“On March 9, just three days after President Trump signed off his second attempt at a travel ban from Muslim-majority countries, U.S. Immigration and Customs Enforcement (ICE) ordered $2 million worth of what’s believed to be some of the most powerful phone and laptop hacking technology available,” Thomas Fox-Brewster writes for Forbes. “The tech was sold by the U.S. government’s go-to supplier when it wants to raid the contents of individuals’ digital lives, Israeli supplier Cellebrite, as revealed in public records on a purchase order discovered by Forbes. Together with evidence the DHS Agency went on a hacking tool shopping spree after Trump came into power, in which it spent record sums on Cellebrite and its competitors, the contracts have sparked alarm amongst privacy activists anxious about unnecessarily invasive searches of travelers’ devices.”
“ICE’s Mission Support unit in Dallas, Texas, made the massive order of Cellebrite Universal Forensic Extraction Devices (UFEDs), which have the ability to crack open mobile devices and rapidly rip out all the data inside for cops to poke through. Such Mission Support units work within ICE’s Homeland Security Investigations division; one of its core roles is the execution of forensic searches on devices coming in at the border,” Fox-Brewster writes. “And, according to other public contracts, it appears ICE is spending record sums on its other favorite hacking tools from two of Cellebrite’s biggest rivals: Russia’s Oxygen Forensics and Canada’s Magnet Forensics.”
“The number of border searches has also risen at an astonishing rate, both in President Obama’s last year and even more so once Trump was in the White House. It was recently reported the Department of Homeland Security searched 5,000 devices at the border in February 2017 alone, up from 5,000 for the entirety of 2015,” Fox-Brewster writes. “ICE is one of the two main agencies with the authority to search devices entering the country alongside Customs and Border Protection. Typically, CBP (also a Cellebrite customer) is the first port of call for intercepting devices as people land in America, but it often passes them on to ICE agents for more in-depth forensics. It appears ICE may have greater search powers too, in that CBP requires supervisory approval when copying a phone’s contents, whereas ICE does not, according to official guidance obtained by MuckRock. The two continue to work closely together under the Trump administration, which has tasked them with upping their efforts to detain and deport immigrants without the proper documentation, even if they haven’t broken the law.”
MacDailyNews Take: Technically, as anyone who’s traveled to and from the U.S. knows/should know, anyone who attempts to enter the U.S. “without the proper documentation” has already broken the law.
See Title 8, Section 1325 of the U.S. Code (U.S.C.), or Section 275 of the Immigration and Nationality Act (I.N.A.) for the exact statutory language.
“Currently, the U.S. government does not believe it requires a warrant to search devices on people passing into the country, even if they amount to what Bhandari described as ‘digital strip searches,'” Fox-Brewster writes. “But the administration is being taken to task by the ACLU and others over its claim that Fourth Amendment privacy protections do not apply at the border.”
Read more in the full article here.
MacDailyNews Take: Regarding American citizens, as we wrote last month:
Until/unless some legal clarification(s)/protection(s) arise, [U.S] travelers concerned about their privacy could extend their Fourth Amendment rights around the world by using a “traveler phone” that only contains what you want it to contain. “Sure, ossifer, here’s my iPhone and Passcode. Have at it!”
Barring that tactic, look to the cloud:
“Since at least the Snowden disclosures, conventional wisdom has been that your data is safest in your immediate physical possession, rather than the cloud, because while general warrants can (apparently) be issued against cloud data, media in one’s possession is immune to anything but an old fashioned physical search,” Ken Kinder writes for Hacker Noon. “But in the case of a border crossing, the cloud actually becomes a safer place, provided your laptop or cell phone doesn’t have access to it. As long as there’s no nexus between your device and the cloud, you aren’t crossing the border with that cloud data, so it’s not subject to search (bold emphasis added- MDN Ed.).”
“Since cloud data is immune from a border search, you can encrypt your data, store it in the cloud, wipe your devices prior to crossing, then restore your data after crossing in relative safety,” Kinder writes. “This is, obviously, an arduous process… Even worse, traveling is when we use our devices most. We entertain ourselves on planes, find amenities at airports, and even change itineraries during travel using those devices. To ameliorate some of the pain, I am creating special ‘travel-only’ Google accounts and user profiles on my devices, which will remain active while I travel.”
Much more in the full article here.
American citizens: U.S. border agents can search your iPhone – March 14, 2017
[Thanks to MacDailyNews Reader “Lynn Weiler” for the heads up.]