Cloud Data Should Stay Grounded in Border Searches

Crossing the American border with electronic devices has long been a concern for both the public and lawyers in Canada. Border officials have always had more power to inspect or search electronic devices than domestic police, but this has also raised some concerns for American citizens as well.

While the Electronic Communications Privacy Act (ECPA), does not apply to data stored on a personal device, this information is still protected in the U.S. under the Fourth Amendment. The notable exceptions to this include search incident to arrest and border searches. The Supreme Court of the United States has justified this latter exception in United States v. Flores-Montano on the basis that,

The Government’s interest in preventing the entry of unwanted persons and effects is at its zenith at the international border. Time and again, we have stated that “searches made at the border, pursuant to the longstanding right of the sovereign to protect itself by stopping and examining persons and property crossing into this country, are reasonable simply by virtue of the fact that they occur at the 153*153 border.” United States v. Ramsey, 431 U. S. 606, 616 (1977). Congress, since the beginning of our Government, “has granted the Executive plenary authority to conduct routine searches and seizures at the border, without probable cause or a warrant, in order to regulate the collection of duties and to prevent the introduction of contraband into this country.” Montoya de Hernandez, supra, at 537 (citing Ramsey, supra, at 616-617 (citing Act of July 31, 1789, ch. 5, 1 Stat. 29)). The modern statute that authorized the search in this case, 46 Stat. 747, 19 U. S. C. § 1581(a),^[1] derived from a statute passed by the First Congress, the Act of Aug. 4, 1790, ch. 35, § 31, 1 Stat. 164, see United States v. Villamonte-Marquez, 462 U. S. 579, 584 (1983), and reflects the “impressive historical pedigree” of the Government’s power and interest, id., at 585. It is axiomatic that the United States, as sovereign, has the inherent authority to protect, and a paramount interest in protecting, its territorial integrity.

To illustrate why this has been a concern, while the Fourth Amendment will require border officials to have reasonable suspicion to engage in invasive search techniques such as strip searches, but do not need any cause or judicial authorization to search the body or personal effects of a person at the border. When smartphones and laptops are included in these personal effects, Fourth Amendment protections become hollow.

In fact, more electronic devices were searched in 2017 than any other year before. In 2017, the number of electronic devices searched increased from the previous year by 60%, up to 30,200 from 19,051 in 2016, continuing the sharp increases observed the year before. An estimated 80% of these searches are non-US citizens. Despite these high absolute numbers, they reflect only about 0.007% of all international travelers arriving at the American border.

In United States v. Arnold, the Ninth Circuit rejected the argument that laptop searches were so invasive that there should at least be some reasonable suspicion before allowing border officials to search them. The petitioner argued that laptops were fundamentally different from the closed container analogies used in previous case law, more similar to homes or the human mind, given their capacity for storage and ability to record activity. Instead, the court concluded,

[10] Here, beyond the simple fact that one cannot live in a laptop, Carney militates against the proposition that a laptop is a home. First, as Arnold himself admits, a laptop goes with the person, and, therefore is “readily mobile.” Carney, 471 U.S. at 391. Second, one’s “expectation of privacy [at the border] . . . is significantly less than that relating to one’s home
or office.” Id.
Moreover, case law does not support a finding that a search which occurs in an otherwise ordinary manner, is “particularly offensive” simply due to the storage capacity of the object being searched. See California v. Acevedo, 500 U.S. 565, 576 (1991) (refusing to find that “looking inside a closed container” when already properly searching a car was unreasonable when the Court had previously found “destroying the interior of an automobile” to be reasonable in Carroll v.
United States, 267 U.S. 132 (1925)).

The Supreme Court of the United States’ later decision in Riley v. California concluded that a warrantless search and seizure of digital contents of a cellphone violated the Fourth Amendment, but this decision exclusively focused on the search incident to arrest exception, and not the broader powers provided to border officials.

A number of circuit and district court cases, including United States v. Escarcega, United States v. Mendez, United States v. Ramos, United states v. Saboonchi, United States v. Lopez, United States v. Cano, Abidor v. Johnson, United States v. Wanjiku, and United States v. Molina-Isidoro have all rejected the applicability of Riley to the border context.

However, the United States District Court, District of Columbia did state in United States v. Kim that the analogies made in Riley should be properly extended to the border context, although the case deals with a more unique application of a search occurring a departure from the country,

So what are the justifications underlying the exception to the warrant requirement that pertain at the border? …the fact that the Supreme Court has specifically likened the border search warrant exception to the search incident to arrest exception reinforces the Court’s view that an analysis similar to the one in Riley should be undertaken here. Id. (“[The border search exception] is a longstanding, historically recognized exception to the Fourth Amendment’s general principle that a warrant be obtained, and in this respect, is like the similar `search incident to lawful arrest’ exception. . . .”).

…

None of those significant governmental interests in monitoring what comes in to the country apply in this case…

Applying the Riley framework, the national security concerns that underlie the enforcement of export control regulations at the border must be balanced against the degree to which Kim’s privacy was invaded in this instance. And as was set forth above, while the immediate national security concerns were somewhat attenuated, the invasion of privacy was substantial…

A subsequent case, initiated by The American Civil Liberties Union (ACLU) and the Electronic Frontier Foundation (EFF) last fall in Alasaad v. Duke, is still underway.

Similar issues have been explored on our side of the border, with National Magazine highlighting some of the concerns raised by lawyers here about how our privacy is being compromised as well, focusing in particular on increased powers under Bill C-21, An Act to Amend the Customs Act and Bill C-23, Preclearance Act, 2016.

Independent review of Canada Border Service Agency (CBSA) officials has been a repeated call by the CBA in review of national security procedures, with particular attention for solicitor-client privilege. The CBSA internal policy, obtained through Access to Information, allows lawyers to identify documents and electronic materials to be treated as sensitive, but only if they are clearly marked as privileged in advance.

Earlier this month, the U.S. Customs and Border Protection (CBP) released a new policy on the search of electronic devices at the border. The policy reinforces the existing powers that these officials have always have, namely to conduct a basic search with or without any suspicion. With reasonable suspicion, and with appropriate supervisory approval, an official can engage in an advanced search, consisting of reviewing, copying or analyzing the contents of an electronic device through external equipment.

All searches of electronic documents will be properly documented, and advance searches require direct supervision by a supervisor. The individual owning the device will normally be present during these searches, unless there are justifiable reasons for excluding them, but may not necessarily review the search process itself.

The most promising element of this new policy is the directive for additional information that might be available via the cloud or applications,

Officers may not intentionally use the device to access information that is solely stored remotely. To avoid retrieving or accessing information stored remotely and not otherwise present on the device, Officers will either request that the traveler disable connectivity to any network (e.g., by placing the device in airplane mode), or, where warranted by national security, law enforcement, officer safety, or other operational considerations, Officers will themselves disable network connectivity. Officers should also take care to ensure, throughout the course of a border search, that they do not take actions that would make any changes to the contents of the device.

The new policy recognized the importance of solicitor-client privilege and other sensitive material, and introduces new directives for handling this type of information. A lawyer may provide direction, in writing if possible, about specific folders or files hat may contain privileged information. This information will then be segregated from other information examined during the border search, to ensure that it is appropriately handled, without compromising security concerns.

Other sensitive information that might be carried by journalists, medical information by members of the public, or business or commercial information, will be handled on a case by case basis and in accordance to federal statutes.

Less reassuring is that passcode protected or encrypted information must still be unlocked or deciphered on request. Inability to complete a search on this basis is grounds for detaining the device, and potentially subject to additional technological or other methods to inspect and review the contents. Officers must provide a receipt (Form 6051D) to any traveller whose device is detained beyond their departure.

Of course if the information reviewed on an electronic device provides additional basis for probably cause, the border officials have greater powers of seizure and detention of the device. Although information retained, copied or seized will be “appropriately safeguard[ed],” the border officials can share the information with law enforcement agencies.

That does not mean that the new policy is not without its detractors. The ACLU released a statement indicating the policy was a positive move, but still fell short of constitutional protections. It also does not clarify that travellers are under no obligation to provide the passcodes or other assistance to an officer attempting to seek information. Political officials on both the Canadian and American sides of the border have expressed their reservations with the new policy, and with ongoing practices by CBP. The likelihood of racial, ethnic, or religious profiling continues to be an ongoing concern, especially in any disproportionate application of any policies.

The use of supervisors and management in the search of electronic documents under the new policy is intended to discourage abuse of these powers, as well as an auditing mechanism to ensure compliance. This policy may also be in response to the current challenge CBP faces in Alasaad, which criticizes in its complaint the older 2009 policy that did not have many of the procedures and safeguards identified above.

In sharing this new policy with the public, the agency helps create greater transparency and hopefully more confidence in the manner in which they conduct searches of electronic devices. Even with these changes, the best practices for lawyers and any members of the public crossing the border still remain – use caution, remove anything that might be confidential or sensitive, and consider leaving your electronic devices at home.