Joining Forces With Criminals, Deviants, and Spies to Defend Privacy

2024 Cybersecurity Predictions


When it comes to crossing the US border, we used to worry about the simple things—too many souvenirs to avoid paying import duties, lines short enough to get to a bathroom in a reasonable timeframe, maybe concerns about which fruits and vegetables could be kept from the last grocery run.

Today, we’ve got one more thing to worry about—invasive searches of our data by the Customs and Border Protection (CBP) agents. Every week brings a new story of a traveler forced to choose between giving up their passwords or having their devices confiscated.

You might be wondering what your organization’s policy might be for employees travelling with important data. Suppose you want your employees to refuse the search—are there any legal options or court decisions that are in your favor?

There are thirteen US courts of appeal, or “circuit courts”. The circuit courts are the primary decision makers for legal precedent, based on appeals from the district courts within their territories. The decisions of the circuit courts are influential and often considered “law of the land”, if there isn’t a Supreme Court case.1 Unfortunately, a decision in one circuit may have nothing in common with that of another. Circuit courts often follow their own prior opinions and may not follow those of other circuits, which leads to the practice of “forum shopping”—choosing to pursue your case where there are favorable prior opinions.

You might not be surprised to learn there are favorable circuit court precedents for a principled stand against these searches—but to use them, you’ll need to ally yourself with some unsavory characters.

In the western US, the 9th Circuit found in 2013 that “Notwithstanding a traveler’s diminished expectation of privacy at the border, the search is still measured against the Fourth Amendment’s reasonableness requirement, which considers the nature and scope of the search.”

United States v. Cotterman2 stems from the case of a registered sex offender found to be in possession of child pornography. The judge in Cotterman not only recognized the normalcy of password protection of data, the court pointed out:

 

National standards 
require that users of mobile electronic devices password protect their files. See generally United States Department of Commerce, Computer Security Division, National Institute of Standards and Technology, Computer Security (2007) (NIST Special Publication 800-111). Computer users are routinely advised—and in some cases, required by employers—to protect their files when traveling overseas. See, e.g., Michael Price, National Security Watch, 34-MAR Champion 51, 52 (March 2010)

 



Source link
lol

When it comes to crossing the US border, we used to worry about the simple things—too many souvenirs to avoid paying import duties, lines short enough to get to a bathroom in a reasonable timeframe, maybe concerns about which fruits and vegetables could be kept from the last grocery run. Today, we’ve got one more…

Leave a Reply

Your email address will not be published. Required fields are marked *