Slashdot Mirror
Border Agents Fail To Delete Personal Data of Travelers After Electronic Searches, Watchdog Says (gizmodo.com)
The Department of Homeland Security's internal watchdog, known as the Office of the Inspector General (OIG) found that the majority of U.S. Customs and Border Protection (CBP) agents fail to delete the personal data they collect from travelers' devices. Last year alone, border agents searched through the electronic devices of more than 29,000 travelers coming into the country. "CBP officers sometimes upload personal data from those devices to Homeland Security servers by first transferring that data onto USB drives -- drives that are supposed to be deleted after every use," Gizmodo reports. From the report: Customs officials can conduct two kinds of electronic device searches at the border for anyone entering the country. The first is called a "basic" or "manual" search and involves the officer visually going through your phone, your computer or your tablet without transferring any data. The second is called an "advanced search" and allows the officer to transfer data from your device to DHS servers for inspection by running that data through its own software. Both searches are legal and don't require a warrant or even probable cause -- at least they don't according to DHS. It's that second kind of search, the "advanced" kind, where CBP has really been messing up and regularly leaving the personal data of travelers on USB drives.
According to the new report [PDF]: "[The Office of the Inspector General] physically inspected thumb drives at five ports of entry. At three of the five ports, we found thumb drives that contained information copied from past advanced searches, meaning the information had not been deleted after the searches were completed. Based on our physical inspection, as well as the lack of a written policy, it appears [Office of Field Operations] has not universally implemented the requirement to delete copied information, increasing the risk of unauthorized disclosure of travelers' data should thumb drives be lost or stolen." The report also found that Customs officers "regularly failed to disconnect devices from the internet, potentially tainting any findings stored locally on the device." It also found that the officers had "inadequate supervision" to make sure they were following the rules. There's also a number of concerning redactions. For example, everything from what happens during an advanced search after someone crosses the border to the reason officials are allowed to conduct an advanced search at all has been redacted.
According to the new report [PDF]: "[The Office of the Inspector General] physically inspected thumb drives at five ports of entry. At three of the five ports, we found thumb drives that contained information copied from past advanced searches, meaning the information had not been deleted after the searches were completed. Based on our physical inspection, as well as the lack of a written policy, it appears [Office of Field Operations] has not universally implemented the requirement to delete copied information, increasing the risk of unauthorized disclosure of travelers' data should thumb drives be lost or stolen." The report also found that Customs officers "regularly failed to disconnect devices from the internet, potentially tainting any findings stored locally on the device." It also found that the officers had "inadequate supervision" to make sure they were following the rules. There's also a number of concerning redactions. For example, everything from what happens during an advanced search after someone crosses the border to the reason officials are allowed to conduct an advanced search at all has been redacted.
Raise your hand if you didn't expect that one...
The still untried solution awaits
“He’s not deformed, he’s just drunk!”
The restrictions placed on the government by our Constitution continue to go on, when will people wake up?
I'm surprised that two out of the five actually did delete the data.
I wonder how much of this is "Quick Format" and "Hey we found old data here!" kind of things?
But I think we buried the lead here. What really concerns me is that the documentation about the searches and why they where conducted is woefully lacking (see page 6 of the PDF). Seems that this process is ripe for abuse and that the controls in place for keeping this on the up and up are being ignored.
Think of it this way.. IF nobody is documenting why and when this is being done, there is no real proof and no real way to get it to stop if it really is out of hand.
"File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
Always forgetting to delete, derp!
The USA is actually hard copying data from travelers phones? Jesus I'm glad I stopped flying through the US 5 years ago.
they've, no doubt, done nothing wrong.
they probably share "interesting" pictures and other data among themselves, too.
They can sell it :(
[($)]
Well of course every hot chick is a potential security threat...
What's to stop you from removing the Micro SDHC card from your phone before the search? They're not getting their hands on MY MP3 files!
I've abandoned my search for truth; now I'm just looking for some useful delusions.
USB killer for the lulz.
Can anyone confirm if we're talking about persons crossing the North/South borders of America or does these search rules apply to people flying in and out of the country at this point in time?
If I'm your average foreigner flying in from Australia can agents in US airports perform 'advanced' searches on my data with no reasonable cause?
Next month we're either going to hear a story about how border agents infected thousands of devices with ransomware or about people tracking others down from files the border agents 'gave' them. It's trivial to write a little program that copies data off whatever USB device is plugged in or writes something extra to the drive.
CBP is tasked to protect against any illegal items, not just things to harm a plane or drugs, but **anything** brought into the country which would be against the law.
That includes fake clothing, fake shoes, fake purses, and copyright materials like music, movies, and $5 Adobe software from Asia.
It ain't all about bombs.
So the border guards can steal your data without having to give any explanation and without having to fear consequences. And I'm not talking about "MP3 files", I'm talking about company documents, tax documents, industrial documents, all sorts of perfectly legal information that is private property of a company or an individual.
One more reason not to travel to the US, even to tourism.
Religion: The greatest weapon of mass destruction of all time
Probably canâ(TM)t delete anything and those that can are probably scared witless of deleting the wrong stuff.
Why should they? They do whatever the hell they want. Who's going to stop them? Who's going to jail?
So let me get this straight.
Some random customs officer takes a USB stick and puts it into someones laptop. A laptop with total control of its own I/O systems, peripheral ports, and software execution environment. Maybe they try to run some custom software that exists on the USB stick. Maybe they try to boot your machine off their USB stick, or have it somehow run something from the USB stick before you host OS takes control.
Then they take out the USB stick, hopefully wipe it off, and put it into someone else's laptop and do the same thing?
And they think this is a good idea?
I'll leave it up to the reader to see if they can find the problem with this.
Kill any border agent that searches the phone of a US citizen. Death to tyrants.
Plus, is anyone making sure that these thumb drives aren't growing legs? The DHS doesn't have a good track record there. There has been apparently a lot of cases of valuables were mysteriously disappearing while in DHS custody
I need a wheelchair van for my son. Help me get the word out. https://www.gofundme.com/wheelchair-van-for-jj
It's a gotcha procedure, and has nothing to do with protecting anyone or anything. It's simply about catching people in an arbitrary violation of rules in order to extort money or exert power.
That sort of arbitrary game playing is the very essence of government corruption, it's simply a matter of scale and scope. They get away with the little shit they pull, and keep pressing the boundaries until the gotcha games exceed some critical threshold - either populist in nature, or someone with sufficient power and money gets irritated.
Gotcha games should be identified and eliminated by their essential qualities, instead of citizens having to play along. In fact, that's kinda the whole fucking point of the U.S. constitution. These things are only possibly because the core principles have been irrevocably buried in two centuries of corrosive minutiae.
The solution is the modern digitization, review, simplification, and constitutional ratification of all federal law. Fat chance of that ever happening, when known loopholes and ever more nebulous, incoherent laws allow essentially unlimited abuse by the ruling class.
We don't need no steenkin' rules!
We don't need no steenkin' warrant!
We don't need no steenkin' evidence!
"Both searches are legal and don't require a warrant or even probable cause"
How?
You know the one they run on TOR that has the kid pics.
I don't travel often and generally refuse to fly when I do, seeing how air travel has devolved to treating passengers like livestock over the past couple decades. Is there even a "safe" way to travel in and out of the U.S. with any devices (laptops, cellphones) at all? Seems one would be better served by carrying *nothing*, and procuring necessary (disposable) devices when at destination, and discarding them before return trip. If I have nothing on me or in my luggage that has digital content at all, then nothing to search, right?
Seems highly inconvenient, but no way would I be willing to submit so a search of my hardware, for all the many reasons noted elsewhere in this thread...