The Association of Corporate Travel Executives (ACTE) is warning its members to limit the amount of proprietary business information they carry on laptops and other electronic devices because of fears that government agents can seize that data at U.S. border crossings.
The group is worried that corporate information could be downloaded by agents, leading to potential security breaches and the exposure of data that is supposed to be private. Among the devices that could be searched by border agents are cell phones, PDAs, digital cameras and USB storage devices.
The warning follows a recent ruling from the Ninth Circuit Court of Appeals that basically upheld the right of U.S. Customs officials to search laptops and other electronic devices at U.S. borders without reasonable cause or suspicion.
The Appeals Court decision involved an individual who was arrested in 2005 on charges of child pornography after a warrantless search of his computer by customs officers at Los Angeles International Airport. A District Court judge had previously ruled that the evidence presented by the prosecution should be suppressed because it was gained via an unreasonable search. That decision was overturned later.
Susan Gurley, executive director of the ACTE, said the Appeals Court's decision means that corporate travelers need to pay close attention to the kind of information they carry on their business laptops during international travel.
"Right now, the U.S. customs department has the right to look at the data on your computer and download that data if they want to," Gurley said. "The Ninth Circuit held that it is within the purview of the U.S. government to look at or download anything" on laptops and other electronic devices at the border, she said.
Companies need to review their policies to see if such searches will cause privacy problems for them or their customers, she said.
"For example, if you are carrying personnel information on your laptop, there are certain privacy violations that can ensue" if that data is accessed and downloaded as part of a border search, she said. Other kinds of sensitive and proprietary information -- including intellectual property -- can sometimes be exposed via such searches, she said.
Many companies, especially in Europe, are having compliance officers look at the broader implications of such searches and have begin curtailing the kind of information their executives can carry on their laptops when traveling to the U.S, she said.
According to Gurley, the biggest concern is the lack of information or policy guidance about such searches. Currently, companies don't know exactly what to do about data that might be accessed and downloaded during a border search.
"There may be some legitimate reasons for wanting to look at the data" on a traveler's electronic device, Gurley said. "But what are the parameters for such searches? Once they have the information, what do they do with it? What are the policies for retention and for data destruction? This shouldn't be such a hidden secret."
The ACTE filed a Freedom of Information Act (FOIA) request with the U.S. Department of Homeland Security (DHS) last July for information about the government's policies on searching laptops and other electronic devices at U.S borders. Though the DHS responded to that request, the document it provided was too heavily redacted to be of much use.
In February, a lawsuit was filed in U.S. District Court in San Francisco by the Asian Law Caucus (ALC) and the Electronic Frontier Foundation (EFF). In the legal filing (download PDF), the two groups asked the court to order the DHS' Customs and Border Protection (CBP) division to release records about its policies and procedures on the "questioning, search and inspection" of travelers entering or returning to the U.S. at various ports of entry.
On Thursday, both organizations and nearly 30 other civil rights and individual privacy rights advocates are submitting a letter to lawmakers asking for a Congressional oversight hearing on the issue. The letters are being sent to the House and Senate Judiciary committees and to the House and Senate Homeland Security committees, said Marcia Hoffmann, staff attorney for the EFF.
"I think that (Appeals Court) decision has focused this issue for us," Hoffman said. "The courts certainly are not stepping in to act as check to abusive searches. On top of that, it has been difficult getting information from the DHS on such searches.
"We hope members of Congress will look into this and force the DHS to disclose information on what it's practices. Ideally, it would be wonderful if Congress would pass legislation to put some safeguards for travelers," she said.
This story, "Business Travelers Advised to Leave Data at Home" was originally published by Computerworld.