pageok
pageok
pageok
Ninth Circuit Allows Suspicionless Computer Searches at the Border:
The Ninth Circuit has (finally) handed down United States v. Arnold; the court ruled that there is no Fourth Amendment requirement of "reasonable suspicion" to search a laptop computer at the border. The decision overturns the opinion of District Judge Dean Pregerson that I blogged about here back in 2006. The unanimous appellate opinion by Judge O'Scannlain reasons that the greater storage capacity of computers does not make computer searches at the international border sufficiently different from other searches involving physical items:
Arnold has failed to distinguish how the search of his laptop and its electronic contents is logically any different from the suspicionless border searches of travelers' luggage that the Supreme Court and we have allowed.

With respect to these searches, the Supreme Court has refused to draw distinctions between containers of information and contraband with respect to their quality or nature for purposes of determining the appropriate level of Fourth Amendment protection. Arnold's analogy to a search of a home based on a laptop's storage capacity is without merit. The Supreme Court has expressly rejected applying the Fourth Amendment protections afforded to homes to property which is "capable of functioning as a home" simply due to its size, or, distinguishing between " 'worthy and 'unworthy' containers." California v. Carney, 471 U.S. 386, 393-94 (1985).

In Carney, the Supreme Court rejected the argument that evidence obtained from a warrantless search of a mobile home should be suppressed because it was "capable of functioning as a home." Id. at 387-88, 393-94. The Supreme Court refused to treat a mobile home differently from other vehicles just because it could be used as a home. Id. at 394-95. The two main reasons that the Court gave in support of its holding, were: (1) that a mobile home is "readily movable," and (2) that "the expectation [of privacy] with respect to one's automobile is significantly less than that relating to one's home or office." Id. at 391 (quotation marks omitted).

Here, beyond the simple fact that one cannot live in a laptop, Carney militates against the proposition that a laptop is a home. First, as Arnold himself admits, a laptop goes with the person, and, therefore is "readily mobile." Carney, 471 U.S. at 391. Second, one's "expectation of privacy [at the border] . . . is significantly less than that relating to one's home or office." Id.

Moreover, case law does not support a finding that a search which occurs in an otherwise ordinary manner, is "particularly offensive" simply due to the storage capacity of the object being searched. See California v. Acevedo, 500 U.S. 565, 576 (1991) (refusing to find that "looking inside a closed container" when already properly searching a car was unreasonable when the Court had previously found "destroying the interior of an automobile" to be reasonable in Carroll v. United States, 267 U.S. 132 (1925)).

Because there is no basis in the record to support the contention that the manner in which the search occurred was "particularly offensive" in light of other searches allowed by the Supreme Court and our precedents, the district court's judgment cannot be sustained.
  I think this result is correct based on existing precedents and the record in this case, although Judge O'Scannlain's suggestion that storage capacity is irrelevant strikes me as too broad. Storage capacity is relevant to the Fourth Amendment's particularity requirement, for example: The particularity requirement is closely attuned to the scope of the place being searched. And as I argued in this article, I think storage capacity is relevant to how the courts approach the plain view exception (not an issue raised in this case).

  In addition, California v. Carney strikes me as a puzzling case to rely on here. The issue in Arnold is not whether a computer actually is a home, but rather whether the storage capacity of computers and the type of information they contain makes searching a computer particularly invasive for purposes of the border search exception. I think it's likely to correct that the answer is no, at least based on the record of this case, but I don't see how the Carney case is particularly relevant. (Hat tip: How Appealing)
George Weiss (mail) (www):
come on...if (with a boarder search) you can give a guy a Breathalyzer, search his person, his car and his trunk-then you can go through his laptop too. sheesh.
4.21.2008 11:34pm
JunkYardLawDog (mail):
Orin,

And why as a matter of logic or policy should suspicionless searches of emails and telephone communications as they cross the border be any different than searches of computers. I know there are statutory differences, I'm asking about the logic/policy argument for why it makes sense that laptops can be searched as the cross the border but not electronic suitcases that carry bits inside them as they cross the border.

Says the "Dog"
4.21.2008 11:43pm
OrinKerr:
JYLD,

I tend to think there is no difference, or at least not a clear one. See my 2005 posts on the NSA surveillance program.

Says the "Cur"
4.21.2008 11:50pm
John (mail):
The 4th amendment says, "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."

How does it violate the "particularity" requirement if the "place to be searched" or the "thing" to be "seized" is a guy's hard drive? Or for that matter, his "computer"? I disagree that as storage gets larger the particularity requirement is harder to meet--nor should it be, since where stuff may be hidden on a hard drive cannot necessarily be known in advance, and a full search would almost always have to be authorized if it was to be availing at all.

Moreover, given the virtually unlimited power to search anything and everything coming into the country, I really don't see much of an issue here.

But this particularity thing is interesting. I looked at Orin's article where it is mentioned, but I'm not sure the argument was made where I read.
4.21.2008 11:54pm
Libertarian1 (mail):
Could this be a decision where the Ninth Circuit doesn't get reversed? A stopped clock...
4.21.2008 11:57pm
may grad (mail):
Another reason the court's reliance on Carney is puzzling is that the defendant didn't want his laptop to be treated like a home — the gov needs to have a warrant before it searches a home but the defendant in Arnold wanted the court to require "reasonable suspicion" (lower than even probable cause) for the search to be constitutional.
4.22.2008 12:09am
GV:
Professor Kerr, you might be interested in this amicus brief, which cites one of your articles extensively.
4.22.2008 12:14am
DanG1:
One thing I don't get: Nowhere in the fourth amendment do I even see an exception allowing them to search your papers or effects at the border. How is that constitutional in the first place?
4.22.2008 1:24am
David Malmstrom (mail):
Not surprising but disappointing nonetheless - the majority of the class of 2009 at GMUSL had a very similar fact pattern in our appellate writing class and many of us relied on Arnold when writing our briefs - I'm just glad it was handed down today and not last semester
4.22.2008 1:26am
OrinKerr:
DanG1,

Do you mean that you googled the cases, read them, and didn't understand them, or that you didn't do any research and don't understand this just based on reading the text of the Fourth Amendment?
4.22.2008 1:32am
DG:
This is a huge deal for many businesses. Carrying non-disclosure data across US borders has gotten much harder now and it has put many business people in some legal peril - if a CBP officer sees something he isn't supposed to (i.e. NDA material financial disclosure on a public firm) and blabs about it, guess who gets fired and maybe indicted or fined by the SEC? We can't even encrypt the data anymore - we have to travel with "clean" laptops so Joe Border Guard can't find out something he isn't supposed to. I can't begin to imagine how this would effect lawyers with client data.
4.22.2008 2:09am
Gilbert (mail):
"had previously found "destroying the interior of an automobile" to be reasonable in Carroll v. United States, 267 U.S. 132 (1925)"

Can anyone find this citation?
4.22.2008 2:57am
PC:
Prof. Kerr,

Would you care to speculate if the creation of a bitstream copy of a laptop's hard drive at a border crossing would be legal? To add a twist to that question, what if the laptop had a piece of software like TrueCrypt and the owner claimed he did not know the password?
4.22.2008 3:13am
UW2L:
DG, I think there's some protection for lawyers in the exceptions to the duty of confidentiality under Rule of Professional Conduct 1.6(b)(6), providing that a lawyer may disclose confidential info "to comply with other law or a court order." Does this decision now constitute "other law," making it okay for lawyers to shrug and hand over the laptop when the nice CBP man asks for it? Dunno. Maybe not, at least until SCOTUS affirms. And of course that's just the model rule; the exact exceptions to the duty of confidentiality aren't the same in every jurisdiction. So if you're a Seattle lawyer (and secret gun owner) coming down from Vancouver with data on your laptop about your client who's in, say, Redmond, then, here in Washington, which does not have an "other law" provision in its Rule 1.6, things could get interesting for you.

Even so, lawyers have to take reasonable measures to protect client confidences, which means doing a reasonable expectation of privacy analysis, and now, apparently, there's no reasonable expectation of privacy in one's laptop files when crossing the border. In that case, presumably, rather than say "oh well, I'm going to get some work done while I'm in Whistler and too bad for the client if my laptop gets searched coming back," it's your duty not to have client info on the damn laptop.

But is this really that big a problem, if it's true that you can't just encrypt everything on the laptop? Okay, so you keep all your sensitive business files/kiddie porn on a server in the closet at home or in the company offices and use a VPN to connect to it from your laptop. Seems like to get to that server, CBP'd need a search warrant to go into the building and haul out the machine (and maybe you do something clever with magnetic fields around the doorways à la Cryptonomicon). And CBP'd have a harder time with that, since that's no longer the border context, and of course a search warrant requires more than reasonable suspicion, which itself is more than what the 9th Circuit has now held that border searches require, i.e. nothing. Yes? Is that hypothetical totally off-base?

It'll cost businesses money, sure, and it will be a headache never to keep anything on the laptop, only on the server, if you're traveling internationally. But many companies have already incurred the expense of giving their mobile employees VPN capability. And it's not like "but it'll cost us money and be annoying to comply with" has ever caused a court or a legislature to say "oh, well, never mind then" and just repeal the ADA, SOX, etc.

The game of hide-and-seek played by legislation and technology with your information continues.
4.22.2008 4:50am
bit smuggler (mail):
FBI and DoD -combined- can't keep their own secret data from slipping over the border into China...

If you're worried about being observed with a VPN tunnel that has one endpoint in-country and one end-point off-shore, then use a Tor hidden service.

NSA would have to spend a lot of time and dollars on you.
4.22.2008 6:45am
Grant Gould (mail):
This definitely would obligate me to wipe company data from my laptop before I travel, by practically every NDA I've ever signed -- one's not supposed to leave the data lying around for others to find, and this seems to meet those criteria.

I've generally got data under half a dozen different NDA agreements on my laptop, and I doubt I'm particularly atypical for a software engineer in this respect.

Unless a whole lot of NDA's get rewritten very quickly, someone's going to make a killing on the business of wiping laptops and then reloading them from encrypted images once the traveler's past the border guards. Given the latency of a typical plane flight, the bandwidth issues wouldn't even necessarily be prohibitive.
4.22.2008 7:31am
PersonFromPorlock:
OrinKerr:

DanG1,

Do you mean that you googled the cases, read them, and didn't understand them, or that you didn't do any research and don't understand this just based on reading the text of the Fourth Amendment?


Sort of like not understanding how Plessy explained how segregation was compatible with the Fourteenth Amendment, despite the apparent plain sense meaning of the text?
4.22.2008 9:05am
DJR:
This is a pretty tricky question. The tradition is that the Fourth Amendment does not apply at the border, but that tradition has to do with Congress's plenary authority over imports and exports. Now it's true that Congress does regulate, to some extent, what information can be sent over the border, but not in the same way that it regulates, for instance, people, merchandise, and cash crossing the border. I think it's a serious stretch to say that customs can search the information in your computer, as opposed to a physical search of the contents of your computer to make sure there aren't bomb parts or drugs in there.

The above is a longer version of my initial reaction which was along the lines of: "Bullshit."
4.22.2008 9:43am
DG:
The problem isn't just for lawyers. For those of us with NDA data on our laptops (in our email in particular), we're in a real bind. Storing stuff on the server works in theory, but email gets downloaded and cached, and mine is full of NDA documents from a variety of firms. Corporate CISO's are freaking out about this issue.
4.22.2008 9:49am
DJR:
Orin,

Do you think that a laptop sitting on a car seat is subject to an unwarranted search because of the automobile exception? As the opinion points out, under Acevedo a proper automobile search includes closed containers. Do we now have to travel with laptops in the trunk?
4.22.2008 10:46am
OrinKerr:
djr,

That wouldn't work: the automobile exception applies to trunks, too.
4.22.2008 1:22pm
Aultimer:
DG -

My CISO made the legal department start using EFS a long time ago.

Put your Word and PDF temp files into an EFS directory and travel at will.
4.22.2008 1:50pm
CWuestefeld (mail) (www):
@John:
How does it violate the "particularity" requirement if the "place to be searched" or the "thing" to be "seized" is a guy's hard drive? Or for that matter, his "computer"? I disagree that as storage gets larger the particularity requirement is harder to meet--nor should it be, since where stuff may be hidden on a hard drive cannot necessarily be known in advance, and a full search would almost always have to be authorized if it was to be availing at all.

Actually, I think that's precisely the problem. The fact that the capacity is so large suggests to me that it may not be possible for the owner himself to be aware of what's on the drive. It's far more reasonable to assume that someone is responsible for what's in his backpack or a purse than what's on a 500BG hard disk -- especially in the age of malware.

Or is this issue separate from the search, and better addressed by considering the actual data found and other circumstances?

Regarding NDA etc.: Is it really true that we must travel with cleartext (or at least provide the authorities with the password to decrypt)?
4.22.2008 1:54pm
Fub:
PC wrote at 4.22.2008 2:13am:
Prof. Kerr,

Would you care to speculate if the creation of a bitstream copy of a laptop's hard drive at a border crossing would be legal? To add a twist to that question, what if the laptop had a piece of software like TrueCrypt and the owner claimed he did not know the password?
I'm not Prof. Kerr, and I wouldn't dare play him on TV. But I'd like to add here the practicality of the owner actually not knowing or having border access to his own password or decryption key.

Encrypt your sekrit data with a key longer than you can memorize. Leave a copy of your key at home, under a rock, with a fiduciary, or whatever. When you go to Gondwandaland, carry a copy of your key and your data (on separate media). On your visit, decrypt and work with your data. Before returning, encrypt your data and destroy your copy of the key.

At the border you won't know or have immediate access to your decryption key, which you have left at home. When and if you ever get home, you can decrypt your data.

The only issues are what penalties gubmint can pile on you to convince you either to have someone send them your private key from home, or to convince other uppity citizens to never try to keep anything sekrit.
4.22.2008 2:11pm
Connecticut Lawyer (mail):
As for confidentiality agreements or NDAs: Most have some exception for disclosures required by law, as these border searches would seem to be.
4.22.2008 2:49pm
UW2L:
Fub brings up the practical upshot of this ruling: what will border agents actually do when faced with someone whose data are encrypted, and maybe, further, claims not to know the password? It seems like even if they can search a laptop with no reasonable suspicion, it's not worth anybody's time to hold up a traveler from entering the country when the agents don't actually suspect the person of having Something Bad on the laptop. However, would CBP take the "if you've done nothing wrong, you've got nothing to hide" tack? I.e., would an agent decide use of encryption is suspicious in itself, enough to merit further investigation/detention/denying entry to the U.S.?

Sounds like CBP better get to work setting and educating its agents about a policy for laptop searches and what to do when one encounters encryption, if there isn't such a policy already, to prevent inconsistent and arbitrary treatment of travelers' laptops. Supposedly CBP agents are already trained in keeping confidential information secret, but I suspect that's cold comfort to anyone who has to worry about confidential information disclosure. Maybe a consistent, publicly-available policy would also help with the "disclosures required by law" exception to NDAs and some versions of RPC 1.6. (DG, you said you couldn't imagine what this would do to lawyers, which is why I addressed the particular situation for lawyers. I wasn't trying to exempt biz; you've got that covered.)

I suppose that the more people, especially average people rather than business travelers, use encryption, the weaker the "if you've done nothing wrong..." argument becomes.
4.22.2008 3:17pm
ERH:
Well I guess it's back to sneaking across the border for me.

Seriously, let's suppose you're an attorney with client information on your laptop. Wouldn't submitting it to a search potentially violate attorney client privilege?
4.22.2008 3:23pm
Just an Observer:
Those who worry that such precedents violate naively perceived digital "privacy" concerns about NDAs, etc., at border crossings should also worry about the FISA amendments pending in Congress.

Such legislation, which seems very likely to pass, would grant the government explicit authority to intercept any international communication without a warrant so long as the target is reasonably believed to be overseas. And despite what the favored talking points emphasize, there is no requirement that such interception be limited to "terrorists."

As Orin notes above, the Fourth Amendment alone may well not protect international communications. What privacy protections there are based on statutory limits and executive discretion. And most statutory limits are about to be legislated away.

That may be the privacy policy we choose to accept in the name of security. If you disagree, write your congressman. Soon.
4.22.2008 3:28pm
Dan Hamilton:

Seriously, let's suppose you're an attorney with client information on your laptop. Wouldn't submitting it to a search potentially violate attorney client privilege?



For those of us with NDA data on our laptops (in our email in particular), we're in a real bind.


If you were carring a hard copy of these papers they could and would be searched and NOBODY would question it.

How is a electronic copy any different??

Why are people questioning this? It is a DUH.

Of course they can search your hard drive and any other memory device you are bring in or taking out. DUH. If they don't know what it is, encrypted etc. Then they just say you can't bring it in. Then what are you going to do?

If they can do a body cavity search on you, a search of your hard drive is a DUH!
4.22.2008 4:11pm
David Schwartz (mail):
I think this is pretty clearly a problem best solved by law rather than lawsuit. I think a reasonable bill restricting border searches of computers and media would have a good chance of passing.

We all know that terrorists can ship encrypted media across the border or send encrypted data over the Internet. So border searches of computers or media do nothing to stop terrorism or any other kind of crime.

Other forms of data can simply be kept encrypted. The kind of cursory searches they're doing would never even know encrypted data was there. (And it's trivial to make it impossible to tell if encrypted data is present or not.) So there is no legitimate law enforcement purpose here, except to catch dumb criminals who aren't hurting anyone.
4.22.2008 4:13pm
Brett:
I tend to agree with DJR on this: even granting that Congress has some authority to regulate the import and export of data, and that this implies the extension of the border-control exception to the Fourth Amendment to searches for contraband data, it seems to me that treating a laptop as a mere "container" of data, analogous to a duffel bag or a suitcase, is wrongheaded on a pretty basic level.
4.22.2008 4:15pm
Tom Cross (www):

Arnold has failed to distinguish how the search of his laptop and its electronic contents is logically any different from the suspicionless border searches of travelers' luggage that the Supreme Court and we have allowed.

Its clear that there is a difference. The court may decide that the difference is not constitutionally significant, but it is not helpful for the court to pretend that no difference exists. This is a sort of ignorance that allows the court to reach a comfortable decision without addressing the substantive question.

Laptops and their contents are not just like luggage and their contents. Luggage is intended for travel. It is typically packed by it's carrier prior to leaving, and it typically contains the specific things that the carrier intends to have on his or her trip, and nothing more. A person planning to travel overseas might reasonably expect to be searched and therefore might rationally decide not to pack personal things.

Laptops are not intended specifically for travel. People do not "pack" laptops prior to travel. The information they contain is not constrained to the information that one might wish to have on a trip. Laptops typically contain a complete collection of a person's personal electronic records. A person worried about getting searched might be able to remove a few bits of private information from the collection prior to travel, but this is the opposite process. You're starting from everything rather than starting from nothing. The default condition is that any piece of data that you have is open to scrutiny.

There are small, edge cases where in the past border searches have touched on objects that are not like luggage, in that the typically contain things that were not specifically selected for travel.

One example is a wallet or a purse, which a person carries with them at all times and contains various payment instruments and other personal items. But these objects are small, and therefore they contain a limited amount of stuff. The difference between a purse and luggage is small enough that it might not matter.

Another example is the case where someone moves overseas, and transports all of their worldly possessions with them, and so all of their worldly possessions might be subject to search, but this doesn't happen very often, and people have almost never brought all of their worldly possessions both out of and back in to a country on a temporary trip.

Never before has the court system faced a situation wherein people are regularly transporting all of their worldly information with them every time they cross a border. That is not just like luggage. It is a fundamentally different situation, and the court ought to address it specifically, and explain why searches of all of this information are presumptively reasonable.

The Washington Post has already reported on corporations that have instructed their employees in response to this policy to maintain a special "travel laptop" which is not their normal computer, and is just like luggage, in that the information copied on to it prior to travel is only the information required on that trip. It seems perverse that in a "free society" people would be forced to go to the trouble of keeping a special laptop on which they place carefully selected scraps of information for no other reason than so that they can bring it through a legal black hole in which they are subject to nearly unconstrained searches.

The 4th amendment is intended to avoid creating situations wherein normal people have to act like criminals out of fear that a government fishing expedition will root through their property and all of their correspondence and find some reason to hang them. That is precisely what this policy does, and that is precisely why I think that these searches are not reasonable. The court system might disagree, but it is not responsible for them to do so without giving the matter due examination.
4.22.2008 4:31pm
Brett:
To what Tom Cross said, I'd add the more fundamental point that luggage doesn't serve any purpose except acting as a container for stuff. The stuff is still the same stuff, whether it's inside the container or not. The laptop, in contrast, is responsible for representing the contents of his hard drive in human-comprehensible format: without the laptop (or without copying the data to some other device capable of rendering it), the data's just a bunch of bits.
4.22.2008 4:48pm
NatSecLaw Prof (mail):
Tom Cross, I couldn't disagree with you more. There is no difference between luggage and the leather bag that contains my laptop -- or the laptop itself. My primary piece of luggage has always been my briefcase. Without a doubt, the files I left in my briefcase when I crossed the border have always been subject to search. And, laptops ARE specifically meant for travel. That is why they are designed differently than desktops or servers. All that the technology has done is miniaturize the files. So, now, it easy for me carry around my entire Rolodex (remember those?) and diary and filing cabinet. But the Constitutional analysis remains the same: if I shipped my whole filing cabinet, or Rolodex, or diary, or bulging briefcase over the border, it was always subject to search. The files that I leave in my briefcase as well as the files I leave in my laptop can be searched at the border. Historically, the government has always been able Constitutionally to search anything at the border (even 1st class mail). In the mail context, even 1st Amendment arguments were defeated. If you think that this age of massive transborder business and communications coupled with the ease of leaving too many files in an electronic briefcase add up to a policy argument for adding increased process before a search at the border, then the proper forum for change is Congress, not the courts. It was the district court here that was making new law, not the Circuit. But, I'd have to say, if I were the Congressman voting on a bill to require reasonable suspicion or a warrant at the border, I would vote against it. The Government's need to inspect anything or everything at the border seems axiomatic to me. In this age of industrial espionage and terrorism, I would oppose any measure to restrict the ability of the government to read everything at the border. But, regardless of the policy argument, I think that the Constitutional argument is clear: every file you carry across the border -- whether printed or digital -- has always been subject to search. If you carry it in your luggage, including your briefcase, or if you carry it in your laptop, the "it" is the same -- the document. The document does not magically acquire more protection by converting it from ink on a sheet of compressed papyrus fiber to bits and bytes in a hard drive.
4.22.2008 6:01pm
Dilan Esper (mail) (www):
Sort of like not understanding how Plessy explained how segregation was compatible with the Fourteenth Amendment, despite the apparent plain sense meaning of the text?

Maybe more than you think. Plessy was an offensive decision but was probably largely consonant with original intent and meaning; the drafters did not understand "equal protection of the laws" to require integration, only that facilities actually be equal.
4.22.2008 6:01pm
PC:
But I'd like to add here the practicality of the owner actually not knowing or having border access to his own password or decryption key.


I think it would be a matter of plausibility with something along the lines of: "Yeah, I installed it but I never used it. Can't really remember what the password is."

Prof. Kerr had specifically addressed the issue of forensic analysis and the use of bitstream copies of a hard drive in the paper he linked. I was curious if border agents had the authority to make a copy of your hard drive if they so desired.
4.22.2008 6:35pm
Tom Cross (www):
In regard to the subject of mobile homes, the case is sort of relevant in that you have two standards for expectations of privacy, a home and a car, and a case which blurs those standards. I don't, however, think that the conclusion in that context should define the conclusion in this context. That would only follow if the circumstances that lead to the conclusion in that context apply in this context.

One of those circumstances is the fact that vehicles are inspected by government officials more frequently than homes. That circumstance has nothing to do with laptops.

Obviously everything being carried across a border is "readily mobile." The fact that vehicles are "readily mobile" is only relevant because the vehicle might move while lawful authorization is being obtained to perform a search. In the border search context a determination that "reasonable suspicion" is required to perform a particular kind of search would not introduce delay in performing those searches in the same way that a warrant requirement would, and so the court's observation that laptops are "readily mobile" is not relevant to the question of whether or not "reasonable suspicion" should be required to search them. Ultimately, I think this decision is poor for that reason.
4.22.2008 6:42pm
zippypinhead:
what will border agents actually do when faced with someone whose data are encrypted, and maybe, further, claims not to know the password? ...would CBP take the "if you've done nothing wrong, you've got nothing to hide" tack? I.e., would an agent decide use of encryption is suspicious in itself, enough to merit further investigation/detention/denying entry to the U.S.?
Easy answer: try to enter with a locked suitcase and tell CBP that you don't have a key and don't know how to open it. In 20 seconds the lock will be broken. And if it happens to be a hard-shell metal case with a locking mechanism they can't easily defeat, the case will be confiscated, and you'll be lucky if it doesn't get blown up on a remote corner of the airport tarmac. So short answer = "yes." If you've got it but can't show the contents, CBP may get a wee bit agitated.

The law is fairly settled that you have no expectation of privacy in your possessions when you present yourself for inspection and entry into the U.S. If there is a reasonable suspicion that a computer is either (a) contraband or an instrumentality of a crime (e.g., it's been used to transmit kiddie porn), or (b) a container that holds evidence of a crime (e.g., the fraud conspiracy documents are on it), it can be searched the same way as any other device or container in your possession. Where people get wierded out with computers -- as opposed to the exact same contraband or papers in your briefcase -- is that a computer is, basically, a really LARGE container. Then again, since the same inspection rights apply to 20x40 shipping containers (whether full of drugs, toxic Chinese toys, or the aforementioned fraud conspiracy documents), why should it matter?
4.22.2008 6:44pm
Tom Cross (www):
NatSecLawProf:

Its not the fact that a document has been converted into bits and bytes that makes the difference. It is a matter of scope and frequency. Larger numbers of people are increasingly carrying more detailed records of their personal lives at all times, and this will only become more pervasive as technology improves. Read this Wikipedia article about LifeLogging.

The law does, in fact, say that certain kinds of searches cannot be performed at the border without reasonable suspicion, a standard which is itself so weak as to be nearly meaningless. The question is whether these increasingly detailed and increasingly intimate collections of personal information that we carry with us have become, or soon will become, sensitive enough that they fit within the scope of things for which reasonable suspicion is required.

It may be the case that they have not, and will not, but you seem to go further and suggest that the courts don't even have the right to assess this question! The border search exemption and the reasonable suspicion requirement were both the products of court rulings and not legislation. If the courts "make new law" in limiting the border search exemption then they "made new law" when they created it.

As for the policy question, I frankly don't see why laptops at the border are so fundamentally different from laptops that are not at the border that in one context they can have nearly the strongest privacy protections our system allows but in another they must be subject to random search. The mere fact that terrorism happens does not, in my view, make it "axiomatic" that random searches of laptops are in any way useful at preventing attacks. Security is a question of how best to apply limited resources to create effective protections, its not about doing whatever the hell you can get away with. These laptop searches are an opportunistic exploitation of a legal and technological loophole. They are not part of a comprehensive anti-terrorism strategy. Those rationalizations are offered after the fact.
4.22.2008 7:51pm
Tom Cross (www):
Zippy:


If there is a reasonable suspicion that a computer is either (a) contraband or an instrumentality of a crime (e.g., it's been used to transmit kiddie porn), or (b) a container that holds evidence of a crime (e.g., the fraud conspiracy documents are on it), it can be searched the same way as any other device or container in your possession.

Actually, the ruling here is that "reasonable suspicion" is not required, and the laptop can be searched for any reason at all, or no reason whatsoever, or all laptops could be searched if they had the resources to do it.
4.22.2008 7:56pm
may grad (mail):
zippypinhead:

the problem is that after this case, border officials don't need to even have reasonable suspicion to search a laptop. In other words, they can search EVERYONE's laptop for no reason whatsoever (they probably won't do so because of pracical reasons; but based on this case, it's constitutional).
4.22.2008 7:57pm
David Schwartz (mail):
I think it would be a matter of plausibility with something along the lines of: "Yeah, I installed it but I never used it. Can't really remember what the password is."
Why even answer the question? I don't see why you are required to help them search you.
4.22.2008 8:01pm
zippypinhead:
Tom and May, re:
the problem is that after this case, border officials don't need to even have reasonable suspicion to search a laptop. In other words, they can search EVERYONE's laptop for no reason whatsoever (they probably won't do so because of pracical reasons; but based on this case, it's constitutional).
Exactly. The Circuit applied the same rule that's long applied to physical containers like briefcases and suitcases. I probably shouldn't have used the "reasonable suspicion" phrasing, except that it neatly encapsulated a tacit assumption that as a practical matter CBP isn't likely to have either the time, resources or interest in rummaging around on laptop or PDA unless there's some reason for them to do so. In my experience (from another part of the LE business that obtained assistance from CBP and its predecessor agencies from time to time), I suspect this will happen only where someone is selected for secondary inspection, particularly where they are a border watch hit (not necessarily with a detainer). Assuming they don't find something seriously amiss with your paperwork or luggage, or that their computer doesn't light up when your passport number is entered, I think your attorney-client privileged documents are pretty safe. Probably a lot safer than their hard copy versions are in your briefcase.
4.22.2008 8:14pm
PersonFromPorlock:
UW2L:

Sounds like CBP better get to work setting and educating its agents about a policy for laptop searches and what to do when one encounters encryption, if there isn't such a policy already, to prevent inconsistent and arbitrary treatment of travelers' laptops.

Hoo boy, do you not understand. In America, CBP educates you!

More seriously, it seems to me that coded information can be sent internationally so undetectably (for instance, encoded in the word-strings spammers use to defeat spam filters) that there's no point in searching laptops for fell data.
4.22.2008 9:46pm
Brett:
NatSecLaw Prof writes, about laptops:
All that the technology has done is miniaturize the files.


Behold, blazing ignorance.

As any third-grader can tell you, the files on a computer aren't merely shrunk-down versions of hardcopies. They're converted to an entirely different format such that a piece of software is necessary to retrieve and view them.
4.22.2008 9:47pm
Brett:
In other words, treating the laptop as a mere container treats it solely as data storage and completely ignores the functionality that makes said storage useful -- the machine's ability to translate and display data.

The analogy to hardcopies carried in a briefcase only works if all the hardcopies are translated into Martian, and the government's authority to search and seize also permits agents to compel the documents' owner to provide an on-the-spot translation.

It would be useful if more legal professionals undertook to educate themselves about technology before holding forth about things they are demonstrably ignorant of.
4.22.2008 9:57pm
NatSecLaw Prof (mail):
Dear Brett:

Thanks for educating me. Too bad my "blazing ignorance" wasn't dispelled when I got my Microsoft certifications, wrote software way back when we all used FORTRAN, or built my first computer back in the 70's with a soldering iron and a kit from HeathKit. The fact of the matter is, whether written in English or binary code, whether stored on paper or hard drives, whether in secret code or plain text, the documents are language and informtaion all the same. If the government has the right to inspect them written on paper in Swahili in your pocket when you cross the border, it has the right to inspect them in binary code in the memory of the Blackberry in your pocket. It is, as precedent shows, Constitutionally all the same. The government has the right to inspect what crosses the border.

Why don't you spare us all the attacks and stick to the legal and policy debate?

To use your phrase, it might be helpful if more bloggers like you learned a little law and technology before attacking people behind the shield of anonymity. I don't see any evidence in your writings here that you know anything of either. No wonder so many serious scholars avoid the such forums -- which have the ability to spread ideas easily and quickly but so often are dragged down by people like you into shrill rants. After reviewing your arguments, I still believe that the briefcase analogy remains valid and useful.

The law does not require people to translate what the government inspects. It can be written in secret code on paper or in some obscure language for which the government does not have a ready translator. And, most data files on computers can be "translated" by software that virtually everyone has -- Word, Wordperfect, etc.

And, yes, "All that the technology has done is miniaturize the files." The content remains the same. But, now you can carry in your hand what once required large boxes to ship.

William C. Snyder
Visiting Assistant Professor of Law
Institute for National Security &CounterTerrorism
Syracuse University College of Law

Adjunct Professor of Law
Albany Law School
4.22.2008 11:03pm
Fub:
PC wrote at 4.22.2008 5:35pm:
I think it would be a matter of plausibility with something along the lines of: "Yeah, I installed it but I never used it. Can't really remember what the password is."
My point was narrow, that actually and reasonably provably not knowing the key to decrypt one's own data is easily arranged.

That has one small benefit: you are less likely to be convicted of lying for telling the government official you don't know.

Remember Martha Stewart.
4.23.2008 12:51pm
zippypinhead:
it might be helpful if more bloggers like you learned a little law and technology before attacking people behind the shield of anonymity.
Well put. And in the faint hope that another post can magically convert some of the heat in this thread to light (or do other neat Newtonian physics trix that we mere lawyers can apparently never hope to understand):

The nature of electronically stored information ("ESI"), and the protections that should apply, is a very hot issue well beyond the laptop/PDA border inspection question. In all the contexts in which ESI has been addressed, the going-in assumption is that it's just potentially relevant evidence not all that different from traditional evidence that is "stored" on paper, or on a bloody knife blade, or whatever. ESI is simply maintained in a different form.

As most lawyers on this blog know, The Federal Rules of Civil Procedure were recently amended to specifically take into account issues relating to ESI in ways that take advantage of a lot of very good work by the Sedona Conference, Judge Scheindlin's groundbreaking Zubulake opinions, and many others. I also hear rumors there is also a project underway to update Rule 41 of the Federal Rules of Criminal Procedure (search warrant procedures) to more adequately address ESI issues in the search and seizure context.

Speaking of search warrants, the "nature of the container" issues raised in this thread have been at issue in the search and seizure arena for years. One public source summarizing the way Federal law enforcement and the Federal Courts approach the issue generally is the computer search and seizure manual published by the Computer Crime &Intellectual Property Section of the Criminal Division of the Justice Department (BTW, CCIPS is a career, not political, component of DOJ, and is staffed by attorneys who generally also have computer, engineering, or other technical degrees and experience. Even tho they are saddled with J.D.s, they're actually not morons). If one has the attention span, I'd especially recommend reading the updated Appendix F, which discusses (with case citations) how (and why) law enforcement officials should approach drafting the affidavits necessary to convince Federal Magistrate Judges that there is probable cause to seize computers and related items.

Off topic: Speaking of the online "shield of anonymity" being bandied about on this thread, don't bet the ranch on it. To paraphrase, on the Internet they very well may know you're a dog.
4.23.2008 2:20pm
JustLooking (mail):
The 9th Cir. seems to have gotten this case right, for a change. Although I cringe at knowing that my electronic materials are subject to suspicionless searches at the border (or its equivalent), that seems to be correct interpretation of standing jurisprudence. Any changes in this realm should (but are unlikely to) come from the federal legislative branch.

The wikipedia article on the subject addresses the decision fairly well.
4.23.2008 5:33pm
David W. Hess (mail):
What happens when like with cell phone PDA searches the search of the laptop accesses information not actually contained on the laptop? It is a relatively trivial matter to have a permanent link between a laptop and another system acting as a server where data stored on the server is all but indistinguishable from data stored on the laptop itself.

Do border searches include all files transiting the border as well as all files accessible through a system transiting the border?
4.24.2008 2:34am
zippypinhead:
Do border searches include all files transiting the border as well as all files accessible through a system transiting the border?
The clear and unambiguous answer: "It Depends."

The border search exception generally refers to the Fourth Amendment doctrine that permits warrantless searches of travelers and their possessions at the point of entry (it also applies to shipments of cargo and mail). The 9th Circuit case discussed here holds electronic files in a traveler's possession on a laptop or PDA are searchable, as they would also be if they were paper in a briefcase, or if they were sent via mail or courier. As border search cases go, this isn't a terribly offensive ruling, IMHO, since a series of cases makes clear that CBP can do far more invasive things, like literally disassembling your car at the border to look for contraband without having a reasonable suspicion, provided it only takes them a couple of hours and that they can put it back together again (and if they can't put it back together right, so what -- the courts say you can sue for damages later). As a practical matter, CBP is overwhelmingly unlikely to bother rummaging around on your laptop's HDD without a suspicion there's something there of interest, just like they aren't very likely to remove the gas tank on your car just for fun.

BUT - if a file is not physically present at the border in a laptop or otherwise, but is instead entering the U.S. as a communication, its legal status depends on a lot of factors, and it may be subject to any of several different laws that control how and whether it may be accessed by law enforcement. Relevant factual considerations may include (but are not limited to) whether the communication originates or terminates in the U.S. as opposed to merely transiting the U.S. between two foreign locations (e.g., e-mail between foreign users going through a U.S.-located Internet mailserver); whether the file is intercepted in real time versus found in temporary or permanent electronic storage; if stored, the length of time it's been in storage; the purpose for which the file is being intercepted; whether there are exigent circumstances that require immediate interception; and a host other fact-specific considerations. Depending on the facts, applicable laws may include Title III; the Foreign Intelligence Surveillance Act; the Electronic Communications Privacy Act; various parts of the U.S.A. Patriot Act; and probably some other statutes I'm forgetting. Oh yeah, and a couple of parts of the Bill of Rights, including the Fourth Amendment...

If I understand correctly, you pose a hybrid question about a searchable PDA or laptop at the border that can access a network leading to data that's physically stored elsewhere. Without doing research I don't know if any courts have ruled whether CBP could look at such data. However, I suspect the answer is "no," because the data itself isn't "at the border." In the analogous situation where a warrant is issued for a computer search in one judicial District, and the agents discover the computer is on a network that links to relevant evidence stored in another District, the conventional advice is to seek a second warrant in the other District. If the network leads to overseas data, the situation gets even messier, since it implicates foreign sovereignty as well as Fourth Amendment issues. The computer search and seizure manual I linked to above cautions agents about these exact issues in a warrant execution context.

Clear as mud, right?
4.24.2008 6:36pm
David W. Hess (mail):
I agree zippypinhead. It is clear as mud. :)

The only reason I brought it up was the recent discussion here about police officers searching cell phones and PDAs incident to arrest or during traffic stops where they end up using the device to access information not actually present on the device.

The link you gave (thanks for that) discusses information inadvertently accessed outside of the physical bounds of a warrant but not in connection with an otherwise lawful search without a warrant. The remedy is to get warrants for more then one location if you know ahead of time but since the border search is lawful without a warrant I am not sure why everything accessible from the system being searched would not be fair game. As you point out, this specific situation has not been tested and border agents are unlikely to have the motivation to delve that deeply anyway.

I am going to have to rename my laptop TARDIS since it is apparently larger on the inside then the outside. Full disk cryptography it about as good as the security on the TARDIS as well.
4.24.2008 11:47pm
callao (mail):
This will be another deterrent to tourists and businesspeople visiting the USA.

If you have lots of personal data on your computer, e.g. medical information, naked pictures of your 40 year old girlfriend and your unfinished novel, a search of your laptop is something that you might tend to resent.

There have been a few CBP horror stories in the European media already, stand by for some more.

Is it worth pissing off 1000s of people to maybe catch one or two schmucks with child porn? Cause you can be sure that word has spread among the child porn freaks, and they won't be carrying it around across borders on their laptops anymore.

For this reason, Congress will step in. Unless the USA is completely brain-dead.
4.25.2008 12:54am