments stealing business and personal data with full impunity from a US Government protest.
This is an incredibility overbroad and unnecessary policy that will harm all of us with little to no gain in security.
Thank you.