Julie Jacobson/AP file photo

Featured eBooks
Army Trends
CDM
VA Transformation
Tech

How Long Can Border Agents Keep Your Email Password?

Some data gathered from travelers going through customs can stay in a Homeland Security database for 75 years.

Kaveh Waddell,
The Atlantic

|
Kaveh Waddell
Kaveh Waddell
 The Atlantic

When you cross into or out of the United States, whether in a car or at an airport, you enter a special zone where federal agents have unusual powers to search your belongings—powers they don’t have elsewhere in the country. The high standard set by the Fourth Amendment, which protects people against unreasonable searches, is lowered, and the Fifth Amendment, which guards against self-incrimination and prevents the government from demanding computer passwords or smartphone PINs, is rendered less effective.

These special rules allowed a customs officer at the Houston airport to ask a NASA engineer to give up the passcode to his smartphone last month. The engineer, Sidd Bikkannavar, was reentering the U.S. after a two-week vacation in Chile, but the device he had on him belonged to his employer, NASA’s Jet Propulsion Laboratory. He routinely used the smartphone for sensitive work, so losing sight of it for a half hour was a “huge, huge violation of work policy,” Bikkannavar told me. 

After he was released, Bikkannavar immediately got a new phone from his employer and changed his PIN. But what if he hadn’t, and then traveled internationally again? If he were selected a second time for questioning at the border, the officer interviewing him would check at the record from Bikkannavar’s last run-in with Customs and Border Protection—which may include the passcode that he revealed to an agent.

• • •

The rules around what information can be retained after CBP inspections—and for how long—aren’t entirely clear-cut.

A notice published in 2008 in the Federal Register, the government’s official journal, describes the main database CBP uses for traveler information. Here’s a non-exhaustive list of the kinds of data that the records system known as TECS—that’s not an acronym—hosts:

… full name, alias, date of birth, address, physical description, various identification numbers (e.g., social security number, alien number, I-94 number, seizure number), details and circumstances of a search, arrest, or seizure, case information such as merchandise and values, methods of theft.

In addition, if officials search an electronic device like a laptop or smartphone, they may create a copy of the device’s contents. Without probable cause, CBP can’t keep that data on record for longer than a week (although some circumstances allow the window to be extended to a month), except for information “relating to immigration, customs, and other enforcement matters,” according to an official privacy impact assessment released in 2009. A CBP spokesperson confirmed that this policy is still in place.

The list of data that CBP can keep doesn’t include “passwords” or “credentials,” but that doesn’t mean they aren’t gathered and stored. Hugh Handeyside, a staff attorney at the American Civil Liberties Union, says that customs officials can enter miscellaneous information into records submitted to the TECS system.

The CBP spokesperson said that the agency can hang on to a password to facilitate digital searches once a device has been detained. The spokesperson did not say whether the password would be deleted from a traveler’s record after the search is over.

Generally, once a piece of information has been entered into the system, it can stay there for a very long time. According to the Federal Register notice, data in TECS can be kept for 75 years—or for the duration of a “law enforcement matter” or any “other enforcement activities that may become related.”

One of the few laws that would constrain how CBP would collect, keep, and disseminate personal information is the Privacy Act of 1974, which regulates how federal agencies treat sensitive personal data. But the Department of Homeland Security, CBP’s parent agency, exempted TECS from that law since at least 2009. Instead, CBP considers requests from individuals who ask to access records about them—a right guaranteed under the Privacy Act—on a case-by-case basis.

“Any limits would have to be derived directly from the Constitution or international treaties, not from statutes or regulations,” said Edward Hasbrouck, a travel expert and consultant to The Identity Project. “I am not aware of any case law limiting retention of this sort of data.”

To better understand how CBP collects and retains data, Hasbrouck requested his own travel records from the agency in 2007. He received incomplete responses and eventually stopped hearing back, so in 2010, Hasbrouck sued DHS to compel it to turn over the records he requested.

The documents he won in the lawsuit—some of which went as far back as 1992—show the detailed notes that CBP officials keep on travelers. Two records in particular showed the result of a pair of inspections Hasbrouck submitted to in 2009 and 2007. In one instance, Hasbrouck was interviewed at Boston Logan airport on the way back from London, because he “verbally declared” that he was carrying food. In the “inspection remarks” section, an official noted that “1 APPLE WAS SEIZED. BREAD WAS INSPECTED AND RELEASED.” (The “remarks” section is likely where a seized password might be entered.)

That information probably won’t come back to haunt Hasbrouck the next time he flies internationally. But once it’s saved, it’s fair game for use in future border encounters. Hasbrouck says he’s been questioned about the findings of previous inspections even years after the initial incident. If his records had contained any more sensitive information, they could easily have caused him trouble every time he traveled.

• • •

In October, a Canadian man traveling from British Columbia to New Orleans was taken aside for questioning at the Vancouver Airport. There, a CBP officer demanded the password to his phone and computer, according to a recent report in the DailyXtra, a Canadian LGBT news site. The man, identified only by his first name, André, turned over his credentials, and waited for “an hour or two” as officers searched through his digital life.

When the officer returned, he began “grilling” André about his emails, apps, and browsing history. The officer asked about André’s accounts on Scruff, a gay hookup app, and BBRT, a gay hookup website, in an episode the traveler described as “humiliating.” Ultimately, he chose not to enter the U.S. that day, and gave up his seat on the flight. 

A month later, André tried to fly to New Orleans again. He was again singled out for secondary inspection at the Vancouver airport, where officers asked for his devices. But this time, DailyXtra reported, the officers didn’t ask for his passwords; they still had them saved from the previous inspection. They rifled through his devices again, and even though André had wiped them of most of his personal information, he said he was not let through and was told he was a “suspected escort.”

I asked several experts who study digital border searches whether they’d ever heard of a similar case. None were aware of a specific instance of a device or online password being retained—and reused—but each said he or she wouldn’t be surprised to learn that CBP has a policy of retaining passwords.

“Based on the policy and reported incidents, my best guess is that CBP agents have broad discretion to keep login credentials if they think they will have a reason to use them in the future,” said Catherine Crump, a law professor at the University of California, Berkeley who has brought multiple cases against the government’s digital border search policy. “Bottom line: Change your passwords, people!”

For now, CBP is most likely interested mostly in passwords to physical devices, and not passwords to online accounts. Since the agency’s expanded authority to conduct searches is restricted to the border, lawyers say it wouldn’t cover a search of a traveler’s Facebook or Twitter profile. Doing so would request information from data centers located around the country or overseas—outside of the border zone—and would require a traditional subpoena, or some other type of court order.

But DHS Secretary John Kelly has proposed making social-media searches routine. At a hearing earlier this month, Kelly said he’d like to make it mandatory for visitors to the U.S. to turn over their browsing history and passwords to their social-media accounts. The proposal was met with intense opposition from human-rights groups and security experts, who say it would violate fundamental privacy rights, and could set a worrying precedent for other countries.

If such a policy were put into place, CBP could begin to compile the keys to travelers’ digital kingdoms, simply by asking for passwords at the border, jotting them down, and keeping them. Unless travelers change their passwords after a search, they may find that their input isn’t needed next time they’re stopped at the border.

NEXT STORY: How Trump’s Immigrant Dragnet Might Catch Your Personal Data, Too

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.