Without suspicion, U.S. border officials can search the electronic devices of individuals attempting to enter the U.S. or are found domestically up to 100 miles from the border. There is no data protection. If the CBP (Customs and Border Protection) officer suspects a violation of the law or has national security concerns, he may choose to copy all data and dump it into the Automated Targeting System database.
If the person concerned does not reveal their password, the border authorities can confiscate the device for five days. Then devices for forensic data extraction are used. That’s what the US Department of Homeland Security (DHS) said to House officials this summer, reports the US daily Washington Post. There is no guarantee that no data will be planted because the extraction is done behind closed doors and without independent oversight.
Of course, private information from uninvolved people also gets into the automated targeting system with the data. Address book entries, e-mails, text messages, call logs, photos, and so on are not always selfies and monologues. All copied data will be stored for 15 years – contrary to claims on a form that border officials are supposed to hand over after the confiscation. There it is misleadingly stated that the border authority CBP “could keep documents and information for entry, customs and other legal enforcement (…)” – provided that this is compatible with the “data protection and data security standards of the storage system”.
Over 100 electronic searches daily
In fact, in practice, the agency grabs the entire address book, call log, and communications it can find. The overarching Department of Homeland Security does not reveal precise information on how often border officials tap data from other people’s cell phones, laptops, smartwatches, tablets, cameras and other data carriers.
Just this much: In the twelve months to October 2021 – despite COVID-related travel bans – 37,000 travelers were screened in this regard. That was at least a manual search, but it could also have been a complete data copy, which is taken “up to 10,000 times a year” and only when “absolutely necessary”, if the CBP information is correct.
No independent control of further data use
3,000 border officials currently have access to the database. You can browse it without court approval, without having to record the reason for the query. And if another US agency asks for it, the border agency can also pass on the data. Thus, the Fourth Amendment of the US Constitution, which grants US persons protection against arbitrary searches, is undermined.
According to a CBP spokeswoman, the automated targeting system is used against individuals of “significant law enforcement and counterterrorism interest” and other national security concerns. In addition, there are internal rules designed to ensure that searches are carried out “carefully, responsibly and in accordance with public trust”.
In view of the lack of transparency, trust must be high. The authorities do not even reveal how large the database, which has been fed since 2007, is now or how many people are trapped in it.
Legislative motion on siding
Senators Ron Wyden (Democrat) and Rand Paul (Republican) introduced a joint bill over a year ago that is intended to curb the uncontrolled activity, but only as far as US persons are concerned: access to the devices should only be permitted with the consent of the US -person or with judicial approval, entry or exit must not be made conditional on consent, and US persons should be detained for a maximum of four hours if they do not consent. Devices should only be confiscated if there is a suspicion that they contain information relevant to a crime.
There would be exceptions for emergencies where the judicial approval is sufficient afterwards. In addition, the border authority should have to make a file note every time someone else accesses a device at the border. The bill from July 2021 disappeared in a Senate drawer after it was introduced and was not processed further.
A Court of Auditors report criticized the 2018 data collection program. A year ago, the Court of Auditors again found that the border agency “does not properly document searches of electronic devices, do not fully assess the effectiveness of the search program, and do not properly handle their search equipment.”
To home page