US Border Patrol Says They Can Create Central Repository Of Traveler Emails, Keep Them For 75 Years

The U.S. government has taken the opportunity during the global pandemic, when people aren’t traveling out of the country much, to roll out a new platform for storing information they believe they are entitled to take from people crossing the border. A new filing reveals how the U.S. Border Patrol will store data from traveler devices centrally, keeping it backed up and searchable for up to 75 years.

On July 30 the Department of Homeland Security published a privacy impact assessment detailing the electronic data that they may choose to collect from people crossing the border – and what happens to that data.

  • Border Patrol claims the right to search laptops, thumb drives, cell phones, and other
    devices capable of storing electronic information” and when they call it a ‘border search the can do this not just when you’re “crossing the U.S. border” in either direction (i.e. when you’re leaving, not just when you’re entering the country) but even “at the extended border” which generally means within 100 miles of the border, which encompasses where two-thirds of the U.S. population lives.

  • They needed an updated privacy impact assessment because of a new “enterprise-wide solution to manage and analyze certain types of information and metadata USBP collects from electronic devices” – and they they actually keep on file.

Border Patrol will “acquire a mirror copy of the data on the device” they take from a traveler and store it locally. Before uploading it to their network they check to make sure there’s no porn on it (so they search your devices to find porn first). Then once they’ve determined it’s “clean” they transfer the data first to an encrypted thumb drive and then to the Border Patrol-side system called PLX.

Examples of what they plan to keep from travelers’ devices include e-mails; videos and pictures; texts and chat messages; financial accounts and transactions; location history; web browser bookmarks; tasks list; calendar; call logs; contracts. Information is stored for 75 years although if it’s not related to any crime it may be deleted after 20 years.


Copyright: prestonia / 123RF Stock Photo

The government emphasizes they’ve been collecting this information, what’s changed is simply that they’ll be storing it in a central system where everything “will now by accessible to a larger number of USBP agents with no nexus” to suspected illegal activity. They promise, though, to restrict access and train staff not to do anything they aren’t supposed to. And they don’t see risk to privacy because they’ve published a notice (that I’m now writing about) telling you how your privacy may be violated.

Electronic device searches have been on the rise. Between October 2008 and June 2010 6500 devices were searched. In 2016 there were 10,000 device searches, and 30,200 in 2017.

It’s not clear though that these searches are all actually legal. In November 2019 a federal judge in Boston ruled that forensic searches of cell phones require at least reasonable suspicion “that the devices contain contraband.”

About Gary Leff

Gary Leff is one of the foremost experts in the field of miles, points, and frequent business travel - a topic he has covered since 2002. Co-founder of frequent flyer community InsideFlyer.com, emcee of the Freddie Awards, and named one of the "World's Top Travel Experts" by Conde' Nast Traveler (2010-Present) Gary has been a guest on most major news media, profiled in several top print publications, and published broadly on the topic of consumer loyalty. More About Gary »

More articles by Gary Leff »

Pingbacks

Comments

  1. It is really beyond me how one of these cases has not reached SCOTUS. With the current makeup I think it would be likely to put limits on this.

  2. All I can say is encrypt your data at rest, even you personal data. Whether with bitlocker on PC or FileVault on the Mac. I see companies having a field day with this, especially with prominent cases like Andreas Gal from Apple. No company is going to be ok with copies of their corporate assets being uploaded and stored. I can also think of anymore of other laws being compromised – HIPPA, etc. where data is required to be encrypted and protected. I can’t see a scenario where this is defended in court successfully.

  3. Just an irrelevant side note, border search authority and 4th amendment searches conducted without an immediate nexus to the border do retain different legal authorities and requirements.

    The issue going forward, which needs to be addressed, is technology of today, i.e. mobile phones, computers, interrelated platforms, etc., do contain ones “personal and private life/financials, etc,” as opposed to technology of the 80/early 90s.

  4. Welcome to the banana republic, formerly known as the USA.
    If there are reasons why data of US citizens and permanent residents contained in personal devices when crossing the borders should be kept and stored, it should and must be subject to some type of judicial review requiring a demonstration and determination of need.

  5. When one arrives at a border, you present yourself for inspection.

    Just like your physical items are subject to search and seizure, digital items must likewise be available for inspection.

    Makes no sense to somehow ingore their existance or provide special exemption.

  6. Banana Republic indeed. I guess with no real enemies US Border Patrol sets its sight on the very people it was intended to protect. I couldn’t care less about money laundering or drug trafficking that warrants this type of invasion of privacy. At this point I’d be more ok with a terrorist attack in my hometown compared to government agencies “confiscating” our money or stealing our data.

  7. I look forward to all the Trump Sycophants decrying the overreach of Big Government

    (lol yeah right)

  8. I dont see all the hoopla.

    If you are crossing international borders anywhere, you and your items are subject to search.

    I recall years ago Thai customs looking at footage in a camcorder, or Egyptian customs seeking to listen and check several audio cassettes in a walkman.

    I’ve had journals and documents thumbed through so why should it be different in a digital world when we store items on a phone, laptop or tablet.

  9. I don’t see how this legal when it comes to US citizens. No US citizen should be consenting to this. They can’t deny you entry to the country just because you wont give them your device to copy. You are entitled to enter your home country barring some exceptional circumstance. If you are a foreign tourist unfortunately they don’t have to let you in. Really the courts need to shut this crap down. The federal government certainly does not have a legitimate basis to do this whenever they feel like.

  10. @James Clearly you have no idea how the constitution works. Citizens at least have certain rights and that doesn’t change just because they are at a frickin border point.

  11. The constitutional do not apply fully at our borders. There is something called the border search exception doctrine that allows searches and seizures at international borders.
    In simplistic terms you are not in the United States and protections of the constitution until you succesfully pass through the border, so 4th ammendment is not violated.

  12. Isn’t the issue that once CBP has your data, it presents an almost unlimited ability for government to search it? In principle, I get that they can search anyone passing through our borders…but keeping data on-file for 75 years seems overreach-y.

    A correlate: Imagine your carry-on is searched when you arrive from an int’l flight. Then, CBP puts a TSA style note in your bag saying that they photographed/inventoried every item and will keep the info in a shared government database for the next 75 years, just in case…even though no crime is alleged. Creepy.

  13. I had a client, back around 2010, who was trying to find financial records from a fraudster. The fraudster had drives upon drives filled with porn. Being a good mahjong player, I matched the pairs of porn files and eventually found the steganography method he had used to hide the XLS and PDF files inside the porn. If he hadn’t kept the original files, it would have been MUCH harder to find… I guess he liked to watch the films unadulterated.
    “Moral” of the story is… if you want to hide things from the feds, hide it inside the porn they won’t copy.
    Brian – The problem is that the government is now trying to extend that exception from the border crossings to anyone within 100 miles of the border, or the ocean, which the article points out is where about 2/3rds of Americans live, most never crossing the border. Taken as written in the regulation, this invalidates the 4th Amendment for 2/3rds of the people in US without a single vote.

  14. This is why I hate government. We want border security, a wall, mass deportations, and protection from illegals who fill this country with violence, poverty, depress wages for American workers, and bring low standards. We don’t want citizens and tourists harassed and abused by TSA and Customs. We don’t want domestic spying whether through ISP records or through our devices at airports. We don’t want the patriot act that takes away rights of citizens instead of focusing on preventing certain groups from coming here in the first place.

    @Brian

    We don’t agree. We reject prior court rulings that usurped civil liberties and fundamental freedoms of Americans. It is a responsibility for all cops, prosecutors, federal agents, judges, jurors, and voters to refuse to enforce this unconstitutional, illegal, and inhumane abuse of power. Anyone agents who conducts these searches should be put on a list by patriots as traitors. Liberal/neo con judges don’t believe citizens and tourists are entitled to protections at borders. We don’t believe liberal judges/neo con (cuckservarices) are legitimate or anything but filth.

  15. Some of the earliest acts passed by the First Congress in 1789 had to do with CBP duties and areas of authority. ( In 1808 importation of slaves into US is officially banned. But continued illegally but fell under realm of CBP).

    I digress.

    If you want to read guidance and legal authority….
    CBP Directive 3340-049 enacted 8.20.2009 on search of Electronic devices for information.
    PDF Here:

    http://www.dhs.gov/xlibrary/assets/cbp_directive_3340-049.pdf

  16. @Brian-according to your made up exemption of constitutional rights, where you say you haven’t entered the US so you don’t have rights, how do you explain the search going out then? You are in the US, right? And when you leave you aren’t in the US.

  17. Jackson Henderson’s post is exactly why I have lost all hope for this country. All empires come crashing down… I just didn’t expect America’s to be during my lifetime.

  18. At the border anything can be searched. In general, you are required to provide certain assistance to the officers conducting the search. However, you CANNOT be required to divulge passwords without court order. Therefore, if you are concerned for privacy, just make sure to shut down or restart devices before the border. Although this only really works for citizens that have an unrestricted right to enter; otherwise, an irritated border officer could simply refuse entry. To be perfectly clear, we are not the only country that does this. The government itself and most large corporations send people with “clean” devices when traveling internationally, to ensure data protection.

  19. @Greg
    Inspecting something (looking at your stuff) vs copying & analyzing & storing it for 75 years is a BIG difference.
    Why should anyone, no matter if person or gov. be allowed to copy all my personal information, data,.. if I haven’t broken any laws.
    Karens get furious about face masks and their freedom but where is the outcry here?

    I expect this to happen in China where everyone has a ranking but not in the U.S. or any other Western European country.

  20. Does anyone remember when a man working for NASA did not decrypt his data because he was not allowed to? Wasn’t he detained for that?

  21. @747 – he posts race baiting trash all over the different travel blogs…at least he has settled on one name now, vs. changing his last name every post

  22. @JacksonHenderson:
    Is that the royal “we” or the multiple personality disorder “we,” preferred by psychotics worldwide?

  23. I highly highly recommend that everyone buy a Chromebook. I got one years ago at the suggestion of a US military intelligence guy who I met at a conference.

    The difference between a Chromebook and a Laptop is this: a laptop stores and processes everything locally, plus it allows you to access the internet. A Chromebook is nothing more than a browser portal to google. When you turn it on it goes to google and that’s all it does. Once your “in” the google cloud you can log into your gmail account and from there you can access photos, documents you store there, your gmail plus the internet generally.

    I got it because the military intelligence guy I met said it is much safer to use for online banking. There’s nothing “in” the Chromebook that hackers can load malware like keyloggers into so the only way they can attack your data is by stealing your gmail password or by hacking google itself.

    Before you cross the border (in or out) log out of gmail on the Chromebook and then choose “remove this account” so there’s not even a memory that you ever accessed your google account “on” the Chromebook. Then tell customs they can keep it.

  24. @SeanNY2

    Great suggestions! I am revolted by the growing loss of freedoms we are experiencing. How soon until every hacker on the planet has access to these searchable databases of all our private information, the agency apologizes for the data breaches, and we are offered six months of credit monitoring?

  25. The 100 mile from the “border” rule, newly extended to include international airports, means that essentially everyone, at all times, can have their devices seized, searched, and the contents stored for 75 years unless they are physically inside private property (common areas of a building, businesses and offices accessible to the general public, and even your front lawn generally isn’t exempt though your back lawn is).

    So sad when creeping overreach in the name of national security makes the tinfoil hat people seem correct.

  26. I can see there being an enormous increase in devices filled with malware and porn being enthusiastically presented to CBP over the coming years.

  27. What a privacy horror story!
    .
    The same government who could not keep atom bomb and other military secrets from the Russians is now going to have my digital life and keep it for 75 years.
    .
    So now the border patrol wants more spy powers than the East German Stasi in the 50-60’s and the K.G.(usta)B had. Wow.
    .
    So much for the “land of the free”
    .
    How long is it going to be that they extend that 100 mile limit to the other side of the Canadian and Mexican borders, so they can have access to ALL information in other countries too because it may potentially be at some time linked to
    .
    David Drake has a series of SciFi books and short stories that extend this idea to it’s logical end. Every person in the country is REQUIRED to be in constant view of at least 3 cameras at ALL times. Police have access to all of the cameras. With AI support, they can even trace the path of a snail mail back from recipient to sender. Scary stuff.

  28. Bureaucrats gonna bureaucrat – if there’s a way to increase their power, they’ll do it until someone stops them. And even then, they’ll keep going, in defiance of the courts, if it’s under the guise of “national security”. Or “public health”. This is a bipartisan problem.

    To answer the very first comment on the blog, why hasn’t SCOTUS taken up the case? – These things take time. SCOTUS doesn’t tend to wade in until there’s a circuit split. That split happened in 2018, though I suspect there aren’t an enormous amount of cases, so one that the court likes hasn’t risen yet. But the database is troublesome – and it’s something Congress could outlaw without waiting for the courts. However, it’s not a sexy issue, therefore, Congress does nothing.

Comments are closed.