August 24, 2017

Take precautions to protect your clients when bringing devices across borders, experts say

ABA members have been voicing concerns about searches of lawyers’ devices at the U.S. border “and the risks that those searches posed to the privileged and confidential information which is maintained on those electronic devices,” said retired US District Court Judge in Southern Court of New York Shira A. Scheindlin, now of counsel with Stroock & Stroock & Levan.

In response to those concerns, then ABA President Linda Klein sent a letter to the Department of Homeland Security asking them to revise the current directives, and in late June she and members of the ABA’s Governmental Affairs Office met with representatives of DHS to discuss these concerns. These efforts will continue, she said.

Scheindlin moderated the program “Prying Eyes: Think Confidential and Privileged Client Information is Safe at the Border? Guess Again,” held at the ABA Annual Meeting in New York City and sponsored by the Center for Professional Responsibility.

She shared Customs and Border Patrol statistics, which show that electric device searches are on the rise:

·        FY 2015: 8,503 travelers’ devices were searched,

·        FY 2016: 19,033 travelers’ devices were searched,

·        First 6 months of FY 2017: 14,993 travelers’ devices were searched.

The CBP website lists reasons someone may be chosen for an inspection of electronic devices:

·        Your travel documents are incomplete or you do not have the proper documents or visa,

·        You have previously violated one of the laws CBP enforces,

·        You have a name that matches a person of interest in one of the government’s enforcement databases,

·        You have been selected for a random search.

CBP does not need probable cause to do a search now, Scheindlin said, but a proposed bi-partisan Border Privacy Bill in the Senate would require CBP to show some probable cause.

According to CBP, “no court has concluded that the border search of electronic devices requires a warrant, and CBP’s use of this authority has been repeatedly upheld. This includes a review by the Fourth and Ninth Circuits Courts of Appeals, which approved the search of electronic devices encountered at the border.”

Furthermore, “Electronic device searched are integral in some cases to determining an individual’s intentions upon entering the United States,” said Deputy Executive Assistant Commissioner, Office of Field Operations, John Wagner. “These searches, which affect fewer than one-hundredth of 1 percent of international travelers, have contributed to national security investigations, arrests for child pornography and evidence of human trafficking. CBP officers are well trained to judiciously conduct electronic device searches and to protect sensitive information that may be encountered.”

Scheindlin said the “border” is officially defined as a 100-mile zone around the actual border, and that while border agents can deny entry to a foreign visitor, they can’t deny entry to a U.S. citizen.

Refusing access to a device can result in it being confiscated or its contents being copied, she said.

The panel reviewed the law and what CPB can and cannot search for.

Maureen T. Kelly, assistant general counsel at Northrup Grumman, said the 4th Amendment is designed to protect us against unreasonable search and seizure, and a key cornerstone of it is the “reasonableness” issue.

Bruce A. Green, director of Louis Stein Center for Law and Ethics at Fordham Law School, said the Supreme Court has said you can be searched at the border, where they are looking to see if you have plants or some other item you’re not supposed to bring in to the U.S., child pornography or anything terrorism-related.

But the device(s) you’re likely carrying are storing a lot of information that you want to keep private.

Prior to the Supreme Court’s decision in Riley vs. California, Green said, there was a Ninth Circuit en banc decision that said if border agents are doing not just a cursory look but a “deep dive” into everything on a device, they need to have reasonable suspicion.

Then in the 2014 Riley case, he said, the Court unanimously held that the warrantless search and seizure of digital contents of a cell phone during an arrest is unconstitutional.

Kelly said border agents can ask for the password to the device, and you can provide it but that you should say that you don’t consent to the search.

There’s a lot here that’s murky and yet to be decided, she acknowledged. It’s clear they can take a cursory review of your device, but where is the line where it becomes invasive?

Steven M Puiszis, a lawyer at Hinshaw & Culbertson in Chicago, said agents can look at your social media if it’s accessible through an app on your phone, but not if it’s accessed through an external server or the cloud.

Speaking of a lawyer’s ethical obligations, Green said Model Rule 1.1, dealing with competence, says lawyers need to know relevant technology.

Therefore, he said, lawyers have ethical obligations when bringing devices across the border if they contain attorney-client information, including email, documents, etc.  A lawyer must make reasonable efforts to prevent the inadvertent or unauthorized disclosure of or access to information relating to the representation of a client, he said.

If you lose your device and it has client information on it, Green says you need to inform the client of this, too.

In terms of digital self-defense, Puiszis advised looking at the situation from a risk-management perspective. Ask yourself, ‘Do I need this information on my phone for this trip?’ If not, don’t take it, he said. He recommends lawyers traveling to Russia or China use burner phones and laptops because of the higher likelihood of those border agents looking at devices.

Another alternative, he said, is to take your own devices, but have the firm email taken off, clear your browser and take off any social media apps. In addition, move any documents off the hard drive and onto a shared drive.

Even if you’re a solo practitioner, Green recommended moving toward these practices, and said it’s cheaper to do so than you think.

If you’re stopped at the border and you have client information on your device, Green said you cannot offer to hand over that information if there are other alternatives available.

He suggested calling your firm’s IT department and having the device wiped from afar.

And the panel stressed making sure that you note that you do not consent, and to resist by asking to see the manager, then eventually even litigate if possible.

The panel agreed that you need to know your rights by knowing the laws of the countries where you are traveling.