To Senate Committee on Homeland Security: Five Questions for Secretary Kelly About Passwords Demands at the Border

On January 31, an NASA engineer and U.S. citizen, Sidd Bikkannavar, was informed by federal border agents he hat he was required to turn over the password to his smartphone on his way into the country, that doing so was mandatory, and that if he failed to comply, the phone could be seized.  The phone was the property of NASA’s Jet Propulsion Laboratory, which designs space telescopes, and contained a host of sensitive work-related information. Rather than risk seizure of the phone, Bikkannavar handed over his password. Agents then disappeared with the phone for 30 minutes, presumably copying its contents, before Bikkannavar was allowed to go on his way.

Bikkannavar is not alone. On January 30, a British citizen and BBC reporter was reportedly told he had to hand over his phone and password as a condition of entry. Recent complaints filed by the Council on American-Islamic Relations (CAIR) allege, among other things, that customs and border patrol agents demanded access to cell phones and social media accounts. The Knight First Amendment Institute at Columbia University recently filed a FOIA lawsuit seeking to uncover additional information about these policies and practices—asking for, among other things, data on the number of and reasons for searches of electronic data since 2012 and the relevant policies in place. The lawsuit notes an uptick in the number of searches of electronic devices since 2015, with a “marked increase” in the first quarter of 2017.

Of particular concern, Secretary Kelly testified in February that the Department of Homeland Security was considering a new policy of requiring all foreign visitors to disclose their social media user names and passwords as a condition of entering the country without any suspicion of wrongdoing.

Not only are these practices of questionable legality, they are terrible policy. While customs officials have broad discretion to search and seize persons and their property at the border, this discretion is not limitless. Nor should it be. Just because there may be grounds for searching an individual and his or her property, this doesn’t mean that there are grounds to search all of an individual’s electronic devices or social media accounts, which presumably involves the accessing of data on a server that is located nowhere near the border.  As the Supreme Court concluded in its 9-0 opinion in Riley v. Californiathe fact that someone’s phone was lawfully seized incident to arrest does not mean that the government could access all the data on the phone without first obtaining a warrant based on probable cause.  In the Court’s words:

Such a search would be like finding a key in a suspect’s pocket and arguing that it allowed law enforcement to unlock and search a house. But officers searching a phone’s data would not typically know whether the information they are viewing was stored locally at the time of the arrest or has been pulled from the cloud.

Similarly here, the border search exception–which stems from the need to protect the country from potentially dangerous property and persons entering the country–should not support the search of property that is nowhere near and not actually crossing the border.  The fact that someone might be traveling internationally should not be used as an end-run around the ordinarily applicable requirement that agents get a warrant based on probable cause to access the content of his or her emails or social media accounts.

Consider as well the precedent that Secretary Kelly’s proposal creates. Imagine, as is likely, that other nations adopt similar requirements demanding that all foreign entrants to their country turn over their social media passwords. Do we really want Americans, including our diplomats, scientists, and journalists, as well as ordinary travelers, to be required to give up access to their private accounts as a condition of entering other countries?   Imagine Senators and their staff on a Congressional delegation to Pakistan, Turkey, or any other long list of potential destinations being told that they have to give up their social media accounts as a condition of entering the country. 

Such a policy is also likely to be ineffective, or worse, counterproductive.  Bad actors would quickly learn to use burner phones, constantly change their account names and passwords, and otherwise self-censor—making it that much harder to identify and track potentially dangerous threats. Instead, the brunt of the effect would be felt by tourists and business travelers who would have to decide whether the visit to the United States was worth the costs to their privacy or hassle of keeping their personal or business communications secure—potentially leading to a reduction in tourism and investment in the United States as a result.

On Wednesday, April 5, Secretary of Homeland Security John Kelly will testify before the Senate Committee on Homeland Security. Senators should use this opportunity to question him about these practices and proposed policy.  In addition to requesting any currently applicable policies or guidelines regarding the search of electronic devices, data, and passwords at the border, below are five questions he should be asked:

1. Do you believe that Americans have Fourth Amendment rights in the content of their communications? Do they lose those rights every time they cross an international border?

2.  What do you make of the Supreme Court’s decision in Riley v. California, which held that even if someone’s phone was lawfully seized incident to arrest, that did not mean that the government could access all the data on the phone without first obtaining a warrant based on probable cause? Doesn’t the same principle apply at the border? If not, why not?

3.  What advice would you give business leaders worried about their employees traveling in and out of the country and potentially exposing sensitive work-related devices and data to search and seizure by customs officials?

4.  Would you have concerns if foreign governments began demanding that all Americans disclose their social media usernames and passwords as a condition of entering their country? What advice would you give to Senators and their staff traveling on a congressional delegation?  Would you permit the Department’s agents and officials to travel with their government phones and computers? If so, what measures would you need to take to protect their security?

5. How does the Department protect the data and passwords that it obtains from travelers seeking entry into the country, including that of Americans?

 

Image: andresr/Getty 

About the Author(s)

Jennifer Daskal

Associate Professor at American University Washington College of Law Follow her on Twitter (@jendaskal).

Tom Malinowski

Former Assistant Secretary of State for Democracy, Human Rights and Labor (2014-2017) Follow him on Twitter (@malinowski).