Tuesday, June 24, 2008

Laptop Searches -- The German Computer Rights Case

The German Court Gets it Right

In a nice coincidence of timing, while observers in the U.S. were awaiting the 9th Circuit decision in U.S. v. Arnold, on February 27, 2008, the German Federal Constitutional Court (Das Bundesverfassungsgericht (BVG)) announced an historic decision in a case also involving the individual's right to privacy of personal data stored in digital form. Whereas the 9th Circuit found such data to be no more entitled to constitutional protection at the border than underwear in a suitcase, the BVG held that the general Right of Personality (for our purposes, the Right of Privacy) contained in Article 2 the German constitution (das Grundgesetz) includes the fundamental right to a guarantee of the confidentiality and integrity of IT systems.

(German cases are not cited by reference to the names of the parties, but are cited in the form, BVerfG, 1 BvR 370/07 vom 27.2.2008, which is the cite for the case in question. In the press, however, the case is referred to as the "Computer Rights" case, so we will use that name here.)

The Computer Rights case came to the BVG on a challenge by a group of private individuals to the constitutionality of a recently-enacted statute of the state of North-Rhine-Westfalia (the capital of which is Duesseldorf) enabling the state investigative agency to secretly hack into the computers of targeted individuals while they were online and search and copy data stored there. Thus, the case does not involve a non-consensual laptop border search, but involves instead a non-consensual online computer search. German legal counsel, consulted in connection with this post, are of the opinion that the Computer Rights case would apply to a laptop border search.

And while the 9th Circuit in U.S. v. Arnold relieved the government of the necessity of meeting any legal standard whatsoever as a prerequisite to a border search of a laptop, the NRW statute did at least contain a "reason to believe it may be helpful" standard. Nevertheless, the BVG said this was too broad and articulated a higher standard: a secret infiltration of an individual's IT system by means of which the system can be observed and its storage media read is only constitutionally permissible when grounds exist in fact which show a danger to an important legally-protected interest such as the safety, life and liberty of persons or the fundamental principals or existence of the state. And, further, the exercise of such a secret IT system search is subject to judicial oversight.

It is notable also that in its opinion the BVG used the generic term "IT system" rather than specific term "computer," evidencing the court's intention that its decision should have broad application over the entire realm of digital devices and networks.

The BVT reached these results only after an exhaustive, painstaking and detailed examination of the nature of data stored on computers in the present age. The court's review is akin to that conducted by Judge Pregerson in the U.S. District Court in U.S. v. Arnold and which Judge O'Scannlain conspicuously did not do in the 9th Circuit.

In particular, the BVG recognized that people store on their computers their most personal data, including private correspondence, photographs, sound files, etc., which contain detailed information about the relationships and conduct of the individual's life, which if obtained and disclosed can enable the government or third parties to build an extensive picture of that individual's behavior and communications. Furthermore, the secret capture of such data from the computer of one person damages third parties with whom the targeted individual has had communication, which third parties then find their own privacy violated even though they are not targets of an investigation. This in turn impinges upon the general freedom of the citizenry, who now must fear surveillance and therefore find themselves inhibited in their digital communications and relationships with their fellow human beings. In U.S. constitutional law terms, warrantless searches of laptops can have a chilling effect upon free speech.

The BVG thus developed an incisive understanding of the extent of private data now stored by the population in their "IT systems" and a realistic, even street-wise, appreciation of how that information can be in fact be used by agents of the government once it has been captured. It then concluded that the rights of individuals to be secure in the privacy of their digitally stored data were so important they were entitled to constitutional protection, and, there being no exact constitutional provision covering such "computer rights," the court fashioned a new constitutional Computer Right.

Would that the 9th Circuit had taken the same pains and worked conscientiously through the emerging privacy issues of the present digital age and come to a better appreciation that the rights of traveling citizens to privacy of their stored data deserve protection even at the border unless the CBP has at least a reasonable suspicion that illegal data may be stored on the traveler's laptop, and even that is a preciously loose standard. As U.S. law develops and as other circuit courts, and ultimately the U.S. Supreme Court, consider the problem they would do well to follow the lead of the Bundesverfassungsgericht.

Sunday, June 22, 2008

Laptop Searches -- Two Disturbing Case Studies, Part II

As reported by Lynnley Browning in the New York Times UBS finds itself in the middle of a sensational IRS investigation into the conduct of its private banking division and its U.S. clients. The bank is accused of advising, aiding and abetting evasion of U.S. taxes by wealthy U.S. clients. The bank is under pressure from the Department of Justice to turn over the names of no less than 20,000 U.S. clients of UBS. It is hard to imagine a worse nightmare for the venerable Swiss bank.

According to the Times report, one Bradley Birkenfeld, an American citizen and a former senior UBS private banker, has pleaded guilty in Ft. Lauderdale, Florida, to abetting tax evasion by U.S. clients of UBS. Birkenfeld has apparently submitted a statement of facts to the federal prosecutors describing, among other almost comical practices, smuggling a client's diamonds into the U.S. in a toothpaste tube, urging his clients to destroy offshore banking records, recommending the use of Swiss credit cards not discoverable by the IRS and recommending the characterization of withdrawals from clients' Swiss accounts as loans rather than withdrawals of the clients' own funds. In the words of one of Birkenfeld's former clients, "He's going to sing like a parakeet."

In the face of these astonishing disclosures UBS is understandably getting nervous about travel by its private bankers to and from the U.S. According to one report UBS has advised some of its U.S. clients to travel to Switzerland if they wish to confer with their advisers. The bank has taken the further prudent step of advising its private bankers not to travel to the U.S according to the Financial Times.

We do not know but we can assume that UBS has also advised its private bankers never to travel to the U.S. carrying laptops. It would be a simple matter for the IRS and the SEC to identify the entire UBS private banking staff, input their names to the IBIS databank, notify the CBP that when any of the names in the databank appear at the border they are to targeted for further examination including, in particular, search of their laptops, Blackberries and other digital storage media. As we know (see the prior posts to this blog) on the present state of U.S. law the U.S. border is not only a privacy-free zone it is a Constitution-free zone and the CBP need show no legal basis whatsoever for a laptop search other than the presence of the traveler at the U.S. border.

We can only speculate about the kinds of data stored on UBS laptops, but the IRS and the SEC do not need to speculate, they have the right to go in and find out. Whether this is a proper result of the CBP's right to engage in warrantless laptop searches at the border is a question that we hope will be addressed in the U.S. Senate Constitution Subcommittee hearings on June 25.

Laptop Searches -- Two Disturbing Case Studies, Part I

To appreciate the power and potential of warrantless laptop searches at U.S. borders as investigative tools, consider the following two cases, both of which are true cases, one is currently in the daily news and the other was related to me by the attorney in question:


Attorney Z is a partner in a prominent Toronto commercial law firm. His practice includes giving advice and support to business clients around the world wishing to immigrate to Canada. He travels frequently to foreign destinations, including the U.S., to meet with his clients. He visits the U.S. frequently because it is convenient and many of his clients also travel there on business or are residing there on short term visas.

When traveling to the U.S. attorney Z is “pre-cleared” in Canada by the U.S. Customs and Border Protection service (CBP). This means he must present his credentials to the CBP agents, answer their questions and supply the information they request or he will not be allowed to board his plane for the U.S. On a recent trip to the U.S. he was questioned during pre-clearance along the following lines:

Q. What is your occupation?

A. I am a lawyer.

Q. What is your field?

A. Immigration

Q. Why are you traveling to the U.S. today?

A. To meet with clients.

Q. Where are they located?

A. New York city.

Q. What are their names and addresses?

A. [Answer unknown]

Q. Are your clients in the U.S. legally, and if so on what kind of visas?

A. [Answer unknown]

Q. What is the nature of your business with these clients on this trip?

A. [Answer unknown]

Q. How much are you being paid for representing these clients?

A. [Answer unknown]

Just consider now the position in which this puts Attorney Z. He is being asked to divulge confidential attorney-client information. That information, in the hands of the U.S. government, could be detrimental to his clients -- suppose, for example, they are in the U.S. illegally, having overstayed their visas. Attorney Z has a professional duty not to reveal privileged attorney-client information whether detrimental or not. He also has a duty not to aid and abet violations of U.S. law. So what can Attorney Z do? If he answers truthfully he is violating his duty to his clients and possibly exposing himself to criminal charges under U.S. law. If he lies to the CBP agent he commits a federal crime. If he refuses to answer, invoking the attorney-client privilege or otherwise, he may be denied entry to the U.S. and his business trip will fail.

[For the purpose of this post I will skip over the question of whose attorney-client privilege law applies to Attorney Z, the U.S.'s or Canada's, but the question lurks.]

I hope it will come as a shock to the reader, as it did to me, to learn that CBP is asking such intrusive and improper questions of a lawyer traveling to the U.S. on business. Clearly the CBP is doing more here than simply checking the credentials of an inbound traveler. It should not be relevant, e.g., to any legitimate border inquiry to determine how much a Canadian lawyer is being paid by his clients. With this kind of examination the CBP is using the pre-clearance procedure as a general investigative tool.

Now consider the unrestricted laptop search as an additional tool in the hands of the CBP in connection with the examination of a traveler such as Attorney Z. If Attorney Z gives the CBP agent sufficient information on his clients or his business to create suspicion or excite interest in further inquiry, or if Attorney Z declines to answer the agent's questions, then the next step for the CBP agent is to search his laptop. The decisions of the Fourth and Ninth Circuits in Ickes and Arnold give the CBP agent an unrestricted right to require Attorney Z to boot his laptop and then to stand aside while the agent, and perhaps an ICE (U.S. Immigrations and Customs Enforcement) team, conduct a search of the files on his hard disk. If Attorney Z is like most traveling attorneys he will in fact be carrying a laptop and it will not be encrypted, either in whole or in part, or, even if it is, Attorney Z may feel it the better part of discretion to enter the passwords or encryptions keys or to divulge them to the agent. (See the discussion of the encryption dilemma on Jennifer Granick's blog on the EFF website.) The CBP will therefore readily discover the names of his clients, his correspondence with his clients, the documents involved in the matter he is handling for the clients and the his fee agreement with his clients. [In the actual case Attorney Z was carrying a laptop but it was not searched -- he dodged the Black Swan on that trip.]

For another account of the actual experience of a Canadian traveler whose laptop was searched at the U.S. border, apparently at random, see the article "Illegal Downloads -- New Concern for Cross-Border Travelers."

Thursday, June 19, 2008

U.S. Senate to Hold Hearings on Border Searches of Laptops

Committee on the Judiciary- Panel 2
top of navigation bar



Nominations Business Meetings Press Information

bottom of navigation bar
"Laptop Searches and Other Violations of Privacy Faced by Americans Returning from Overseas Travel "
Senate Judiciary Committee

Subcommittee on the Constitution, Civil Rights and Property Rights

DATE: June 25, 2008
TIME: 09:30 AM
ROOM: Select Building-226

June 11, 2008


The Senate Committee on the Judiciary has scheduled a hearing before the Subcommittee on the Constitution on “Laptop Searches and Other Violations of Privacy Faced by Americans Returning from Overseas Travel” for Wednesday, June 25, 2008, at 9:30 a.m. in Room 226 of the Senate Dirksen Office Building.

Chairman Feingold will preside.

By order of the Chairman

smooth lower right corner image

WIth this notice of hearing by the Subcommittee on the Constitution of the U.S. Senate Committee on the Judiciary we have evidence that the laptop searches conducted by the Customs and Border Protection (CBP) service have become a subject of concern at the highest levels of the U.S. government. This, in general, is good news. Some of the senators most concerned with issues of constitutional and civil liberties sit on this subcommittee, e.g., Chairman Feingold himself, Senator Dianne Feinstein of California, Senator Ted Kennedy of Massachusetts (now, of course, at home recovering from brain surgery), and Senator Arlen Spector.

The committee's website does not yet disclose the names of the witnesses to be heard, but we can assume there will be witnesses from the Electronic Frontier Foundation and the Association of Corporate Travel Executives, both of which appeared as amici curiae in the U.S. v. Arnold case (see preceding post on this blog) in opposition to the position of the government that the CBP does not need a reasonable suspicion to search a laptop at the border, together with witnesses from the relevant governmental agencies. One must hope that the hearing will give the public its first opportunity to learn about the policies and practices of the CBP concerning laptop searches and the frequency with which they are being conducted.