I know that this (http://www.clickondetroit.com/news/27564088/detail.html) will walk a fine line in relation to the non-LEO threads permitted here at M4C. In order to avoid that taboo subject let's focus on whether state officials should be permitted to use an extraction device on your cell phone, your laptop or other digital devices.

As mentioned in the video people are having their laptops, digital cameras, etc searched at border crossings quite frequently now. No warrant needed and no probable cause necessary. Google it for more info.

I wonder how that will play as we all move toward remote storage "in the cloud" of most or all of our sensitive data. It wouldn't do them any good to search the device, since little or nothing will, someday soon, be stored locally on it. That option already exists, of course, but the technique hasn't gone easily mainstream yet.

I'm currently taking a digital forensics class and all I can offer is what my instructors, digital forensic investigators state in class.

There are strict statutory and juridical limits to what can be done relevant to digital searches.

There is no present legal authority or precedent to simply download all of your data. Per DOJ guidelines, even with a warrant searches must be strictly confined to the digital information specified in the warrant. For example if a person is being investigated for pirated music/movies, there is no authority to wholesale search of irrelevant data such as word/text documents on that computer.

Relevant to border crossings, I'd have to see the details, the reporter says that the ACLU claims that DHS is doing digital searches, but there weren't any details.

If it happens to you, I'd simply say "get a warrant."

Relevant to border crossings, I'd have to see the details, the reporter says that the ACLU claims that DHS is doing digital searches, but there weren't any details.

If it happens to you, I'd simply say "get a warrant."

And they will say, "Assume the position."

Recent Appeals/SCOTUS decisions have pretty much made the Constitution Not Applicable in the border area.

As usual, bad law comes from bad facts, as this shows:

Welcome to the U.S., We’ll Take Your Laptop Now (http://blogs.forbes.com/marcwebertobias/2011/04/13/welcome-to-the-u-s-well-take-your-laptop-now/?utm_source=allactivity&utm_medium=rss&utm_campaign=20110413)

While the Supreme Court has recognized three exceptions to the border search doctrine (which may require a heightened suspicion for more detailed or delayed searches), the general rule is that whatever you carry with you into the U.S. you can expect to be searched and that you have tacitly agreed to such a search.

From the article...


...may contain questionable data when you enter the United States, it may be analyzed by Border Protection agents, either at the point of entry, or at a forensic lab off-site. So long as their actions are reasonable, and the scope of the intrusion and the duration of the deprivation is not egregious, the search will be deemed constitutional.

So one there needs to be some form of p/c that says the data is questionable. Just because you've got data doesn't mean that it's questionable. Actions also have to be reasonable, in other words there has to be a reasonable belief that a crime is being committed.

Suffice to say that I can only go by what I've been taught but a wholesale search of everything on anyone's computer, simply because the BP agent is having a bad day, isn't permissible according to DOJ guidelines.

As with everything just because it shouldn't happen doesn't mean it doesn't so more details are needed. For such a searches to be effective they would have to be targeted to the right people or else there would be huge wastes of time as everyone who enters the US who has a computer has it analyzed. "Duration of Deprivation" is also relevant since forensic analysis isn't a 3-5 minute search. At best it's like 3-5 hours even if you know what you're looking for, and depending on the size of the device potentially 3-5 days.

We were advised by our lawyers that anything electronic is fair game at the border. Remember that it is not just our border you have to worry about. The only critical docs I'd take into china would be red herrings.

Cloud based storage overseas? That could be interesting is since it seems the eu protects personal data more than we do.

There are strict statutory and juridical limits to what can be done relevant to digital searches.

There is no present legal authority or precedent to simply download all of your data. Per DOJ guidelines, even with a warrant searches must be strictly confined to the digital information specified in the warrant. For example if a person is being investigated for pirated music/movies, there is no authority to wholesale search of irrelevant data such as word/text documents on that computer.

I'm curious to know if they've covered anything like what the PD is doing in the linked article? Me personally I'm of the same frame of mind and telling them to piss off and get a warrant. Problem is with password blocked information they then confiscate whatever property is yours and send it off to a forensics lab to be analyzed.

I miss the Constitution.

I'm curious to know if they've covered anything like what the PD is doing in the linked article?

The article is kind of short of details on what they're actually doing. Are they stopping an individual on whom there is a sealed warrant and then looking for specific information? Or are they stopping random motorists and getting all, or a very limited amount of data?

I think this has to be investigated further but this would fall under DOJ guidelines and so is different than a border/customs search. Michigan State Police isn't a border enforcement mechanism and so wouldn't apply. Even still if my reading of the SCOTUS border case is correct, there has to be a reasonable belief in smuggling or some other illegal activity. They just can't search everyone/anyone. Actually such random searches would be counter-productive.


Me personally I'm of the same frame of mind and telling them to piss off and get a warrant. Problem is with password blocked information they then confiscate whatever property is yours and send it off to a forensics lab to be analyzed.

My sense is that they couldn't really do this without some form of reasonable belief of criminality, like being on a terrorism or DEA watchlist. Even if the search was based on this watchlist, they can't just search any incriminating information wholesale. SCOTUS has already ruled against this. According to DOJ standards search/analysis has to be targeted/focused.

If it were to happen to me, I'd still ask them for a warrant. As spelled out I consider this a violation of my Constitutional rights.

Encrypt your hard drives or at least one directory.

there's nothing on any of my personal electronic devices that i can't stand to have somebody see to begin with. i don't pirate music, look at kiddie porn, or even regular porn. to me, it's not that they'll see "my stuff," it's the violation that bothers me. the pure, blatant disregard for individual liberty. who cares if they will find anything incriminating on my personal electronic devices? the worse crime is the violation of my rights to begin with.

there's nothing on any of my personal electronic devices that i can't stand to have somebody see to begin with. i don't pirate music, look at kiddie porn, or even regular porn. to me, it's not that they'll see "my stuff," it's the violation that bothers me. the pure, blatant disregard for individual liberty. who cares if they will find anything incriminating on my personal electronic devices? the worse crime is the violation of my rights to begin with.

With all due respect, most people have no idea what is on their computer. Here is an example of 2 Million people who were unaware their computer was part of a botnet.

http://newhaven.fbi.gov/dojpressrel/pressrel11/nh041311.htm

We are so far beyond "Big Brother" it's not even funny. Privacy is a concept of the past. In the digital age unless your Gene Hackman or Kevin Smith living off the grid in a Faraday cage your information is compromised. All personal eletronic devices have backdoors to which the likes of NSA and GCHQ "monitor". Under our current system of goverment the information "collected" is not admissible in court for obvious reasons.

Remember when the UAE wanted to ban Blackberries? It was not due to religion.

Currently there are sixteen US intelligence agencies that have a paper trail. The average US tax payer can name what. . .two or three at the most?

With all due respect, most people have no idea what is on their computer. Here is an example of 2 Million people who were unaware their computer was part of a botnet.

http://newhaven.fbi.gov/dojpressrel/pressrel11/nh041311.htm

Coreflood is a bit different. Those that had compromised machines aren't being prosecuted and they're actually being detached from the botnet.

There are ways to determine whether someone put something on your system, whether you accessed something accidentally or whether you downloaded/accessed it willingly/repeatedly.

Encrypt your hard drives or at least one directory.

Indeed. TrueCrypt and GPG are your friends.

And I do not "have anything to hide." I do, however, have very, very sensitive corporate data on my laptop that nobody needs to see. That applies to an $11 per hour TSA employee, or a member of China's Ministry of Public Security.

I'm curious to know if they've covered anything like what the PD is doing in the linked article? Me personally I'm of the same frame of mind and telling them to piss off and get a warrant. Problem is with password blocked information they then confiscate whatever property is yours and send it off to a forensics lab to be analyzed.

I miss the Constitution.

Sure wish someone would do an investigation to see what became of it! :(

Indeed. TrueCrypt and GPG are your friends.

And I do not "have anything to hide." I do, however, have very, very sensitive corporate data on my laptop that nobody needs to see. That applies to an $11 per hour TSA employee, or a member of China's Ministry of Public Security.

What's wrong with the good old American "It's none of your ****ing business?"

Here's a helpful hint for TrueCrypt users: if you encrypt your drive properly, it's not going to be recoverable, BUT: if you lose physical control of the machine, DO NOT access it again without isolating it from the net and removing whatever data you want to keep onto removable media (encrypted with a NEW password).

What will happen is they'll image the drive and return it to you, telling you that they couldn't get into it (or nothing at all), and they've actually installed a keylogger that can access pre-boot keystrokes. So the next time you turn the machine on and enter your TC password, their keylogger will phone home with the volume password and they can decrypt the image at their leisure.

Best advice: if you lose physical control of your machine, consider it compromised and do not access it again.

This post brought to you by the letters Mike, India, Tango, November, India, Charlie, and Kilo.

What's wrong with the good old American "It's none of your ****ing business?"

Here's a helpful hint for TrueCrypt users: if you encrypt your drive properly, it's not going to be recoverable, BUT: if you lose physical control of the machine, DO NOT access it again without isolating it from the net and removing whatever data you want to keep onto removable media (encrypted with a NEW password).

What will happen is they'll image the drive and return it to you, telling you that they couldn't get into it (or nothing at all), and they've actually installed a keylogger that can access pre-boot keystrokes. So the next time you turn the machine on and enter your TC password, their keylogger will phone home with the volume password and they can decrypt the image at their leisure.

Best advice: if you lose physical control of your machine, consider it compromised and do not access it again.

This post brought to you by the letters Mike, India, Tango, November, India, Charlie, and Kilo.

I have yet to see this at a border crossing, but that shit is kind of scary. I will have to opt for the mind your own business approach.

I wonder how that will play as we all move toward remote storage "in the cloud" of most or all of our sensitive data. It wouldn't do them any good to search the device, since little or nothing will, someday soon, be stored locally on it. That option already exists, of course, but the technique hasn't gone easily mainstream yet.

I think you over estimate the data that "needs" to be "on the cloud"

I can stick everything personal of mine on a USB thumb drive.
If I were to gratuitously throw on all my porn, I could still stick it on a regular USB drive. People don't need the "cloud." Don't turn into one of the sheep believeing you do. It's just another method for the corporation to **** you over repeatedly for charges instead of one time purchases. I'll be damned if I give anyone unfettered access to my "data" in any form, little own storing it off site on some other jack holes drive. That's just a governments wet dream.

I think you over estimate the data that "needs" to be "on the cloud"

I can stick everything personal of mine on a USB thumb drive.
If I were to gratuitously throw on all my porn, I could still stick it on a regular USB drive. People don't need the "cloud." Don't turn into one of the sheep believeing you do. It's just another method for the corporation to **** you over repeatedly for charges instead of one time purchases. I'll be damned if I give anyone unfettered access to my "data" in any form, little own storing it off site on some other jack holes drive. That's just a governments wet dream.

This.

So is this question in relation to just border searches or the two recent cases in Ohio and California?

More information about the units can be read here: http://www.thenewspaper.com/news/34/3458.asp

A US Department of Justice test of the CelleBrite UFED used by Michigan police found the device could grab all of the photos and video off of an iPhone within one-and-a-half minutes. The device works with 3000 different phone models and can even defeat password protections.

"Complete extraction of existing, hidden, and deleted phone data, including call history, text messages, contacts, images, and geotags," a CelleBrite brochure explains regarding the device's capabilities. "The Physical Analyzer allows visualization of both existing and deleted locations on Google Earth. In addition, location information from GPS devices and image geotags can be mapped on Google Maps."

I don't have jack shit on my phone that would be embarrassing or incriminating. I saw articles on this topic and will make a point of shutting off my phone should I come in contact with LEO or airport security.
Taking personal information without permission or warrant is flat out pre-Magna Carta.

EDIT: Just to tweak a nose or two, I'm going to make a point of putting my copies of the US Constitution and BOR on my blackberry.

I don't have jack shit on my phone that would be embarrassing or incriminating. I saw articles on this topic and will make a point of shutting off my phone should I come in contact with LEO or airport security. Doesn't matter a bit.


Taking personal information without permission or warrant is flat out pre-Magna Carta. It's for the Chillldrennnn...think of the terrorist meth making kiddie pronographers we could stop this way!

EDIT: Just to tweak a nose or two, I'm going to make a point of putting my copies of the US Constitution and BOR on my blackberry.

They won't care a bit. It'd be like giving a monkey a dictionary for all the good it would do.

What's wrong with the good old American "It's none of your ****ing business?"

.........

Nothing wrong with it at all.

I also should not have to lock my house and car, or have passwords or encryption on my phones or computers.

But I do.

If you believe this is only happening on the border you are mistaken.

ACLU: Michigan cops stealing drivers' phone data (http://news.cnet.com/8301-17938_105-20055431-1.html)

There have been several recent rulings that have set precedence that search of a phone or other electronic device pursuant to a stop is Constitutional.

EDIT: The title of the article is not mine and not intended to be a comment on the situation. Just want people to be aware of the facts.

Sorry, but the Border Search Exception to the Fourth Amendment is the longest held exception. SCOTUS has held since the Justices and the lawyers who argued before them wore white powdered wigs that interest of the soveriegn to inspect goods entering and leaving the country for contraband is absolute and that at the Border or Customs House that the Fourth Amendment just does not apply. Your laptop, cell phone, digital device are no different than any other "goods" entering the country under the eyes of Customs. I suggest that you bone up on Arnold and Cotterman for a detailed explanation.

Here, I'll make the searching even easier, probably the most liberal circuit in the country made these decisions and SCOTUS even refused to hear Arnold.

http://www.ca9.uscourts.gov/datastore/opinions/2011/03/30/09-10139.pdf

http://www.ca9.uscourts.gov/datastore/opinions/2008/07/09/0650581.pdf

On the "other electronic devices front" I am anxious to see if SCOTUS decides to hear arguments in Jones.

http://legaltimes.typepad.com/blt/2011/04/doj-pitches-gps-surveillance-case-to-supreme-court.html

http://legaltimes.typepad.com/files/doj_gps_cert.pdf

If this one goes then Kyllo should hopefully follow it.

Sorry, but the Border Search Exception to the Fourth Amendment is the longest held exception. SCOTUS has held since the Justices and the lawyers who argued before them wore white powdered wigs that interest of the soveriegn to inspect goods entering and leaving the country for contraband is absolute and that at the Border or Customs House that the Fourth Amendment just does not apply. Your laptop, cell phone, digital device are no different than any other "goods" entering the country under the eyes of Customs. I suggest that you bone up on Arnold and Cotterman for a detailed explanation.

The 4th Amendment barely applies today as it is anywhere in the United States, it's a travesty and a joke. Until SCOTUS actually interprets the 2nd Amendment in the way any intelligent human reading it would, hands down the proper unanimous decision, and we are all free to keep and bear arms in any state in this country they can take their decisions and stick'em.

This isn't meant to be an attack towards you. Thank you for digging up those documents as well, interesting reading. I hope they cut the nuts off the child molester.

Nothing wrong with it at all.

I also should not have to lock my house and car, or have passwords or encryption on my phones or computers.

But I do.

No, no, you misunderstand me. If I want to have 512-bit triple encryption on everything I own, it's nobody's ****ing business why. Same as if I chose to have motion detectors, CCTV, security systems, and high-grade locks on my house.

And I do :-)

Michigan police refute claims of data-collection wrongdoing (http://news.cnet.com/8301-1009_3-20055961-83.html?tag=mncol;txt)

Michigan police refute claims of data-collection wrongdoing (http://news.cnet.com/8301-1009_3-20055961-83.html?tag=mncol;txt)

Just like drugs - Just say no.

It gets even better... http://www.huliq.com/10128/digital-privacy-rights-erode-police-increasingly-access-private-data

What 4th Amendment?!?! http://www.wired.com/threatlevel/2011/04/fourth-amendment-email-2/