Blog

LIVE FROM #ISC2CONGRESS: Crossing a Border? Assume You’ll Be Searched

Oct 09, 2018

Congress-blog1 Privacy is one of the greatest challenges of the digital age. Who has the right to access an individual’s personal data and when? That’s the question at the heart of a series of court cases regarding search and seizure of mobile phones at U.S. border crossings.

Currently border agents are allowed to access and search metadata, including the origin, time and date of phone calls, without a search warrant. However, true data typically requires a warrant, according to Scott M. Giordano, vice president of data protection at Spirion, a data management software provider. He addressed the topic to a packed room during (ISC)2’s Congress 2018, taking place this week in New Orleans.

U.S. privacy laws are in desperate need of review and updating, he said. As a rule, protection for personal data stored in servers, personal computers and mobile devices is relatively robust. Law enforcement must secure a search warrant for probable cause to search those. But all bets are off at border crossings, Giordano said.

There has been a number of cases in which border patrol agents have seized and searched mobile devices while detaining people suspected of crimes such as illegally carrying guns or trafficking drugs. In some instances, child porn has been discovered in the devices.

A Matter of Context

Much of the issue about what data border patrol and customs agents can or cannot access revolves around context. Typically, people and objects can be searched at border checkpoints without a search warrant. The law on that is established; it’s based on the idea law enforcement needs quick access to information in the face of immediate danger.

What is still being disputed in various court cases is the extent to which government agents can pry into data on mobile devices. This Congress-blog2 affects personal data as well as intellectual property and classified data that might be on an individual’s cell phone.

Even if border agents seize a phone, make copies of data and return the device to its owner, it’s hard to determine how many copies are made and whether it’s possible to get them all back from the government.

Best Practices

When the authorities stop an individual at the border, they cannot force the person to give up a device password. But probably they can force them to use biometrics such as thumbprints, Giordano said.

With that in mind, Giordano shared best practices for crossing borders and using international airports:

  • Use a sterile device.
  • Disable biometric access.
  • Assume you’re going to be faced with a border search.

Complete clarity on privacy issues will take some time. Meanwhile, following these best practices can help you protect your data.