Slashdot Mirror

← Back to Stories (view on slashdot.org)

Border Patrol Says It's Barred From Searching Cloud Data On Phones (nbcnews.com)

Posted by BeauHD on from the contrary-to-popular-belief dept.

According to a letter obtained by NBC News, U.S. border officers aren't allowed to look at any data stored only in the "cloud" -- including social media data -- when they search U.S. travelers' phones. "The letter (PDF), sent in response to inquiries by Sen. Ron Wyden, (D-Ore.), and verified by Wyden's office, not only states that CBP doesn't search data stored only with remote cloud services, but also -- apparently for the first time -- declares that it doesn't have that authority in the first place." From the report: In April, Wyden and Sen. Rand Paul, R-Ky., introduced legislation to make it illegal for border officers to search or seize cellphones without probable cause. Privacy advocates and former Homeland Security lawyers have said they are alarmed by how many phones are being searched. The CBP letter, which is attributed to Kevin McAleenan, the agency's acting commissioner, is dated June 20, four months after Wyden asked the Department of Homeland Security (PDF), CBP's parent agency, to clarify what he called the "deeply troubling" practice of border agents' pressuring Americans into providing passwords and access to their social media accounts. McAleenan's letter says officers can search a phone without consent and, except in very limited cases, without a warrant or even suspicion -- but only for content that is saved directly to the device, like call histories, text messages, contacts, photos and videos.

1 of 74 comments (clear)

  1. Re:Look At The Other Hand by Miamicanes · · Score: 5, Interesting

    Bonus points if you intentionally craft the phone/laptop's browser history with embedded Javascript to pwn the agent's own computer when s/he goes to view it using some badly-written viewer that naively renders it straight into an IE window. And plenty of JPEG cat images crafted to exploit buffer overflow vulnerabilities.

    Or, if you just want a free ticket to Defcon next year as a speaker, make an image backup of your hard drive & any embedded firmware onto immutable media (like BD-R) prior to passing through customs, let CBP have fun installing malware on it, then diff your homemade honeypot against that backup when you get home and reverse-engineer any changes they made.