9th Circuit Appeals Court: 4th Amendment Applies At The Border; Also: Password Protected Files Shouldn't Arouse Suspicion

from the well-that's-a-surprise dept

Officer Alvarado turned on the devices and opened and viewed image files while the Cottermans waited to enter the country. It was, in principle, akin to the search in Seljan, where we concluded that a suspicionless cursory scan of a package in international transit was not unreasonable.

It is the comprehensive and intrusive nature of a forensic examination—not the location of the examination—that is the key factor triggering the requirement of reasonable suspicion here....



Notwithstanding a traveler’s diminished expectation of privacy at the border, the search is still measured against the Fourth Amendment’s reasonableness requirement, which considers the nature and scope of the search. Significantly, the Supreme Court has recognized that the “dignity and privacy interests of the person being searched” at the border will on occasion demand “some level of suspicion in the case of highly intrusive searches of the person.” Flores-Montano, 541 U.S. at 152. Likewise, the Court has explained that “some searches of property are so destructive,” “particularly offensive,” or overly intrusive in the manner in which they are carried out as to require particularized suspicion. Id. at 152, 154 n.2, 155–56; Montoya de Hernandez, 473 U.S. at 541. The Court has never defined the precise dimensions of a reasonable border search, instead pointing to the necessity of a case-by-case analysis....

You mostly store everything on your laptop. So, unlike a suitcase that you're bringing with you, it's the opposite. You might specifically choose what to exclude, but you don't really choose what to include.

The reason you bring the contents on your laptop over the border is because you're bringing your laptop over the border. If you wanted the content of your laptop to go over the border you'd just send it using the internet. There are no "border guards" on the internet itself, so content flows mostly freely across international boundaries. Thus if anyone wants to get certain content into a country via the internet, they're not doing it by entering that country through border control.

The amount of private information carried by international travelers was traditionally circumscribed by the size of the traveler’s luggage or automobile. That is no longer the case. Electronic devices are capable of storing warehouses full of information. The average 400-gigabyte laptop hard drive can store over 200 million pages—the equivalent of five floors of a typical academic library.... Even a car full of packed suitcases with sensitive documents cannot hold a candle to the sheer, and ever-increasing, capacity of digital storage.



The nature of the contents of electronic devices differs from that of luggage as well. Laptop computers, iPads and the like are simultaneously offices and personal diaries. They contain the most intimate details of our lives: financial records, confidential business documents, medical records and private emails. This type of material implicates the Fourth Amendment’s specific guarantee of the people’s right to be secure in their “papers.”.... The express listing of papers “reflects the Founders’ deep concern with safeguarding the privacy of thoughts and ideas—what we might call freedom of conscience—from invasion by the government.”... These records are expected to be kept private and this expectation is “one that society is prepared to recognize as ‘reasonable.’”



Electronic devices often retain sensitive and confidential information far beyond the perceived point of erasure, notably in the form of browsing histories and records of deleted files. This quality makes it impractical, if not impossible, for individuals to make meaningful decisions regarding what digital content to expose to the scrutiny that accompanies international travel. A person’s digital life ought not be hijacked simply by crossing a border. When packing traditional luggage, one is accustomed to deciding what papers to take and what to leave behind. When carrying a laptop, tablet or other device, however, removing files unnecessary to an impending trip is an impractical solution given the volume and often intermingled nature of the files. It is also a time-consuming task that may not even effectively erase the files.

It is as if a search of a person’s suitcase could reveal not only what the bag contained on the current trip, but everything it had ever carried.

With the ubiquity of cloud computing, the government’s reach into private data becomes even more problematic.12 In the “cloud,” a user’s data, including the same kind of highly sensitive data one would have in “papers” at home, is held on remote servers rather than on the device itself. The digital device is a conduit to retrieving information from the cloud, akin to the key to a safe deposit box. Notably, although the virtual “safe deposit box” does not itself cross the border, it may appear as a seamless part of the digital device when presented at the border. With access to the cloud through forensic examination, a traveler’s cache is just a click away from the government.

To these factors, the government adds another—the existence of password-protected files on Cotterman’s computer. We are reluctant to place much weight on this factor because it is commonplace for business travelers, casual computer users, students and others to password protect their files. Law enforcement “cannot rely solely on factors that would apply to many law-abiding citizens,” ... and password protection is ubiquitous. National standards require that users of mobile electronic devices password protect their files.... Computer users are routinely advised—and in some cases, required by employers—to protect their files when traveling overseas....

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community. Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis. While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Here's a surprise ruling. For many years we've written about how troubling it is that Homeland Security agents are able to search the contents of electronic devices , such as computers and phones at the border, without any reason. The 4th Amendment only allowssearches, usually with a warrant. But the general argument has long been that, when you're at the border, you're not in the country and the 4th Amendment doesn't apply. This rule has been stretched at times, including the ability to take your computer and devices into the country and search it there, while still considering it a "border search," for which the lower standards apply. Just about a month ago, we noted that Homeland Security saw no reason to change this policy.Well, now they might have to.In a somewhat surprising 9th Circuit ruling (en banc, or in front of the entire set of judges), the court ruled that the, that agents do need to recognize there's an expectation of privacy, and cannot do a search without reason. Furthermore, they noted that merely encrypting a file with a passwordto trigger suspicion. This is a huge ruling in favor of privacy rights.The ruling is pretty careful to strike the right balance on the issues. It notes that aat the border is reasonable:But going deeper raises more questions. Looking stuff over, no problem. Performing a forensic analysis? That goes too far and triggers the 4th Amendment. They note that the location of the search is meaningless to this analysis (the actual search happened 170 miles inside the country after the laptop was sent by border agents to somewhere else for analysis). So it's still a border search, but that border search requires a 4th Amendment analysis, according to the court.For years, we've repeated two key arguments for why border searches of laptops and other devices should be illegal.We'd never seen a court even seem to acknowledge that content on devices is different than contents in a suitcase... until now. One interesting tidbit, is that they specifically note that "secure in their papers" part of the 4th Amendment, while noting that what's on your device is often like your personal "papers."Huh. That last paragraph sounds a lot like my argument above. Very cool to see a court actually recognize this basic point. Considering it had been ignored for so long, I'd almost given up hope.In this case, they also noted that part of the forensic analysis of the computer involved restoring deleted files, and note:The court is equally worried about the fact that the device is often just a portal to cloud based services, and how a search of a device might lead to access to that data, even if it's been snug and secure "in the cloud" the whole time, rather than crossing the border:Of course, this doesn't mean that no searches can ever take place. Instead, they just need to be "reasonable" and live up to the standards of the 4th Amendment. In fact, inthey still say that there"reasonable suspicion to conduct the initial search, and that appears like it may be a legitimate claim (the guy had a previous conviction for child molestation, which the agents believed -- incorrectly, but they believed it at the time -- was for child porn). But for everyone else, where there is no reasonable suspicion, our 4th Amendment protections just got stronger (at least if you're entering the country in an area covered by the 9th Circuit (covering California, Alaska, Arizona, Hawaii, Oregon, Nevada, Washington, Idaho and Montana).There's one other important part of the ruling as well. In discussing the "reasonable suspicion" the court agrees it was there because of the prior conviction, as well as the fact that guy was travelling from Mexico which is "a country associated with sex tourism." However, the government also argued that password protected files gave them reasonable suspicion, and thankfully the court slaps them down:There are some dissenting opinions, basically suggesting that this upturns more settled law, but the majority ruling makes a strong case for why the Supreme Court has actually not really directly answered this question before, but has tiptoed carefully around it. Still, it seems likely that there will be an appeal to the Supreme Court, so this probably isn't over yet. Hopefully, the Supreme Court will uphold this important ruling, and recognize that we don't give up our 4th Amendment rights at the border.

Filed Under: 4th amendment, border search, border searches, computers, dhs, ice, passwords, privacy, reasonable suspicion