Laptop and Cell Phone Data Searched at Airport

Monday, November 22, 2010

Anthony M. Freed

6d117b57d55f63febe392e40a478011f

Do our Fourth Amendment rights end at the airport?

The Fourth Amendment to the Constitution of the United Sates of America prevents authorities from conducting unsubstantiated or warrantless search and seizure.

But do we give up those rights when we have traveled outside the country and wish to return home? The recent detainment and subsequent search of electronic devices in the possession of white hat hacker Moxie Marlinspike seem to indicate so.

Marlinspike is not known to be the subject of any criminal investigation, nor does he appear to be an immediate threat to national security.

Nonetheless, he was recently detained at JFK International Airport upon returning from an overseas conference, and the cause seems to be an interest in searching his electronic devices.

US Customs agents requested that Marlinspike provide the passwords needed to access encrypted data on his laptop and two cell phones, but he refused. After being detained for five hours, the equipment was returned and he was released.

From his interview with CNET:

"I have no idea what's going on, why this is happening to me. From the questions I've had to field it seems like this is part of some larger fishing expedition. There is someone somewhere who wants access to something on my laptop or my phone and they can't just come and ask me for it. And they can't get a warrant without suspicion. So, they wait for me to travel internationally because at the border they can do anything they want."

Marlinspike first discovered he was on a Federal watch-list several months ago when both he and airline staff were unable to print out his boarding pass. The airline staff informed him they needed to notify the Department of Homeland Security of his travel plans.

Exactly why he is on the watch-list is not known. Marlinspike is noted for exposing critical vulnerabilities in the verification of digital certificates. White hat hackers are largely misunderstood, and revealing exploitable flaws in information systems does not make one popular with everyone concerned.

For those unfamiliar with the term, white hats are somewhat equivalent to consumer product safety advocates - think along the lines of Ralph Nader and the end of the Corvair. Trouble maker to some, hero to others. Whatever your opinion, security was the intention.

Regardless of the fact that he may be on a Federal watch-list, Marlinspike had not been arrested, Mirandized, or charged with any offense. So, does the fact that he was returning from abroad mean that he has forfeited his Constitutional rights?

Security is one matter, and if he was suspected of posing an immediate threat to the safety and welfare of other travelers, then a thorough search for some kind of weapon or device is appropriate. Same thing for if he was suspected of smuggling, or breaking the law.

But does the mere fact that a US citizen travels overseas and seeks to return home give authorities carte blanche to search anything and everything irrespective of any specific purpose? Is the border a Constitutional no man's land?

If he had supplied the requested passwords, could Customs have seized the data even if it did not indicate that any laws were being broken, or if it did not present evidence of any immediate threat to security?

This incident brings several other questions to mind, such as whether the Customs agents have the authority to make copies of the data on Marlinspike's hard drive and SIM cards and retain it.

From his interview with Wired:

“I can’t trust any of these devices now. They could have modified the hardware or installed new keyboard firmware.”

The TSA has received great deal of attention lately regarding the uses of low radiation x-ray scanners and the enhanced physical pat-downs that have been repeatedly described as "gropings" by those that have had the displeasure of undergoing one, and the nation is in an uproar.

At least most people can ultimately understand that the purpose of these invasive searches is to save lives.

The prospect of having our confidential computer and phone data scrutinized simply because we wish to re-neter the country is going to be even less popular, and it seems to be in direct conflict with both the spirit and the letter of the law as outlined in the Fourth Amendment, which plainly indicates:

"The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."

When physical and national security are on the line, we can all expect that the government may need to toe the line when it comes to doing their job of keeping us safe, and we should all be expect to give up the most liberal interpretations of "our rights" if we choose to travel by aircraft.

If you don't like it, you don't have to travel.

But when no one's safety is on the line, the notion that authorities can use international travel as an excuse to utilize the tactics of a totalitarian police state is alarming.

If Marlinspike is suspected of breaking the law, and the authorities have reasonable suspicion that evidence of a crime is on his computer or in his cell phones, then present the information to a federal judge and get a warrant to search his electronics.

But if it is really the case that authorities can act as if our Constitutional rights end at the airport terminal, we have much bigger problems than naked body scans and screeners touching our junk, and people need to get mad about this.

Comments and feedback welcome...

Possibly Related Articles:
20628
General
Wireless Security Laptop Cell Phone Airport Search and Seizure
Post Rating I Like this!
C643eec6350152c6c3fbd1288578d98a
Terry Perkins Wow! Amazing. I can't believe we have come to this. I have no intention of flying in the near future even domestically. I don't want to deal with the TSA and I'm not going through the new x-ray scanners.

Then to add insult to injury.... the electronic devices. Ridiculous!
1290442646
6d117b57d55f63febe392e40a478011f
Anthony M. Freed Here are some good references readers have sent to me regarding prior court decisions on border searches:

http://www.cbp.gov/xp/cgov/travel/admissibility/labtop_inspect.xml

http://www.nppa.org/news_and_events/news/2010/09/lawsuit.html

And here is another with some good advice regarding protecting your data and border searches:

https://www.eff.org/deeplinks/2008/05/border-search-answers
1290457020
B64e021126c832bb29ec9fa988155eaf
Dan Dieterle It is getting out of control. Israel's main airline El Al hasn't had a security issue in 30 years. There tactics are simpler and much more effective.

http://cyberarms.wordpress.com/2010/11/23/how-israel-screens-for-terrorists/
1290543049
Default-avatar
Andrei Bujaki The so called white hacking does not exist .Often a "white hacker" breaks the law or the agreement when he exploits.More often the so called white hackers are hiding organized crime activities under " good hacking umbrella" . I believe that we should worry about more for how we protect our facebook accounts and other social networks accounts and our home computers instead of trying to find the big brother in an institution that its designed to protect us. What you prefer the liberty of an us citizen who is planning to attack a primary target in us defence networks(nuclear power plant) or a TSA well done job ?I"v heard a lot of stories about totalitarian police state but this stories and worries are coming from the people without a clue what is that .I lived in a such country and state all my life and i tell you that i regret that we don't have an TSA or an FBI, HLS ,or NSA to scrutinize and to impose the safety and law at the similar standards as are in US.
1290598713
C643eec6350152c6c3fbd1288578d98a
Terry Perkins @Andrei - I appreciate your perspective. We, Americans, are losing more rights each day and we are not accustomed to that. However, I respectfully disagree with- White Hat Hackers- don't exist. Without them, we would be in a terrible position from a information security perspective.
1290610481
6d117b57d55f63febe392e40a478011f
Anthony M. Freed As stated in the article, I am all for security efforts meant to protect us from harm. Due cause justifies detainment and searches, but by exploiting security procedures to embark on fishing expeditions when there is no evidence of an immanent threat or a crime is the kind of incremental encroachment of the state that is a bigger threat to our freedoms than any act of terror could hope to achieve.
1290622621
C643eec6350152c6c3fbd1288578d98a
Terry Perkins Well put, Anthony!
1290623112
B64e021126c832bb29ec9fa988155eaf
Dan Dieterle Well said Anthony!
1290630271
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.