How much of your data should border agents have?
In the early- to mid-1990s, when I was an inspector with what was then called the Immigration and Naturalization Service (INS) and is now called Customs and Border Protection (CBP) working at the Boston Port of Entry, a common, almost daily, practice was to examine the items a foreign visitor was bringing with them into the United States in order to determine whether they were truthful about their reason for visiting the country. Searching through a stranger's personal belongings for evidence of a lie is a unique experience, especially with that stranger standing by as you look through their skivvies and toiletries. Incredibly, the volume of such searches that resulted in evidence of malfeasance even beyond simple illegal employment was startling.
One of the first lessons I learned was that Europeans were far more likely to keep and carry diaries than Americans. As intrusive as it sounds, when investigating a potential intending immigrant posing as a tourist, my colleagues and I would read their diary entries to see if the personal journal included information that contradicted the declarations they made at the border.
For instance, there were countless times I found that that the person who just told me they were coming for a 10-day holiday had, the night before, written their thoughts about the new life they were about to begin in the United States and their plan to work illegally. People rarely lie to themselves in their diaries, and it was damning evidence that led to a refused entry and a long trip back home that same evening.
Today, I reviewed the CBP's recent Privacy Impact for the Border Patrol's Digital Forensics Program and I learned that the diary reviews we employed seem quaint compared to the capabilities available to border agents today. And the privacy implications dwarf those of 25 years ago.
DHS/CBP now has the capability and authority to pull information from personal devices that runs the gamut from contacts, call logs, and text messages to GPS histories, photos, usernames, and social media accounts. While the old fashioned pen-and-page journal might have housed one's deepest, darkest secrets, the now-indispensable cell phone holds all that and more, including things about yourself that you had never considered one might look at in the context of your character. What's more, the data may be retrieved from anyone entering or even exiting the country. And it can all be scanned for possible evidence of terrorism or other criminality. Think about it: most of us have our lives on our phones, and within seconds your life is available for review by federal agents.
Imagine the government being able to download every photo on your phone, including some that you thought you had deleted. Imagine it reviewing every conversation you've had via text that is on your phone at this moment. Consider the power the government has to know everywhere you've been via the cell tower data that the Digital Forensics Program is authorized to retrieve. And there's much more they can access.
One obvious privacy risk articulated in the CBP release is that "individuals do not have notice that USBP may search their electronic devices and conduct forensic examination as part of a border search." This risk is mitigated, says the government, by the fact that this broad policy has been made public. Legally, this is true, and though very few people will read the policy, preparing for one's border crossing is one's own responsibility. The policy information is just a Google search away (NB: DuckDuckGo is said to be far more private, by the way). Practically speaking, however, few people research every regulation governing their trip, and with the size of the Code of Federal Regulations, who could possibly be expected to do so?
It's a brave new world, and it increasingly requires an ever braver new traveler. One can only imagine how a government with less civil liberties might use this technology at the destination country. It's enough to convince me to leave my phone at home next time I travel abroad.