{"id":15424,"date":"2017-01-26T10:12:57","date_gmt":"2017-01-26T15:12:57","guid":{"rendered":"http:\/\/www.megalextoria.com\/wordpress\/?p=15424"},"modified":"2017-01-26T10:12:57","modified_gmt":"2017-01-26T15:12:57","slug":"fear-materialized-border-agents-demand-social-media-data-from-americans","status":"publish","type":"post","link":"http:\/\/www.megalextoria.com\/wordpress\/index.php\/2017\/01\/26\/fear-materialized-border-agents-demand-social-media-data-from-americans\/","title":{"rendered":"Fear Materialized: Border Agents Demand Social Media Data from Americans"},"content":{"rendered":"

The Council on American-Islamic Relations (CAIR) recently filed complaints<\/a> against U.S Customs and Border Protection (CBP) for, in part, demanding social media information<\/a> from Muslim American citizens returning home from traveling abroad. According to CAIR, CBP accessed public posts by demanding social media handles, and potentially accessed private posts by demanding cell phone passcodes and perusing social media apps. And border agents allegedly physically abused one man who refused to hand over his unlocked phone.<\/p>\n

CBP recently began asking foreign visitors<\/a> to the U.S. from Visa Waiver Countries for their social media identifiers. Last fall we filed our own comments<\/a> opposing the policy, and joined two sets of coalition comments<\/a>, one by the Center for Democracy & Technology<\/a> and the other by the Brennan Center for Justice<\/a>. Notably, CBP explained<\/a> that it was only seeking publicly available social media data, \u201cconsistent with the privacy settings the applicant has set on the platforms.\u201d<\/p>\n

We raised concerns that the policy would be extended to cover Americans and private data. It appears our fears have come true far faster than we expected. Specifically, we wrote<\/a>:<\/p>\n

It would be a series of small steps for CBP to require all <\/i>those seeking to enter the U.S.\u2014both foreign visitors and U.S. citizens and residents returning home\u2014to disclose their social media handles to investigate whether they might have become a threat to homeland security while abroad. Or CBP could subject both foreign visitors and U.S. persons to invasive device<\/i> searches at ports of entry with the intent of easily accessing any and all <\/i>cloud data; CBP could then access both public and private online data\u2014not just social media content and contacts that may or may not be public (e.g., by perusing a smartphone\u2019s Facebook app), but also other private communications and sensitive information such as health or financial status.<\/blockquote>\n

We believe that the CBP practices against U.S. citizens alleged by CAIR violate the Constitution. Searching through Americans\u2019 social media data and personal devices intrudes upon both First and Fourth Amendment rights.<\/p>\n

CBP\u2019s 2009 policy<\/a> on border searches of electronic devices is woefully out of date. It does not contemplate how accessing social media posts and other communications\u2014whether public or private\u2014creates chilling effects on freedom of speech, including the First Amendment right to speak anonymously, and the freedom of association<\/a>.<\/p>\n

Nor does the policy recognize the significant privacy invasions of accessing private social media data and other cloud content that is not publicly viewable. In claiming<\/a> that its program of screening the social media accounts of Visa Waiver Program visitors does not bypass privacy settings, CBP is paying more heed to the rights of foreigners than American citizens.<\/p>\n

Finally, the CBP policy does not address recent court decisions that limit the border search exception, which permits border agents to conduct \u201croutine\u201d searches without a warrant or individualized suspicion (contrary to the general Fourth Amendment rule requiring a warrant based on probable cause for government searches and seizures). These new legal rulings place greater Fourth Amendment restrictions on border searches of digital devices that contain highly personal information.<\/p>\n

As we recently explained<\/a>:<\/p>\n

The U.S. Court of Appeals for the Ninth Circuit in U.S. v. Cotterman<\/i> (2013)<\/a> held that border agents needed to have reasonable suspicion\u2014somewhere between no suspicion and probable cause\u2014before they could conduct a \u201cforensic\u201d search, aided by sophisticated software, of the defendant\u2019s laptop\u2026.<\/p>\n

The Supreme Court held in Riley v. California<\/i> (2014)<\/a> that the police may not invoke another exception to the warrant requirement, the search-incident-to-arrest exception, to search a cell phone possessed by an arrestee\u2014instead, the government needs a probable cause warrant. The Court stated, \u201cOur holding, of course, is not that the information on a cell phone is immune from search; it is instead that a warrant is generally required before such a search, even when a cell phone is seized incident to arrest.\u201d<\/blockquote>\n

Although Riley<\/i> was not a border search case, the Riley<\/i> rule should apply at the border, too<\/a>. Thus, CBP agents should be required to obtain a probable cause warrant before searching a cell phone or similar digital device.<\/p>\n

Both Riley<\/i> and Cotterman<\/i> recognized that the weighty privacy interests in digital devices are even weightier when law enforcement officials use these devices to search cloud content. A digital device is not an ordinary \u201ceffect\u201d<\/a> akin to a piece of luggage or wallet, but rather is a portal into an individual\u2019s entire life, much of which is online.<\/p>\n

The Ninth Circuit wrote:<\/p>\n

With the ubiquity of cloud computing, the government\u2019s reach into private data becomes even more problematic. In the \u201ccloud,\u201d a user\u2019s data, including the same kind of highly sensitive data one would have in \u201cpapers\u201d at home, is held on remote servers rather than on the device itself. The digital device is a conduit to retrieving information from the cloud, akin to the key to a safe deposit box. Notably, although the virtual \u201csafe deposit box\u201d does not itself cross the border, it may appear as a seamless part of the digital device when presented at the border.<\/p><\/blockquote>\n

And the Supreme Court wrote:<\/p>\n

To further complicate the scope of the privacy interests at stake, the data a user views on many modern cell phones may not in fact be stored on the device itself. Treating a cell phone as a container whose contents may be searched incident to an arrest is a bit strained as an initial matter\u2026. But the analogy crumbles entirely when a cell phone is used to access data located elsewhere, at the tap of a screen. That is what cell phones, with increasing frequency, are designed to do by taking advantage of \u201ccloud computing.\u201d Cloud computing is the capacity of Internet-connected devices to display data stored on remote servers rather than on the device itself. Cell phone users often may not know whether particular information is stored on the device or in the cloud, and it generally makes little difference.<\/p><\/blockquote>\n

The Riley<\/i> Court went on to state:<\/p>\n

The United States concedes that the search incident to arrest exception may not be stretched to cover a search of files accessed remotely\u2014that is, a search of files stored in the cloud\u2026. Such a search would be like finding a key in a suspect\u2019s pocket and arguing that it allowed law enforcement to unlock and search a house.<\/p><\/blockquote>\n

Thus, the border search exception also should not be \u201cstretched to cover\u201d social media or other cloud data, particularly that which is protected by privacy settings and thus not publicly viewable. In other words, a border search of a traveler\u2019s cloud content is not \u201croutine\u201d and thus should not be allowed in the absence of individualized suspicion. Indeed, border agents should heed the final words of the unanimous Riley<\/i> decision: \u201cget a warrant.\u201d<\/p>\n

We hope CBP will fully and fairly investigate CAIR\u2019s grave allegations and provide a public explanation. We also urge the agency to change its outdated policy on border searches of electronic devices to comport with recent developments in case law. Americans should not fear having their entire digital lives unreasonably exposed to the scrutiny of the federal government simply because they travel abroad.<\/p>\n

Source: Fear Materialized: Border Agents Demand Social Media Data from Americans | Electronic Frontier Foundation<\/a><\/em>
\n