Computers, Privacy & the Constitution

The Border Search Doctrine and Data

-- By ArchanHazra1 - 06 Mar 2015


The border search doctrine carves out an exception to the Fourth Amendment’s requirement of either a warrant or individualized suspicion prior to search and seizure. The Supreme Court has often articulated the broad authority that the federal government has in searching those that enter the United States: “[s]ince the founding of our Republic, Congress has granted the Executive plenary authority to conduct routine searches and seizures at the border, without probable cause or warrant, in order to regulate the collection of duties and to prevent the contraband into this country.” United States v. Montoya de Hernandez, 473 U.S. 531, 536 (1985). Indeed, Congress has used broad language to grant discretion to customs officers in safeguarding the borders. 19 U.S.C. 1581(a), for example, grants officers the ability to “go on board of any vessel or vehicle . . . to search the vessel or vehicle and every part thereof and any person, trunk, package, or cargo on board.” So while the Fourth Amendment ordinarily offers some protection against search and seizure, the protections it offers at the border are basically nonexistent.

But the Supreme Court has recognized that where a border search becomes more intrusive or invasive, the government must make some showing of reasonable suspicion. See Montoya de Hernandez, 473 U.S. at 542. To that end, if we analogize the intrusiveness of a body cavity search to the forensic search of a hard drive, it is conceivable that the government must make a similar showing of reasonable suspicion when trawling through data, particularly in the aftermath of Riley v. California.

The Safeguards of the Fourth Amendment?

In his concurrence in Riley, Justice Alito felt that “the Court’s broad holding favors information in a digital form over information in hard-copy form.” He noted that the police can seize and examine incriminating snapshots in a wallet, but would be unable to examine such snapshots if they were stored on a cell phone. 134 S.Ct. 2473, 2497 (2014). But this ignores the fundamental difference between electronic devices and non-electronic mediums of storing information: the former “are capable of storing warehouses full of information.” United States v. Cotterman, 709 F.3d 952, 964 (9th Cir. 2013). The former are capable of storing a person’s entire digital life—work files, photographs, emails, movies, music, browser history, etc.—making every small preference readily apparent.

The Supreme Court has never directly engaged the question of whether the border search doctrine extends to data, such as that retrieved from a computer or cell phone. The Fourth Circuit, in United States v. Ickes, found that the “cargo” language extended to a hard drive found in the defendant’s laptop, affirming the right to search through it. The Ninth Circuit, though, has drawn a distinction between “cursory inspection” and the “comprehensive and intrusive nature of a forensic examination.” Cotterman, 709 F.3d at 962. A forensic computer search is a time-intensive process that requires an image of the drive be made and special software be used to search the full contents of the drive. Undoubtedly, were it before the Supreme Court, the act of simply opening up a laptop and looking through the files would merit no Fourth Amendment protections. The thoroughness of a forensic search would, however, demand some protection if the Supreme Court is willing to accept the Ninth Circuit’s rhetoric from Cotterman, where it referred to such searches as “computer strip searches.” I contend that the probing nature of a forensic search—combined with the depth of intimate information that it can yield—demands reasonable suspicion in accordance with the Supreme Court’s prior precedent.

But reasonable suspicion isn't probable cause, which is the whole point. So, to take the foreseeable question in light of current technical realities, is seizing data at the border so that you can search it later if you develop reasonable suspicion acceptable or not? Your efforts to make all this equivalent to some other form of searching don't help you. You are speculating, merely predicting the behavior of courts. Do you take as a methodological assumption of this process that the courts whose behavior you are predicting will have learned nothing about the facts at hand, and will only reason by narrow analogy to prior unrelated factual situations?

The Safeguards of the Fifth Amendment

But is “reasonable suspicion” sufficient to safeguard one’s data? Consider that in Cotterman, the Ninth Circuit required a showing of reasonable suspicion and determined it had existed, relying primarily on (1) the defendant’s prior conviction, (2) the defendant’s frequent trips across the border, and (3) the existence of password-protected files on the defendant’s computer. Thus, the court was fairly deferential in its determination of reasonable suspicion, noting that the existence of encrypted files, when used in conjunction with “other indicia of criminal activity,” can be used to find suspicion. 709 F.3d at 969. So even if courts do adopt the “reasonable suspicion” standard, we can expect similar deference in other cases, especially where they concern efforts to stop serious crimes.

Encryption, however, does bring with it other protections. The Fifth Amendment provides protection against self-incrimination. When the government is unable to decrypt files on its own, courts have gone both ways on mandatory key disclosure—that is, whether the government can force someone to decrypt his files. The Eleventh Circuit, for example, has found that unless the government can show knowledge of the specific files it seeks, compelling a defendant to decrypt the files is tantamount to forced self-incrimination. But courts elsewhere have ordered defendants to decrypt their files or be held in contempt of court, even where there is no specific knowledge of specific content. The Eleventh Circuit's interpretation is more consistent with prior Fifth Amendment precedent. But this issue gets even murkier when considering various methods of encryption. What if the data-holder has arranged it such that he has no actual knowledge of the decryption key, which is left in the hands of someone in the United States? Or consider the proposed password pill, an authentication pill being developed by Motorola that transmits an 18-bit signal that could be used to unlock one’s devices. Could a court require a defendant to take a pill for the purpose of decrypting his files? On one hand, it seems like such encryption would offer less Fifth Amendment protection, as one is not giving up the contents of one’s mind. Nonetheless, where the Fourth Amendment falls short, advanced encryption techniques—in conjunction with the Fifth Amendment—would appear to safeguard one’s data at the border.

Is this "would appear" to be a descriptive statement about the discoverable state of law? If so, I missed where the cases were discussed that showed this apparition. If this is a statement of legal speculation, as I believe, does it square with any observed phenomena? What will courts think of seizing a terabyte in data image order to decide later, if more than reasonable suspicion develops, that it would be a good idea not to throw it out after 24 hours, or 30 days, or whatever? It is feasible to ask, in other words, whether if govt detained a small percentage of devices at the border long enough to suck up an image of the data contained (from seconds to hours, depending) in order to have it available for searching if, at a subsequent time, they developed a reason to seek a warrant, that would violate the Fourth Amendment or any other statutory or constitutional rule. If yes, why, given that they can certainly do this with a crate of eggs? If no, what difference does all this other bullshit really make?

On encryption, I think you are still asking yourself an old question: whether I can be compelled, without offending the Fifth Amendment, to decrypt my hard drive at the border. Once again, the question seems to me harder than it is non-obsolete. When I actually cross a border I am concerned about, whether the US, Chinese or other, no secret policeman on earth can compel me to decrypt the hard drive, because I am literally unable to do so. I could, thirty minutes earlier, on the plane; I will be able to again, after I have crossed the border, with assistance. But on the border, do what they will, I cannot. How do I technically achieve this outcome? Once you have thought that problem through, and have invented the answer which is simple daily familiarity to me, what is the rest of that old bullshit really worth, either?


Webs Webs

r6 - 26 Jun 2015 - 19:46:09 - MarkDrake
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
Syndicate this site RSSATOM