Slashdot Mirror

← Back to Stories (view on slashdot.org)

Border Patrol Says It's Barred From Searching Cloud Data On Phones (nbcnews.com)

Posted by BeauHD on from the contrary-to-popular-belief dept.

According to a letter obtained by NBC News, U.S. border officers aren't allowed to look at any data stored only in the "cloud" -- including social media data -- when they search U.S. travelers' phones. "The letter (PDF), sent in response to inquiries by Sen. Ron Wyden, (D-Ore.), and verified by Wyden's office, not only states that CBP doesn't search data stored only with remote cloud services, but also -- apparently for the first time -- declares that it doesn't have that authority in the first place." From the report: In April, Wyden and Sen. Rand Paul, R-Ky., introduced legislation to make it illegal for border officers to search or seize cellphones without probable cause. Privacy advocates and former Homeland Security lawyers have said they are alarmed by how many phones are being searched. The CBP letter, which is attributed to Kevin McAleenan, the agency's acting commissioner, is dated June 20, four months after Wyden asked the Department of Homeland Security (PDF), CBP's parent agency, to clarify what he called the "deeply troubling" practice of border agents' pressuring Americans into providing passwords and access to their social media accounts. McAleenan's letter says officers can search a phone without consent and, except in very limited cases, without a warrant or even suspicion -- but only for content that is saved directly to the device, like call histories, text messages, contacts, photos and videos.

11 of 74 comments (clear)

  1. Well obviously by cfalcon · · Score: 5, Insightful

    Obviously if your data is in the cloud, the government already has access to it if it needs. This just looks like a territorial dispute between different parts of the government...

  2. Misdirection by martok · · Score: 3, Funny

    CBP: "That's right folks. Store your data in the cloud because that is where it is most secure." Well played but no thanks.

    1. Re:Misdirection by slick7 · · Score: 2

      What happens on a bright sunny day when the clouds disappear?

      --
      The mind conceives, the body achieves, the spirit manifests.
    2. Re:Misdirection by Kjella · · Score: 4, Interesting

      CBP: "That's right folks. Store your data in the cloud because that is where it is most secure." Well played but no thanks.

      What would you rather want, a ruling that they can? Also, remember that "the cloud" is not a legal term - if they can legally access your Dropbox/Facebook account, they can also access your personal Linux server you saved the ssh password for. Besides this fully makes legal sense, border control has the right to search the data you are trying to bring into the country. Data on a remote server you may potentially never access from or bring to the US should obviously not be part of the border search. I know many people here don't like concept of an electronic search at the border at all, but if you want that limited to a physical search for contraband the law needs to change. Until then use one of the many obvious ways to not have your private data accessible at the border.

      --
      Live today, because you never know what tomorrow brings
  3. Look At The Other Hand by rtb61 · · Score: 3, Interesting

    Ohh, it's a look at the other hand story, a magic trick. Folks they are not searching you phones for data, they grab it search your identity and then decide whether or not they install software onto your phone. They do not want to search your phone once, they want to search it for as long as it lasts. If it was about searching your phone, they would do it too your face, to watch reaction as they searched each directory. Nope, they hide the search from you, don't let you see it because they are not taking off but adding on and they most definitely do not want you to see that.

    You can store a lot on phones nowadays and creating a copy via a USB (searching is not copying everything for ever) and getting a 100mb off a phone takes quite some time, queues at airports would be many kilometres long and really they only take enough time to add software rather than copy data.

    I think people are starting to realise and hence are becoming far more cautious and are not travelling through US espionage customs with zero digital devices. Cheaper to buy a burner phone at the new location than attempt to clean a spy ridden one. When travelling overseas leave your personal phone at home and buy a new one when you get there. When you want to bring your digital data back from over seas, encrypt it and send it back to your localised ISP storage or on a device you had hooked up to your home network. When they ask, do you have anything to declare, answer in a proud voice, I like me privacy and I have nothing for you to search or add spyware to.

    --
    Chaos - everything, everywhere, everywhen
    1. Re:Look At The Other Hand by AHuxley · · Score: 2

      Re "Cheaper to buy a burner phone at the new location than attempt to clean a spy ridden one."
      The detection rate would be even more easy then.
      Normal people have a smart phone with history. Normal people show what is on their phone and the details go back years in an average and normal way.
      A person with no phone in 2017 is interesting.
      A wealthy person with a new phone with no contacts or history?
      What happened to their old phone? Lost? Stolen? Why not recover all data back into the replacement? Or add some of the data?

      East Germany tried to place its young graduates into West Germany. So they would advance up in the West German gov/mil/private sector and would spy over decades.
      To do so they would have to interact with some local government in West Germany.
      Average West Germans made some counter culture comments https://en.wikipedia.org/wiki/.... Clothing, hair styles was often very different to past German generations. Some loud and direct political comments to the government while getting their papers worked on was expected.
      Then along comes a nice person with a good hair cut, nice clothing and very correct and different attitude. They stood out in a large group as East Germany never fully understood West German culture at that time. Their "spy" looked like special forces with a distinctive hair cut, they had all their papers ready and a good attitude when talking. Guess who was pulled out of the line for further questions every time?

      Its the same with digital devices in 2017. Having nothing or a new empty smart phone stands out in a world of normal people with years of digital history per device.

      --
      Domestic spying is now "Benign Information Gathering"
    2. Re:Look At The Other Hand by Miamicanes · · Score: 5, Interesting

      Bonus points if you intentionally craft the phone/laptop's browser history with embedded Javascript to pwn the agent's own computer when s/he goes to view it using some badly-written viewer that naively renders it straight into an IE window. And plenty of JPEG cat images crafted to exploit buffer overflow vulnerabilities.

      Or, if you just want a free ticket to Defcon next year as a speaker, make an image backup of your hard drive & any embedded firmware onto immutable media (like BD-R) prior to passing through customs, let CBP have fun installing malware on it, then diff your homemade honeypot against that backup when you get home and reverse-engineer any changes they made.

  4. Re:Searching tablets too or just phones? by AHuxley · · Score: 2

    AC every bag, device and its storage has been open to search.
    People have returned to the USA with material that results in further investigation on their camera SD cards or on the past film.
    Digital devices can now hold many images or video files.
    Now that same interesting data is been uploaded to cloud services.
    Metadata could show gps locations in nations of interest to the USA not covered by any visa or digital passport entry/exit records.
    Thats why images and modern files with metadata are of so much interest. They show faces, gps location, dates and names of banned groups.
    Just a "holiday" is often a meeting with banned groups. Using the cloud to hide such meetings from detection is not good for investigators.

    --
    Domestic spying is now "Benign Information Gathering"
  5. Re:Funding and support by AHuxley · · Score: 2

    Re 'Ever notice how rarely trolls put effort into any of the qualities you named, while their end goal is to influence people like puppets?"
    GCHQ has tools to manipulate online information, leaked documents show (15 July 2014)
    https://www.theguardian.com/uk...
    The term automated would cover that effort.

    --
    Domestic spying is now "Benign Information Gathering"
  6. Re: "without consent" by sjames · · Score: 2

    Based on recent court rulings, I'd guess somewhere around the third tooth they drill out without anesthetic.

  7. Re: "without consent" by geekmux · · Score: 5, Insightful

    At what point would that become coercion?

    Doesn't fucking matter. The average citizen does not have the financial means to defend even a single unconstitutional action against them. The Legal Industrial Complex is second only to the Medical Industrial Complex in terms of committing financial ass-rape against consumers. And those committing illegal actions against citizens know this.

    Your only real chance is to arm yourself with enough legal knowledge to damn near pass a Bar Exam in hopes of diffusing a situation without being forced to defend yourself in a courtroom. Otherwise, you're likely going to be financially fucked. Is pissing away a chunk of your net worth or going into considerable debt really worth not giving up a social media password? Sorry kids, Daddy can't afford to help you with college. Refused to comply with an illegal search a few years ago. Kind of ate up the college fund.

    The only Right we have left is the Right to ignorantly assume we can still afford any other Right history has bestowed upon us.