The United States Government has thrown a cat amongst the pigeons with its ramped up forced data exposure policies affecting travellers to their country. There are reports that increasing numbers of travellers are being forced to unlock and hand over their electronic devices to Border Control agents, who may then download an unencrypted clone of your device’s stored data to store and interrogate at will, potentially forever.
This practice is akin to forcing you to hand over all your email history, all your passwords to your cloud storage and social media accounts, all your phone’s stored location tracking data and call history, all your photos, your complete contact list (which can be used to build a profile of all your associations), and of course access to your finances if you have banking apps installed.
Now many of these things are available to law enforcement in the US anyway, but in pretty much every other circumstance these agencies have to show due cause and convince a judge to issue a warrant before they are allowed to access them.
Even with such a warrant, as recent cases involving the US government and Apple Inc. have shown, device encryption can pose a significant hurdle for law enforcement to overcome, so mass surveillance of the citizenry, at least in terms of the information they choose to encrypt, is somewhat difficult.
I’m sure I’m not alone in deciding that I’d avoid travelling to the US for business or pleasure, because this invasion of privacy affects us more than the threats they use to justify the invasion. It’s just absurd for the US government think it is acceptable to force travelers to unlock their electronic devices and hand them over whilst border control agents download all your data, all your apps with access tokens to your social media and cloud storage accounts, which they can keep and data mine apparently for as long as they want.
The policy is even at odds with existing US laws protecting various privileged information, such as Attorney-client privilege, HEPAA laws protecting medical patient records, and Federal laws about classified information which make it an offence for the person with security clearance to divulge classified information to an uncleared individual, opening both parties to criminal prosecution. Journalist are normally protected from being forced to divulge their sources, but not so when crossing a US boarder.
There’s also the issue of how this information and power is handled by Border Control. What stops an agent with a grudge from planting incriminating evidence whilst your phone is out of your control, because they took some offense at, let’s say, your loose morals because you were a woman travelling alone and showing too much cleavage for their conservative Christian sensibilities? Or because you’re from an ethnic group they don’t like? Or they don’t like your face/clothes/smell/hair? Or from selling your employer’s immensely valuable plans for their new design to your competition? How would the link to the Border Control agent even be established in court, if not divulged by the competitor when sued, especially since then they have rights and can’t be forced to divulge where the information came from?
What protections are in place to ensure your data they store indefinitely is protected from hackers, or the even more likely threat from government employees with huge power, but comparatively low income? Here’s a handy but depressing list of data breaches which are known to have occured, and as you can see, there are several Government agencies listed including the Department of Homeland Security no less.
Even US citizens with 4th and 5th Amendment rights have to give them up when crossing US border. It doesn’t matter if you’re a Federal employee with classified government data, as seen recently when a Jet Propulsion Laboratories employee was allegedly detained by Border Control agents because he initially refused to hand over his unlocked device which potentially contained classified information and access to various JPL and NASA systems. Imagine being put in the position where you have to break company policies, or worse, Federal Law, before as a citizen you will be permitted reentry to your own country?
Recommendations include leaving all your devices at home, which is absurd for business travellers, and hugely inconvenient for everyone. You might also wipe your devices and restore their data from cloud backup once you reach your destination, but this could be highly expensive depending on your access to a low cost, fast internet connection (a nirvana for international travellers, seldom seen but spoken of in hushed, awed tones amongst seasoned travellers). At best it’s another massive inconvenience.
But the kicker is that terrorists or criminals can so easily avoid disclosing information this way by traveling with clean devices, keeping their special terrorist or criminal secrets in cloud systems. Inconvenient to the terrorist for sure – but they have special motivation and much more to lose.
The US government is the USA’s greatest threat to commerce. Businesses talk about being “easy to do business with” as a priority because customers will go elsewhere if the cost of transaction is too high.
Well America, these costs are too high.