Er, What Rights *Do* I have at the Border?
February 24, 2017 5:05 PM Subscribe
US citizen flying into the US. Do I have to give the Border Patrol access to all my computer files, social media, etc.? Can they ask for my social media passwords if I don't bring a computer?
What rights, if any, do I have at the border?
I have nothing to hide, I just don't like gummint poking its nose in my bidness.
Per the ACLU, very few rights indeed.
posted by basalganglia at 5:17 PM on February 24, 2017 [5 favorites]
posted by basalganglia at 5:17 PM on February 24, 2017 [5 favorites]
They fundamentally can't keep you from entering the country and they have to allow you to see a lawyer if they are accusing you of a crime. What they don't have to do is offer either of those things before they make you sleep a night in a cell. And that's after the do as vigorous a search of your person as they desire. So in a sense it depends how much you want to force them to be assholes. I mean they know they'll lose, but not before causing you a lot of pain.
posted by JPD at 5:32 PM on February 24, 2017 [2 favorites]
posted by JPD at 5:32 PM on February 24, 2017 [2 favorites]
The ACLU links provided above do say that Border Patrol may not perform unreasonable searches/seizures. If I, as a US citizen, were asked to turn over my computer or smartphone without "reasonable suspicion" of an immigration violation or crime (reasonable suspicion is more than just a "hunch") (quoted from the links provided above), then I would refuse to do so. I know that there are many violations of the law by border patrol, and I have nothing to hide and I also have no requirement to allow an unreasonable search. I'm an unlikely target, as a middle aged white woman, but fuck them if they try to push me.
posted by janey47 at 5:46 PM on February 24, 2017 [4 favorites]
posted by janey47 at 5:46 PM on February 24, 2017 [4 favorites]
That may or may be true, at least until a court decides if the password thing constitutes a reasonable search. They don't need probable cause for a search at the physical border. It's only in the 100 mile buffer where they need a reasonable suspicion.
It's easy to talk tough about this from a place of privilege. And I say that as about the most privileged traveller imaginable.
posted by JPD at 5:59 PM on February 24, 2017 [11 favorites]
It's easy to talk tough about this from a place of privilege. And I say that as about the most privileged traveller imaginable.
posted by JPD at 5:59 PM on February 24, 2017 [11 favorites]
I could be mistaken, but my understanding is:
1) CBP currently has a legal right to search your digital devices without your consent.
2) If password protected, CBP has a legal right to ask for your password.
3) But only a judge may compel you to give up your passwords. (CBP officers may omit this info when trying to coerce you.)
4) They also have the legal right to confiscate your devices for an unspecified amount of time (multiple weeks?)
So in a real world situation you could be confronted with giving up your device for weeks if you refuse to give them the password - a major inconvenience for you, but something I could see them doing just to throw around their power.
This is why EFF and many organizations suggest reducing the amount of data you carry across the border. So you: cloud backup your phone and wipe it before you cross, keep laptop data in the cloud before you cross, or use a chromebook that keeps no data on the laptop. (I'm not sure what happens when you try to explain to a CBP officer what a chromebook is, that it holds no actual data, but I suppose for the chromebook you just give it up and buy a new one because they're so cheap.)
I'm not sure how they're demanding people's social media accounts, since those aren't really pieces of data that are crossing a border. I mean to a certain extent they are cached data, but I'd argue they're cloud apps that exist on facebook's/twitter's/whatever's servers... but it seems that CBP will cross lines until a court tells them to stop, if then.
posted by bluecore at 6:09 PM on February 24, 2017 [3 favorites]
1) CBP currently has a legal right to search your digital devices without your consent.
2) If password protected, CBP has a legal right to ask for your password.
3) But only a judge may compel you to give up your passwords. (CBP officers may omit this info when trying to coerce you.)
4) They also have the legal right to confiscate your devices for an unspecified amount of time (multiple weeks?)
So in a real world situation you could be confronted with giving up your device for weeks if you refuse to give them the password - a major inconvenience for you, but something I could see them doing just to throw around their power.
This is why EFF and many organizations suggest reducing the amount of data you carry across the border. So you: cloud backup your phone and wipe it before you cross, keep laptop data in the cloud before you cross, or use a chromebook that keeps no data on the laptop. (I'm not sure what happens when you try to explain to a CBP officer what a chromebook is, that it holds no actual data, but I suppose for the chromebook you just give it up and buy a new one because they're so cheap.)
I'm not sure how they're demanding people's social media accounts, since those aren't really pieces of data that are crossing a border. I mean to a certain extent they are cached data, but I'd argue they're cloud apps that exist on facebook's/twitter's/whatever's servers... but it seems that CBP will cross lines until a court tells them to stop, if then.
posted by bluecore at 6:09 PM on February 24, 2017 [3 favorites]
(I'm not sure what happens when you try to explain to a CBP officer what a chromebook is, that it holds no actual data, but I suppose for the chromebook you just give it up and buy a new one because they're so cheap.)
You could also just create a dummy account on the Chromebook (or Android phone) before you travel, and offer access to that. The goal is to make it look like you're complying.
posted by My Dad at 6:13 PM on February 24, 2017 [1 favorite]
You could also just create a dummy account on the Chromebook (or Android phone) before you travel, and offer access to that. The goal is to make it look like you're complying.
posted by My Dad at 6:13 PM on February 24, 2017 [1 favorite]
(It's best to assume all of your data can be retrieved from your Android phone or a Chromebook, by the way).
posted by My Dad at 6:15 PM on February 24, 2017
posted by My Dad at 6:15 PM on February 24, 2017
The fact that particular decisions, coersions and instructions from CBP are not lawful is useful theoretical knowledge to hold, but has not stopped them and is only of variable use in the moment. I mean, you can decide that you're willing to be the test case and resist with all guns blazing, which will leave you correctly shouting "you can't do this" while they are doing it anyway.
You can also wipe the data from your phone and change the password for your entry to the US, and be willing to hand over a blank device as your act of resistance.
posted by DarlingBri at 6:19 PM on February 24, 2017 [1 favorite]
You can also wipe the data from your phone and change the password for your entry to the US, and be willing to hand over a blank device as your act of resistance.
posted by DarlingBri at 6:19 PM on February 24, 2017 [1 favorite]
You can't be forced to give up information you don't have. Make sure you don't have, or have access to, any private data at the border.
TL;dr version: Change all passwords to long strings of random characters you can't possibly memorize. Put them in a keystore you have no way to access during travel. Enable two-factor auth when possible, and make sure the second factor isn't with you. Establish the equivalent of a personal "warrant canary".
Shameless self-link: http://mythopoeic.org/opsec
posted by sourcequench at 6:19 PM on February 24, 2017 [14 favorites]
TL;dr version: Change all passwords to long strings of random characters you can't possibly memorize. Put them in a keystore you have no way to access during travel. Enable two-factor auth when possible, and make sure the second factor isn't with you. Establish the equivalent of a personal "warrant canary".
Shameless self-link: http://mythopoeic.org/opsec
posted by sourcequench at 6:19 PM on February 24, 2017 [14 favorites]
The worst possible thing you could do is lie. Then it goes from "they really can't do anything to you except make your life super inconvenient, either with a night in a cell or device confiscation" to "whoops, felony".
I really like the idea of changing passwords to something you can't access, but I can't imagine Joe CBP Agent is going to believe "I don't know the password to this device I'm carrying". That sounds like probable cause.
I'm going to be coming back through customs in about two weeks. I'm planning to do the pointless half-measure of deleting Mail and Slack apps (sensitive data) and removing social media apps and accounts. The rest, whatever.
posted by supercres at 6:41 PM on February 24, 2017 [3 favorites]
I really like the idea of changing passwords to something you can't access, but I can't imagine Joe CBP Agent is going to believe "I don't know the password to this device I'm carrying". That sounds like probable cause.
I'm going to be coming back through customs in about two weeks. I'm planning to do the pointless half-measure of deleting Mail and Slack apps (sensitive data) and removing social media apps and accounts. The rest, whatever.
posted by supercres at 6:41 PM on February 24, 2017 [3 favorites]
supercres: You are right about "don't lie". Don't even shade the truth. Don't use a deniable cryptosystem unless you're ready to go all-in.
"I don't know the password to this device" is indeed a bad look, which is why I'm not going to provide a possibility for that to come up. The "device", in my case, is a SpareOne phone. It's a dumbphone that's so dumb it doesn't even have a screen.
I'll also print out a copy of http://mythopoeic.org/opsec, so if they ask if I have any social media, I can say "X, Y and Z but I have no way to access them right now and here's why". That way, it'll be both true and plausible.
"... it is insufficient to protect ourselves with laws; we need to protect ourselves with mathematics." -- Bruce Schneier
posted by sourcequench at 7:00 PM on February 24, 2017 [5 favorites]
"I don't know the password to this device" is indeed a bad look, which is why I'm not going to provide a possibility for that to come up. The "device", in my case, is a SpareOne phone. It's a dumbphone that's so dumb it doesn't even have a screen.
I'll also print out a copy of http://mythopoeic.org/opsec, so if they ask if I have any social media, I can say "X, Y and Z but I have no way to access them right now and here's why". That way, it'll be both true and plausible.
"... it is insufficient to protect ourselves with laws; we need to protect ourselves with mathematics." -- Bruce Schneier
posted by sourcequench at 7:00 PM on February 24, 2017 [5 favorites]
P.S. Do you know you can by a SpareOne phone with cash in the Target self-checkout lane? And then buy the AT&T GoPhone card at a different store, in a different cash transaction? It's True!
posted by sourcequench at 7:06 PM on February 24, 2017 [13 favorites]
posted by sourcequench at 7:06 PM on February 24, 2017 [13 favorites]
If your phone is locked with a fingerprint, disable it and use a passcode instead. The legality of compelling a biometric unlock is still fairly murky, and not worth the risk.
posted by holgate at 7:42 PM on February 24, 2017 [4 favorites]
posted by holgate at 7:42 PM on February 24, 2017 [4 favorites]
Or power it down before you get to the agent. An iPhone always requires the password, not a thumbprint, on startup.
posted by Johnny Wallflower at 9:28 PM on February 24, 2017 [2 favorites]
posted by Johnny Wallflower at 9:28 PM on February 24, 2017 [2 favorites]
I'll also print out a copy of http://mythopoeic.org/opsec, so if they ask if I have any social media, I can say "X, Y and Z but I have no way to access them right now and here's why". That way, it'll be both true and plausible.
Approaching law enforcement officers with this sort of proactive "I prepared for this ahead of time and now you can't touch me neener neener" stance is a good way to have a really bad time. Please don't do this unless you are actively excited about being hassled and mistreated, probably in deniable or technically-legal ways that won't leave you with any real recourse. (If you are excited about that, as a form of civil disobedience or whatever, then rock on with that I guess. Just know that that's what you're signing up for.)
Two-factor authorization with your second factor left at home seems more reasonable — it's the sort of thing someone might do accidentally, so it doesn't scream "I'm deliberately testing your authority" in the same way. Though it's more likely to go well if you act slightly sheepish about the "mistake" of forgetting your phone the way a normal human would, and less likely to go well if you have a monologue prepared about why this means they have to do what you want now.
posted by nebulawindphone at 12:47 AM on February 25, 2017 [1 favorite]
Approaching law enforcement officers with this sort of proactive "I prepared for this ahead of time and now you can't touch me neener neener" stance is a good way to have a really bad time. Please don't do this unless you are actively excited about being hassled and mistreated, probably in deniable or technically-legal ways that won't leave you with any real recourse. (If you are excited about that, as a form of civil disobedience or whatever, then rock on with that I guess. Just know that that's what you're signing up for.)
Two-factor authorization with your second factor left at home seems more reasonable — it's the sort of thing someone might do accidentally, so it doesn't scream "I'm deliberately testing your authority" in the same way. Though it's more likely to go well if you act slightly sheepish about the "mistake" of forgetting your phone the way a normal human would, and less likely to go well if you have a monologue prepared about why this means they have to do what you want now.
posted by nebulawindphone at 12:47 AM on February 25, 2017 [1 favorite]
If they can compel you to give up passwords, can they compel you to log into, say, iCloud or Gmail? Can they compel you to log into Gmail on their computer?
I guess I'm not sure how the cloud backup helps if they have access to the cloud.
posted by persona au gratin at 1:33 AM on February 25, 2017
I guess I'm not sure how the cloud backup helps if they have access to the cloud.
posted by persona au gratin at 1:33 AM on February 25, 2017
My article on this is not done yet but I've collected some sources here.
posted by Too-Ticky at 2:12 AM on February 25, 2017
posted by Too-Ticky at 2:12 AM on February 25, 2017
Deliberately wiping or bricking your phone seems like a terrible idea, as it basically gives border control something to hold up as 'reasonable suspicion' (see, for e.g. the throwaway line near middle of this article about a Canadian man refused due to a social media profile - "Next time you come through, don’t have a cleared phone").
Were I an American who likely had to enter & exit the country in the next 4 years, I would buy a second phone, and I would make a lovely neutral twitter proile and a lovely neutral facebook profile and a brand new gmail account with which I would sign up to a lot of mailing lists, and I would use them once or twice a week, and I would try to live with the inability to update my 'real' fb or twitter account, and the fact I'd have to give all my friends an 'out of country' email contact everytime I left. Sucks, but probably still better than having to be a non-American at the border atm.
posted by AFII at 3:59 AM on February 25, 2017 [4 favorites]
Were I an American who likely had to enter & exit the country in the next 4 years, I would buy a second phone, and I would make a lovely neutral twitter proile and a lovely neutral facebook profile and a brand new gmail account with which I would sign up to a lot of mailing lists, and I would use them once or twice a week, and I would try to live with the inability to update my 'real' fb or twitter account, and the fact I'd have to give all my friends an 'out of country' email contact everytime I left. Sucks, but probably still better than having to be a non-American at the border atm.
posted by AFII at 3:59 AM on February 25, 2017 [4 favorites]
We recently faced this situation and one over riding difference between U.S. citizens re entering and all others seeking entry is that they cannot (permanently) deny you entry. It's literally your country. They can slow you down (and as a matter of policy they will use this cudgel to compel your compliance - they know most people want to get home quickly. In my case we were in toronto where you pass us immigration on your way to board the U.S.-bound flight, so any resistance to their requests and subsequent delays might mean missing your flight).
At a recent know your rights training I attended the presenters said that all the discussion of fingerprints vs passwords is likely to be moot - if they want to, and for pretty much any reason they conjur - they can just take your locked device and have it processed off sit. Administratively this is allowed so long as they do it with all due speed.
Your 4th amendment rights are limited due to special treatment of borders. That said there is established law that people cannot be barred entry to the U.S. for things which would be protected once inside. First amendment protections being fairly robust, even a sketchy search of your phone that found your anti trump Twitter would not be enough to get you kicked out/denied entry.
Not a lawyer but have been following this pretty closely - all things are subject to change and obviously just because something is legal doesn't mean you as an individual would not be massively inconvenienced trying to prove it so.
posted by Exceptional_Hubris at 5:25 AM on February 25, 2017 [2 favorites]
At a recent know your rights training I attended the presenters said that all the discussion of fingerprints vs passwords is likely to be moot - if they want to, and for pretty much any reason they conjur - they can just take your locked device and have it processed off sit. Administratively this is allowed so long as they do it with all due speed.
Your 4th amendment rights are limited due to special treatment of borders. That said there is established law that people cannot be barred entry to the U.S. for things which would be protected once inside. First amendment protections being fairly robust, even a sketchy search of your phone that found your anti trump Twitter would not be enough to get you kicked out/denied entry.
Not a lawyer but have been following this pretty closely - all things are subject to change and obviously just because something is legal doesn't mean you as an individual would not be massively inconvenienced trying to prove it so.
posted by Exceptional_Hubris at 5:25 AM on February 25, 2017 [2 favorites]
One suggestion if you are concerned about crossing the border more than you are about the implications of the password search is to just go ahead and get global entry. It's like 125 bucks and required fingerprinting and a short interview that really is pretty milquetoast and then when you cross the border you don't even interact with an immigration officer you just run your passport through a machine and use your prints as a secondary ID. Plus there is no line.
posted by JPD at 6:01 AM on February 25, 2017 [2 favorites]
posted by JPD at 6:01 AM on February 25, 2017 [2 favorites]
Re: wiping or sanitizing your phone:
I'm concerned that they may be getting pissed at people trying to circumvent their "authority." Obviously this is a very different situation, but I think suspected sanitized phones may start being cause enough for them to fuck with you.
US Customs block Canadian man after reading his Scruff profile
When he went through secondary inspection at Vancouver airport, US Customs officers didn’t even need to ask for his passwords — they were saved in their own system. But André had wiped his phone of sex apps, browser history and messages, thinking that would dispel any suggestion he was looking for sex work. Instead, the border officers took that as suspicious.
“They went through my computer. They were looking through Word documents,” André says. “I had nude photos of myself on my phone, and they were questioning who this person was. It was really humiliating and embarrassing.”
“They said, ‘Next time you come through, don’t have a cleared phone,’ and that was it. I wasn’t let through. He said I’m a suspected escort. You can’t really argue with them because you’re trapped,” he says.
posted by Room 641-A at 8:19 AM on February 25, 2017
I'm concerned that they may be getting pissed at people trying to circumvent their "authority." Obviously this is a very different situation, but I think suspected sanitized phones may start being cause enough for them to fuck with you.
US Customs block Canadian man after reading his Scruff profile
When he went through secondary inspection at Vancouver airport, US Customs officers didn’t even need to ask for his passwords — they were saved in their own system. But André had wiped his phone of sex apps, browser history and messages, thinking that would dispel any suggestion he was looking for sex work. Instead, the border officers took that as suspicious.
“They went through my computer. They were looking through Word documents,” André says. “I had nude photos of myself on my phone, and they were questioning who this person was. It was really humiliating and embarrassing.”
“They said, ‘Next time you come through, don’t have a cleared phone,’ and that was it. I wasn’t let through. He said I’m a suspected escort. You can’t really argue with them because you’re trapped,” he says.
posted by Room 641-A at 8:19 AM on February 25, 2017
One suggestion if you are concerned about crossing the border more than you are about the implications of the password search is to just go ahead and get global entry.
Actually, that didn't stop CBP from detaining this guy until he unlocked his phone for them, so unfortunately it seems like global entry isn't something that's going to protect you in this situation.
posted by Dante Riordan at 9:58 AM on February 25, 2017
Actually, that didn't stop CBP from detaining this guy until he unlocked his phone for them, so unfortunately it seems like global entry isn't something that's going to protect you in this situation.
posted by Dante Riordan at 9:58 AM on February 25, 2017
When he went through secondary inspection at Vancouver airport, US Customs officers didn’t even need to ask for his passwords — they were saved in their own system.
I would have thought it could go without saying, but in the event that you do give up any passwords or pins on any device you use: once you are clear of the border, you should immediately change every one of them, along with any others that might have been compromised by giving someone free access to your accounts. If you re-use those passwords on other sites (which you should not be doing in the first place), change those too.
posted by Pryde at 2:53 PM on February 25, 2017 [1 favorite]
I would have thought it could go without saying, but in the event that you do give up any passwords or pins on any device you use: once you are clear of the border, you should immediately change every one of them, along with any others that might have been compromised by giving someone free access to your accounts. If you re-use those passwords on other sites (which you should not be doing in the first place), change those too.
posted by Pryde at 2:53 PM on February 25, 2017 [1 favorite]
Meant to add this: If you haven't looked into it, there are many pay as you go phones through services like TracFone, Net10, or Smart Wireless that can allow you to at least get a low-end smart phone, without a contract.
posted by mostly vowels at 5:34 PM on February 26, 2017
posted by mostly vowels at 5:34 PM on February 26, 2017
« Older "The Wind-Up Bird Chronicle": English vs. Russian... | Where to mail-order frozen soups and stews in US? Newer »
This thread is closed to new comments.
posted by workerant at 5:14 PM on February 24, 2017 [10 favorites]