This Week in Security: Border Searches, Insecure Journalists, and Quantum Computers

CBP Updates Electronic Device Search Guidelines

The U.S. Department of Customs and Border Protection (CBP), charged with border inspections and other duties, have released updated guidelines on searches of traveler’s devices when crossing the U.S. border. While the border itself is notorious for being a place where the Fourth Amendment doesn’t fully apply, the sheer magnitude of data available on electronics subject to search has brought increased scrutiny to border searches.

The updated guidelines describe some specific practices and limitations of border searches involving electronic devices. For example, “Basic” searches may be conducted with or without suspicion, and must be done in view of the device’s owner. Basic searches are described as not involving external devices being connected to the device being searched, and only involving information that would be normally accessible manually interacting with the phone. Meanwhile, “Advanced” searches involve using devices external to the phone to access and copy information.

The policy also clarifies that searches should be limited in scope only to information resident on the device itself, rather than anything stored in a cloud service accessible from the phone. Regarding passwords, screen locks, encryption and other privacy-preserving tools, the searching agent may ask the traveler for assistance in unlocking the device. If an officer is “unable to complete an inspection of an electronic device” due to such a security measure, then the device may be detained.

While this may seem like a “reigning in” of border searches to some, the reality is that the CBP itself reports a 59% increase in searches of electronic devices from 2016 to 2017, with a total of 30,220 electronic device searches in 2017. It seems likelier that these guidelines are more about streamlining the searching process rather than limiting its privacy impact, and that the CBP foresees (Read more...)

This is a Security Bloggers Network syndicated blog post authored by Cylance Research and Intelligence Team. Read the original post at: Cylance Blog