[ISN] At U.S. Borders, Laptops Have No Right to Privacy

From: InfoSec News (alerts@private)
Date: Tue Oct 24 2006 - 22:22:30 PDT


http://travel2.nytimes.com/2006/10/24/business/24road.html

By JOE SHARKEY
jsharkey (at) nytimes.com
October 24, 2006

A LOT of business travelers are walking around with laptops that contain 
private corporate information that their employers really do not want 
outsiders to see.

Until recently, their biggest concern was that someone might steal the 
laptop. But now theres a new worry that the laptop will be seized or its 
contents scrutinized at United States customs and immigration 
checkpoints upon entering the United States from abroad.

Although much of the evidence for the confiscations remains anecdotal, 
its a hot topic this week among more than 1,000 corporate travel 
managers and travel industry officials meeting in Barcelona at a 
conference of the Association of Corporate Travel Executives.

Last week, an informal survey by the association, which has about 2,500 
members worldwide, indicated that almost 90 percent of its members were 
not aware that customs officials have the authority to scrutinize the 
contents of travelers laptops and even confiscate laptops for a period 
of time, without giving a reason.

One member who responded to our survey said she has been waiting for a 
year to get her laptop and its contents back, said Susan Gurley, the 
groups executive director. She said it was randomly seized. And since 
she hasnt been arrested, I assume she was just a regular business 
traveler, not a criminal.

Appeals are under way in some cases, but the law is clear. They dont 
need probable cause to perform these searches under the current law. 
They can do it without suspicion or without really revealing their 
motivations, said Tim Kane, a Washington lawyer who is researching the 
matter for corporate clients.

In some cases, random inspections of laptops have yielded evidence of 
possession of child pornography. Laptops may be scrutinized and subject 
to a forensic analysis under the so-called border search exemption, 
which allows searches of people entering the United States and their 
possessions without probable cause, reasonable suspicion or a warrant, a 
federal court ruled in July. In that case, a mans laptop was found to 
have child pornography images on its hard drive.

No one is defending criminal possession of child pornography or even 
suggesting that the government has nefarious intent in conducting random 
searches of a travelers laptop, Ms. Gurley said.

But it appears from information we have that agents have a lot of 
discretion in doing these searches, and that theres a whole spectrum of 
reasons for doing them, she added.

The association is asking the government for better guidelines so 
corporate policies on traveling with proprietary information can be 
re-evaluated. It is also asking whether corporations need to cut back on 
proprietary data that travelers carry.

We need to be able to better inform our business travelers what the 
processes are if their laptops and data are seized what happens to it, 
how do you get it back, Ms. Gurley said.

She added: The issue is what happens to the proprietary business 
information that might be on a laptop. Is information copied? Is it 
returned? We understand that the U.S. government needs to protect its 
borders. But we want to have transparent information so business 
travelers know what to do. Should they leave business proprietary 
information at home?

Besides the possibility for misuse of proprietary information, travel 
executives are also concerned that a seized computer, and the 
information it holds, is unavailable to its owner for a time. One remedy 
some companies are considering is telling travelers coming back into the 
country with sensitive information to encrypt it and e-mail it to 
themselves, which at least protects access to the data, if not its 
privacy.

In one recent case in California, a federal court went against current 
trends, ruling that laptop searches were a serious invasion of privacy. 
People keep all sorts of personal information on computers, the court 
ruling said, citing diaries, personal letters, financial records, 
lawyers confidential client information and reporters notes on 
confidential sources. That court ruled, in that specific case, that the 
correct standard requires that any border search of the information 
stored on a persons electronic storage device be based, at a minimum, on 
a reasonable suspicion.

In its informal survey last week, the association also found that 87 
percent of its members said they would be less likely to carry 
confidential business or personal information on international trips now 
that they were aware of how easily laptop contents could be searched.

We are telling our members that they should prepare for the eventuality 
that this could happen and they have to think more about how they handle 
proprietary information, Ms. Gurley said. Potentially, this is going to 
have a real effect on how international business is conducted.


_________________________________
Visit the InfoSec News store!
http://www.shopinfosecnews.org 



This archive was generated by hypermail 2.1.3 : Tue Oct 24 2006 - 22:39:46 PDT