Become a fan of Slashdot on Facebook


Forgot your password?
Cloud Cellphones Government Privacy Security Social Networks United States Hardware

Border Patrol Says It's Barred From Searching Cloud Data On Phones ( 74

According to a letter obtained by NBC News, U.S. border officers aren't allowed to look at any data stored only in the "cloud" -- including social media data -- when they search U.S. travelers' phones. "The letter (PDF), sent in response to inquiries by Sen. Ron Wyden, (D-Ore.), and verified by Wyden's office, not only states that CBP doesn't search data stored only with remote cloud services, but also -- apparently for the first time -- declares that it doesn't have that authority in the first place." From the report: In April, Wyden and Sen. Rand Paul, R-Ky., introduced legislation to make it illegal for border officers to search or seize cellphones without probable cause. Privacy advocates and former Homeland Security lawyers have said they are alarmed by how many phones are being searched. The CBP letter, which is attributed to Kevin McAleenan, the agency's acting commissioner, is dated June 20, four months after Wyden asked the Department of Homeland Security (PDF), CBP's parent agency, to clarify what he called the "deeply troubling" practice of border agents' pressuring Americans into providing passwords and access to their social media accounts. McAleenan's letter says officers can search a phone without consent and, except in very limited cases, without a warrant or even suspicion -- but only for content that is saved directly to the device, like call histories, text messages, contacts, photos and videos.
This discussion has been archived. No new comments can be posted.

Border Patrol Says It's Barred From Searching Cloud Data On Phones

Comments Filter:
  • Well obviously (Score:5, Insightful)

    by cfalcon ( 779563 ) on Thursday July 13, 2017 @08:27PM (#54805559)

    Obviously if your data is in the cloud, the government already has access to it if it needs. This just looks like a territorial dispute between different parts of the government...

  • by martok ( 7123 ) on Thursday July 13, 2017 @08:34PM (#54805599)

    CBP: "That's right folks. Store your data in the cloud because that is where it is most secure." Well played but no thanks.

    • by slick7 ( 1703596 )
      What happens on a bright sunny day when the clouds disappear?
    • Re:Misdirection (Score:5, Interesting)

      by Kjella ( 173770 ) on Thursday July 13, 2017 @09:06PM (#54805803) Homepage

      CBP: "That's right folks. Store your data in the cloud because that is where it is most secure." Well played but no thanks.

      What would you rather want, a ruling that they can? Also, remember that "the cloud" is not a legal term - if they can legally access your Dropbox/Facebook account, they can also access your personal Linux server you saved the ssh password for. Besides this fully makes legal sense, border control has the right to search the data you are trying to bring into the country. Data on a remote server you may potentially never access from or bring to the US should obviously not be part of the border search. I know many people here don't like concept of an electronic search at the border at all, but if you want that limited to a physical search for contraband the law needs to change. Until then use one of the many obvious ways to not have your private data accessible at the border.

    • by Anonymous Coward

      "The cloud" doesn't have to mean "someone else's server". It can simply mean "a server that I run from my basement" in this case, since that's also not on the device itself.

  • by Anonymous Coward

    Now they can reject asylum [] seekers without even bothering to process them.

    Soon they'll be free to deport anybody that simply isn't a loyal enough American, eh, Comrade?

    And the border wall will be transparent [] as well as solar powered.

    Somebody please tell me that he's sundowning.

    • by Anonymous Coward

      Loyal to America? No.
      Trump does "loyal to Trump" not "loyal to America". Foreign spies are fine, dictators flagged as enemies of the US are fine... as long as they help *Trump*.

      1) It should be clear from the emails that Trump knew about his Russian help.
      2) If you look at the data Russia hacked, it was ELECTORAL ROLLS mostly.
      3) This is the same data that Trump is trying to get now as his role of Whitehouse squatter.
      4) So if you follow the data that will have gone to someone to help Trump 'win' an election.

  • But if they say you can't leave for 4 hours unless you show them your Facebook, and you yield. That's giving them permission to search your Facebook. So the "cloud" distinction mentioned doesn't apply.
    • At what point would that become coercion?

      • by sjames ( 1099 )

        Based on recent court rulings, I'd guess somewhere around the third tooth they drill out without anesthetic.

      • by geekmux ( 1040042 ) on Friday July 14, 2017 @05:42AM (#54807183)

        At what point would that become coercion?

        Doesn't fucking matter. The average citizen does not have the financial means to defend even a single unconstitutional action against them. The Legal Industrial Complex is second only to the Medical Industrial Complex in terms of committing financial ass-rape against consumers. And those committing illegal actions against citizens know this.

        Your only real chance is to arm yourself with enough legal knowledge to damn near pass a Bar Exam in hopes of diffusing a situation without being forced to defend yourself in a courtroom. Otherwise, you're likely going to be financially fucked. Is pissing away a chunk of your net worth or going into considerable debt really worth not giving up a social media password? Sorry kids, Daddy can't afford to help you with college. Refused to comply with an illegal search a few years ago. Kind of ate up the college fund.

        The only Right we have left is the Right to ignorantly assume we can still afford any other Right history has bestowed upon us.

  • by rtb61 ( 674572 ) on Thursday July 13, 2017 @09:08PM (#54805805) Homepage

    Ohh, it's a look at the other hand story, a magic trick. Folks they are not searching you phones for data, they grab it search your identity and then decide whether or not they install software onto your phone. They do not want to search your phone once, they want to search it for as long as it lasts. If it was about searching your phone, they would do it too your face, to watch reaction as they searched each directory. Nope, they hide the search from you, don't let you see it because they are not taking off but adding on and they most definitely do not want you to see that.

    You can store a lot on phones nowadays and creating a copy via a USB (searching is not copying everything for ever) and getting a 100mb off a phone takes quite some time, queues at airports would be many kilometres long and really they only take enough time to add software rather than copy data.

    I think people are starting to realise and hence are becoming far more cautious and are not travelling through US espionage customs with zero digital devices. Cheaper to buy a burner phone at the new location than attempt to clean a spy ridden one. When travelling overseas leave your personal phone at home and buy a new one when you get there. When you want to bring your digital data back from over seas, encrypt it and send it back to your localised ISP storage or on a device you had hooked up to your home network. When they ask, do you have anything to declare, answer in a proud voice, I like me privacy and I have nothing for you to search or add spyware to.

    • by AHuxley ( 892839 )
      Re "Cheaper to buy a burner phone at the new location than attempt to clean a spy ridden one."
      The detection rate would be even more easy then.
      Normal people have a smart phone with history. Normal people show what is on their phone and the details go back years in an average and normal way.
      A person with no phone in 2017 is interesting.
      A wealthy person with a new phone with no contacts or history?
      What happened to their old phone? Lost? Stolen? Why not recover all data back into the replacement? O
      • I believe your argument works against you. The people in your example stuck out because they were strangers in a strange land, not just because they had a nice haircut and a sunny demeanor. Certainly their appearance and demeanor added to the "oddness" effect but I have my doubts that was the only reason they were given scrutiny.

        A person that knows the local customs, because they are locals, would not trigger the "oddness" detector like a person that did not know those customs. People even in 2017 don't

        • by AHuxley ( 892839 )
          Re Besides, what are they going to do about it?
          The really good news now is that a lot of shared mil/gov/police and private sector databases exist. All kinds of nations and some unexpected nations support the USA in finding criminals and interesting people.
          So many images are captured around the world by all kinds of groups and given back to US law enforcement.

          Social media is packed with interesting people supporting banned groups trying to enter or exit the USA.
          The more a "normal" person tires to hide
      • by Lumpy ( 12016 )

        "Normal people have a smart phone with history. Normal people show what is on their phone and the details go back years in an average and normal way."

        no they don't. Most people do not transfer absolutely everything to their phone every time. Even Photos and videos do not auto transfer and all the apps only a handful you tell to do a "cloud sync" will transfer any data.

        Also most people use their phone replacement as an opportunity to clean house.

        If you think there is years of data on there then you have

    • by Miamicanes ( 730264 ) on Thursday July 13, 2017 @11:21PM (#54806269)

      Bonus points if you intentionally craft the phone/laptop's browser history with embedded Javascript to pwn the agent's own computer when s/he goes to view it using some badly-written viewer that naively renders it straight into an IE window. And plenty of JPEG cat images crafted to exploit buffer overflow vulnerabilities.

      Or, if you just want a free ticket to Defcon next year as a speaker, make an image backup of your hard drive & any embedded firmware onto immutable media (like BD-R) prior to passing through customs, let CBP have fun installing malware on it, then diff your homemade honeypot against that backup when you get home and reverse-engineer any changes they made.

    • by houghi ( 78078 )

      I have several phones lying around at home. I assume most people will hold on to their old phones or at least one of them.

      If I ever get to travel to the US, I would be doing so as a tourist. I would just us an old phone and put on just the things I really need, like travel.
      Also no password protection (when I go over the border) and a fake email address.

      This is more than what I had to do when I traveled through east Germany.

      OTOH, let's not go to the USofA. It is a silly place.

  • That's the NSA's job. No need to duplicate the effort...
  • by Lumpy ( 12016 )

    Those assholes should not be able to search phones in general.

    Hoping that even more is taken from them to restore our rights once more.