By Jay Stanley, Public Education Director, ACLU Technology & Liberty Project
Yesterday, a day after we filed a lawsuit over the matter, DHS issued a new policy on laptop searches at the border. We were not impressed. The new policy imposes some limits on the claimed authority of the U.S. Customs and Border Protection (CBP) agency but leaves intact its unconstitutional policy allowing agents to conduct suspicionless searches of travelers' laptops.
Customs offices in the U.S. and other countries have long had the power to inspect goods being brought into the nation. But it is a radical new step for the government to claim that it can inspect the information being brought across our borders — not only radical, but laughable too.
In a DHS press release, Secretary Janet Napolitano said:
Keeping Americans safe in an increasingly digital world depends on our ability to lawfully screen materials entering the United States.
Clearly, by "materials," CBP now means electronic data as well as physical materials. But does Customs now claim the right to examine all digital "materials" that cross our nation's borders via the Internet? If not, then is it DHS' position that America is massively unsafe until we institute such a system? Also, is America unsafe as long as we permit encrypted digital materials to cross the border, either on someone's person or via the Internet?
If CBP does not claim the radical power to monitor the importation of data into the United States over the Internet, then checking laptops of international travelers is like trying to monitor the trickle of water in a gutter while the Mississippi river flows nearby, unattended.
And so the policy fails not only a constitutional test, but also a basic balancing test: while the damage to privacy is deep and wide-ranging, its security benefit is laughable.
Clearly this policy really has nothing to do with "securing the borders" of the United States in the sense of CBP's right to search and seize for contraband goods. Rather, it is about giving border agents sweeping new powers to peer into the lives and invade the privacy of individuals crossing the border. Today you can easily buy a computer hard drive with a capacity of two terabytes of data; that is equivalent to 10 percent of all the books held in the Library of Congress (usually estimated at 20 terabytes). And taking up that enormous storage volume, people often hold the bulk of their information lives on their laptops — their correspondence, writings, personal photographs and videos, financial and medical records, business dealings (including sometimes trade secrets), reading matter and much else.
In Thomas Jefferson's day, all that would have been stored in his study at Monticello and no government official would have ever had the right to pore over (not to mention, the ability to conduct keyword searches through) that material without a warrant. We need privacy today as much as our founders did in theirs, and shouldn't allow it to slip away because of the shifting technological platforms through which we conduct our business and our lives.
So this is really about giving agents the ability to deeply invade individuals' privacy at a whim, not the ability to "secure the borders" from contraband goods. Clearly when we cross the border we identify ourselves to an extent by presenting our passport. But we have never before, and cannot now permit the government to engage in limitless exploration of our lives under the rationale of security. The battle over laptop searches is part of a larger battle over just how much probing security officials at the border and elsewhere can do; other fronts in that fight include controversies over airline watchlists and the Automated Targeting System.
In the DHS directive itself, the agency writes that searches of computers "and any other electronic or digital devices" are
essential to enforcing the law at the U.S. border. Searches of electronic devices help detect evidence relating to terrorism and other national security matters, human and bulk cash smuggling, contraband, and child pornography. They can also reveal information about financial and commercial crimes, such as those relating to copyright, trademark and export control violations. Finally, searches at the border are often integral to a determination of admissibility under the immigration laws.
Clearly searches of laptops on the border between New Jersey and Pennsylvania, or in libraries, or of citizens walking down the sidewalk, might also from time to time "help detect evidence" related to various crimes. But that has never been enough of a reason in our legal system to allow the authorities to conduct such searches without suspicion of wrongdoing. There is no unique need to conduct such searches at the border, as there is to prevent physical contraband from entering the country.
In any case, anyone carrying personal information on a laptop is well advised to encrypt that data, not only because of our government's aggressive claims for unconstitutional search authority at the border, but also because laptops get lost and stolen. Personally, I use the open-source, easy-to-use TrueCrypt, which not only renders your data inaccessible to anyone up to and including the National Security Agency (as long as they can't get your passphrase), but also includes a feature for plausible deniability in case someone forces you to type in your passphrase (you type in an alternate passphrase and a separate container showing different, unsensitive files opens up instead of your sensitive folder, and no one can prove that the sensitive folder even exists).
Legislation introduced last year by Wisconsin Sen. Russell D. Feingold, called the Travelers' Privacy Protection Act would have imposed the proper constitutional criteria on CBP laptop searches by requiring probable cause. Let's hope Congress isn't fooled by DHS' new policy and proceeds with passing this important legislation.