Borderline Privacy
K.T. Oslin won Best Country Vocal Performance at the 1988 Grammies for a song about three girls who grew up to be ‘80s Ladies – one of whom was a “borderline fool” who crossed that border every chance she got. While the song and, perhaps, the singer won’t be remembered today, this notion of being foolish crossing borders should be borne in mind when one considers personal electronics and travel.
The topic was brought back into focus last week by a Washington Post report that the ACLU had launched a lawsuit concerning laptops and smartphones, claiming that the U.S. government should have a “reasonable suspicion” that a crime has been or is about to be committed before reviewing information held on such devices.
The issue of laptops and borders is not new but past cases haven’t had “sympathetic” plaintiffs. This time, however, the ACLU may have gotten some decent facts that won’t undermine their legal arguments.
In May, Pascal Abidor, a 26-year-old doctoral student and dual U.S.-French citizen, was on an Amtrak train from Montreal to New York. A CBP officer examined Abidor’s two passports, which contained visas for Jordan, Syria and Lebanon, and, after turning on his laptop and ordering entry of his password, examined its contents.
Perhaps complicating Abidor’s life is that he is conducting research on the history of Shiites in Lebanon through the Islamic studies program at McGill University, and frequently travels to conduct research (hence the visas). The laptop had images of rallies by the militant Islamist groups Hamas and Hezbollah.
The upshot? He was handcuffed, detained for three hours, and lost his laptop and external hard drive for 11 days. It was subsequently determined that the American CBP had thoroughly examined the hard drive which also contained personal photos, a transcript of a chat with his girlfriend, copies of e-mail correspondence, class notes and his tax returns.
According to the Post article, the ACLU asserts that, between October 2008 and June 2010, some 6,671 travelers, forty-five percent of whom were American citizens, had laptops or other devices searched.
The United States has a formal policy on the subject of laptop border searches readily available; Canada doesn’t. We do, however, have case law. In R. v. Simmons, the Supreme Court of Canada, expressly addressing s. 98 of the Customs Act (the legal provision providing the necessary authority) and ruled on the constitutionality of warrantless customs searches.
In relying in part on language found in Hunter v. Southam, the Chief Justice stated quite plainly:
“I accept the proposition advanced by the Crown that the degree of personal privacy reasonably expected at customs is lower than in most other situations. People do not expect to be able to cross international borders free from scrutiny. It is commonly accepted that sovereign states have the right to control both who and what enters their boundaries. For the general welfare of the nation the state is expected to perform this role. … Consequently, travellers seeking to cross national boundaries fully expect to be subject to a screening process. This process will typically require the production of proper identification and travel documentation and involve a search process beginning with completion of a declaration of all goods being brought into the country. Physical searches of luggage and of the person are accepted aspects of the search process where there are grounds for suspecting that a person has made a false declaration and is transporting prohibited goods.”
So, in Canada, a search without a warrant at the border does not offend section 8 of the Canadian Charter of Rights and Freedoms. Simmons seems to have been accepted for the “common sense” proposition that countries have the right to prevent the importation of undesirable “stuff” (be they physical goods or electronic materials) and such a search does not violate one’s reasonable expectation of privacy.
One can readily find advice as to what to do when presented with the need to take a laptop over the border, including this nice article from the CBA. Essentially, don’t have anything personal on your laptop if you cross a border. All of this, of course, may well turn out to be an academic point in five years if we all move to the Cloud.
But we should bear in mind that Simmons was about a “physical search” and decided in 1988 – eons before laptops were graduation presents to high school students; well before Blackberry was a gleam in anyone’s eye and certainly long before iPads reduced portable computing to an envelope-size device. We have an increased reliance on these ubiquitous devices and, as Mr. Abidor found out, there is no distinction between “business” and “personal” data at the border. Unless there is a change in how we think about laptops and other portable devices and their role in our lives, we’re going to have to accept that one takes a device across a border at one’s own peril.
Because Simmons was a physical search case, I’d suggest that an argument could be made that it shouldn’t necessarily be extended to electronic devices. In this day and age, just because something’s on a device when you present yourself at a border shouldn’t mean you have less rights. This doesn’t necessarily damage the mission of the Canada Border Security Agency. After all, people will soon realize that they should not have anything “bad” on devices (and will simply store it in the Cloud).
When people talk about “reasonable” expectations of privacy, it seems we think only in terms of its diminution. Maybe we should start presenting arguments about an increased expectation of privacy where the “form” of the device or its “location” are irrelevant. Maybe it’s time we focus on our expectations as to “content”.
In newspaper articles I read about the USA Border police routinely visited places, like bus and train stations, within 100 miles of the Canadian border. They look for people who they deem suspicious and ask them if they are visitors, have current visa’s,etc. If they have any doubts thereafter, they search, arrest or hold for further investigation. It was raised that NY city is within 100 miles of the Eastern USA border and the authorities said that, though they technically could stop and interrogate there, it was not in their intention to do so.
The forgoing brings up the issues of a person being near a border but not attempting to cross it; and equally, what about people and things leaving a country?
I equate the search of an electronic device to the search of a file cabinet or a letter. If the documentary contents (i.e. papers) of a locked cabinet, box or sealed envelope are subject to unrestricted (a.k.a. suspicionless searches and copying) when shipped across the border then the same rules should apply to electronic devices. However, if reasonable and probable grounds are required to search or copy the contents of boxes, cabinets or paper documents, then the same rules should apply to electronic devices.
My concern with this issue is that the US Border Search Doctrine allows the Customs and Border Patrol to copy my hard drive and examine it at their leisure. How is this different from opening and copying the contents of every letter sent across the border? They can also order that I relinquish any encryption keys so they can examine encrypted contents. As a business man with sensitive client data (file encrypted on an encrypted drive) on my computer and having had the need to regularly cross the border to deal with those clients, I feel that they’re going too far. The policy as it currently stands is an invasion of my and my clients’ privacy.
Sure, search my electronic device to make sure it is what it is supposed to be and isn’t being used to hide drugs, explosives or other contraband. I’m OK with that. But, searching and copying private files without RPG is going too far. If you have some evidence that I may be a pedophile or terrorist, then by all means search the contents of my computer but if not, leave my privacy alone. The searching won’t catch the smart person anyway. They’ll just find another way (and probably already do) to circumvent the border search (e.g. retrieval from within the US across the Internet using VPN).