February 9, 2008
You might have thought that US border controls were simply focused on keeping out the likes of Lily Allen and Amy Winehouse, who might well reduce the entire country to rubble (OK, they recanted).
But some companies now have a different issue. According to The Washington Post, Radius has now "tightened its data policies so that traveling employees must access company information remotely via an encrypted channel, and their laptops must contain no company information." Also:
At least two major global corporations, one American and one Dutch, have told their executives not to carry confidential business material on laptops on overseas trips, Gurley said. In Canada, one law firm has instructed its lawyers to travel to the United States with "blank laptops" whose hard drives contain no data. "We just access our information through the Internet," said Lou Brzezinski, a partner at Blaney McMurtry, a major Toronto law firm. That approach also holds risks, but "those are hacking risks as opposed to search risks," he said.
The problem is that the US border authorities now argue that they can search (or even take away and copy) your laptop, mobile phone or other device just as though it was a suitcase.
"It should not matter . . . whether documents and pictures are kept in ‘hard copy’ form in an executive’s briefcase or stored digitally in a computer. The authority of customs officials to search the former should extend equally to searches of the latter," the government argued in the child pornography case being heard by a three-judge panel of the Court of Appeals for the 9th Circuit in San Francisco.
The Post quotes Mark Rasch, a technology security expert with FTI Consulting and a former federal prosecutor:
"Your kid can be arrested because they can’t prove the songs they downloaded to their iPod were legally downloaded," he said. "Lawyers run the risk of exposing sensitive information about their client. Trade secrets can be exposed to customs agents with no limit on what they can do with it. Journalists can expose sources, all because they have the audacity to cross an invisible line."
I thought the US appeal courts had already established that US border officials could do whatever they liked, following the Romm case. Also, I’d argue that companies should already be making sure that no sensitive information is accessible on a portable device simply because these are so easily lost or stolen. That applies regardless of any border controls, though they might remind a few companies of the risks involved.
Incidentally, there’s nothing new about this from a UK point of view. Britain is on track to become the world’s leading surveillance society, and Her Majesty’s Customs and Excise have already tried scanning traveller’s laptops for pornography, though apparently it’s not as fruitful as just intercepting emails. According to a report from The Daily Telegraph, quoted in 1998:
A spokesman for Customs and Excise said officials would routinely scan laptops for illegal material such as pornography. Encrypted files will be treated in the same way as a ordinary luggage. "So far as we are concerned, there is no difference between an encrypted file and a locked suitcase," said the spokesman. "All travellers entering the country should
be prepared to have their equipment scanned."
I’ve always had outstandingly good service from the US Embassy in London, and I’ve never had any equipment scanned at a border. Have you seen it happen, or has it happened to you?