Border Agents Fail To Delete Personal Data of Travelers After Electronic Searches, Watchdog Says

The Department of Homeland Security's internal watchdog, known as the Office of the Inspector General (OIG) found that the majority of U.S. Customs and Border Protection (CBP) agents fail to delete the personal data they collect from travelers' devices. Last year alone, border agents searched through the electronic devices of more than 29,000 travelers coming into the country. "CBP officers sometimes upload personal data from those devices to Homeland Security servers by first transferring that data onto USB drives -- drives that are supposed to be deleted after every use," Gizmodo reports. From the report: Customs officials can conduct two kinds of electronic device searches at the border for anyone entering the country. The first is called a "basic" or "manual" search and involves the officer visually going through your phone, your computer or your tablet without transferring any data. The second is called an "advanced search" and allows the officer to transfer data from your device to DHS servers for inspection by running that data through its own software. Both searches are legal and don't require a warrant or even probable cause -- at least they don't according to DHS. It's that second kind of search, the "advanced" kind, where CBP has really been messing up and regularly leaving the personal data of travelers on USB drives.

According to the new report [PDF]: "[The Office of the Inspector General] physically inspected thumb drives at five ports of entry. At three of the five ports, we found thumb drives that contained information copied from past advanced searches, meaning the information had not been deleted after the searches were completed. Based on our physical inspection, as well as the lack of a written policy, it appears [Office of Field Operations] has not universally implemented the requirement to delete copied information, increasing the risk of unauthorized disclosure of travelers' data should thumb drives be lost or stolen." The report also found that Customs officers "regularly failed to disconnect devices from the internet, potentially tainting any findings stored locally on the device." It also found that the officers had "inadequate supervision" to make sure they were following the rules. There's also a number of concerning redactions. For example, everything from what happens during an advanced search after someone crosses the border to the reason officials are allowed to conduct an advanced search at all has been redacted.

Re:Confirmation is nice but...

[rtb61]

Let's all guess why they are keeping it secret. I'll bet pretty much anything, that a bunch of customs agents where going through attractive women's photo albums and pilfering images used for sexting, oh yeah and doing it a lot.

Re:When will people wake up?

[ShanghaiBill]

The Constitution only applies to U.S Citizens.

No it doesn't. The Constitution does not confer rights. It places restrictions on the government. The First Amendment says: "Congress shall make no law.... It doesn't say "no law except on foreigners". No where in the Bill of Rights does it say they only apply to citizens.

These searches are applied to non citizens trying to gain entry to our country.

Wrong. Anyone, citizen or non-citizen, is subject to search when crossing a border, or within the border area.

Re:So...

[wonkey_monkey]

What's to stop you encrypting your data and storing it somewhere on the internet instead of taking a physical copy through a checkpoint?

If a terrorist wants to bomb a plane, he's going to need to smuggle a bomb past security, so checking people for bombs isn't exactly a stupid idea (whether the balance between safety, security, privacy, and theatrics is good is a whole different matter). But if he's got some "terrorist data" to move around, why would he physically carry it?

So...

[TheDarkMaster]

So the border guards can steal your data without having to give any explanation and without having to fear consequences. And I'm not talking about "MP3 files", I'm talking about company documents, tax documents, industrial documents, all sorts of perfectly legal information that is private property of a company or an individual.

One more reason not to travel to the US, even to tourism.

Thumb drive prophylaxis

[pipedwho]

So let me get this straight.

Some random customs officer takes a USB stick and puts it into someones laptop. A laptop with total control of its own I/O systems, peripheral ports, and software execution environment. Maybe they try to run some custom software that exists on the USB stick. Maybe they try to boot your machine off their USB stick, or have it somehow run something from the USB stick before you host OS takes control.

Then they take out the USB stick, hopefully wipe it off, and put it into someone else's laptop and do the same thing?

And they think this is a good idea?

I'll leave it up to the reader to see if they can find the problem with this.

Re:Thumb drive prophylaxis

[morethanapapercert]

That could be the plot of a decent movie. DHS decides to spend a LOT more attention on tourists coming in and out of Las Vegas during the Black Hat conference. Licking their chops in anticipation of all the grey and black hats they're gonna catch. But word of this plan leaks and attendance to the Con spikes massively as hacker and cracker folk from all over the world rush to Las Vegas in hopes of scoring the major coup of being the one who provided the poison pill mobile device that brought the DHS system down. Security checkpoints buckle under the unexpected load, supervisors calling in everybody for unscheduled overtime, the whole thing blowing up and social media, some grey hats going through security over and over, with ever decreasingly plausible disguises to see what it takes to make the overwork slobs on the front lines go "wait a second..." And then, when misery is at its peak, someone's carefully crafted data finds a weakness in the data upload system and brings down the DHS-NOC links for every customs point in America and a few in other countries.

TALK ABOUT BRAGGING RIGHTS. It's xkcd's Bobby Tables gone hard core.

(innocent look) Does any one know if DHS sanitizes its data inputs?

Re:When will people wake up?

[morethanapapercert]

The irony of someone promoting this sort of thinking while using the handle AHuxley is just staggering. You do know that Aldous was on the left side of the political spectrum right? He was a humanist, cherished the value of human beings over the systems humans create to serve their needs.