Friday, September 18, 2009

Laptop Seaches -- Obama's Department of Homeland Security Disappoints, Part III

Attorney-Client Privilege, Physician-Patient Privilege and the Journalist Shield Under the New Directives

Searches of laptops carried by lawyers and containing privileged information are of serious concern to lawyers and their clients, all the more so because CBP does in fact have a practice of asking intrusive questions of lawyers entering the U.S.. In a comment posted below I related a set of actual questions posed by CBP to a Canadian lawyer attempting to cross the border into the U.S. on business for his clients. The questions put by the CBP called for the lawyer to divulge privileged client information. The treatment of the attorney-client privilege in the new directives is therefore of utmost importance.

The CBP and ICE directives both provide:
Special Agents/Officers may encounter information [in the course of a border laptop search] that appears to be legal in nature, or an individual may assert that certain information is protected by the attorney-client or attorney work product privilege. (CBP 5.2.1; ICE 8.6 2) b))
The CBP directive then asserts:
Legal materials are not necessarily exempt from a border search, but they may be subject to the following special handling procedures. (CBP 5.2.1)
The ICE directive does not include this sentence. Both directives, however, then go on to provide substantially to the same effect:
If an Officer/Special Agent suspects that the content of such [document or material] may constitute evidence of a crime or otherwise pertain to a determination within the jurisdiction of ICE/CBP [then the Chief Counsel's office must be consulted]. (CBP 5.2.1; ICE 8.6.2)b))
The highlighted clause does the damage. It gives the broadest possible discretion to the officer to challenge the traveling lawyer's claim of privilege and take the matter to the next step, namely, a consultation with legal counsel for the agency. This of course entails delay and puts pressure on the lawyer to give up his claim of privilege, which may in turn violate his duty to his client, in order to continue on his way. Further, as with the rule governing the right to search the laptop itself, there is no requirement that the agent's suspicion be reasonable. So far the lawyer is in a very difficult position.

Then comes the next step: the consultation with legal counsel for CBP or ICE. How that plays out we are not told. Are lawyers from the respective legal counsel's office available 24 hours a day in diverse locations? Does such a required consultation not inevitably entail delay and unbearable inconvenience to the traveling lawyer? Once a lawyer in the agency's legal office is found what should he do? The CBP or ICE agent informs him that he has been met with a claim of privilege in the course of an attempt to search a laptop and review documents, contact information, calendar entries, etc. How can the agency lawyer react? If the CBP or ICE agent has not to this point actually seen the document or data in question he cannot state facts to the agency lawyer sufficient to support a conclusion that the claim of privilege is either well or ill founded. A conscientious agency lawyer will either have to advise that the claim of privilege must be respected or initiate some sort investigation designed to elicit more facts. A less-than-conscientious agency lawyer may be tempted to advise the agent that so long as the agent suspects something (reasonable or not) then the claim of privilege does not prevent the agent from continuing the laptop search and examining the documents or data in question. We are left here in unexplored territory of great potential danger to laptop carrying lawyers entering or leaving the U.S.

If the attorney-client privilege caused some grief to the drafters of the two directives, the physician-patient privilege and the journalist's shield troubled them not at all. The ICE directive brushes both aside by advising its officers that such claims "shall be handled in accordance with all applicable federal law and ICE policy." Whatever these may be is left to the agent to puzzle out. The ICE directive does point out, however, that although there is no federal physician-patient privilege "the inherent nature of medical information warrants special care for such records." This is a very weak form of protection to a traveling doctor and his patients. The CBP directive does not even go this far. It omits entirely the "special care" language. Both directives close their treatment of the physician-privilege and the journalist's shield by providing that "questions regarding the review of these materials" shall be referred to agency lawyers. As with the lawyer-client privilege there is no indication of what happens next.

Viewed in their best lights these provisions of the two directives can be seen as attempts to acknowledge that claims of privileges, at least lawyer-client privileges, may be asserted and may have to be respected or at least filtered through the legal offices of the respective agencies. Where the referral process leads, however, is left entirely open and is therefore likely to lead to more confusion than clarity, which will almost certainly redound to the disadvantage of the traveler.

Thursday, September 17, 2009

Laptop Seaches -- Obama's Department of Homeland Security Disappoints, Part II

The Two New Directives from Homeland Security -- Continued

One hesitates to criticize President Obama, for whom so many labored and spent mightily, on the day on which he announced the deeply significant scrapping of the Bush Administration Eastern European missile shield program. Yet, while he has moved forward on defense, Secretary Janet Napolitano has moved backward on civil liberties. It is not clear whether the two unfortunate directives announced by Napolitano on August 27 were specifically considered and approved by the President. One hopes not. A search of the White House website discloses no reference to the DHS directives.

Encryption and The Fifth Amendment Privilege Against Self-Incrimination

In the one reported laptop search case dealing with the Fifth Amendment, In re Boucher, on an odd set of facts, the court upheld Boucher's refusal to give up the password to his PGP- encrypted hard disk containing pornographic photos. At the border Boucher had actually opened the drive, but without revealing his password. The agent saw the rather disgusting pornographic images, but made the mistake of shutting down the laptop before seizing it. Boucher was arrested. The government agents could not later open the drive to develop the evidence so the grand jury subpoenaed Boucher in an attempt to compel him to divulge the password. Boucher refused, citing his Fifth Amendment privilege against self-incrimination, and the court sustained his objection. The government was checkmated.

It is sensible for travelers carrying privileged, confidential or personal information on their laptops to encypt their drives. (In the case of attorneys it may be not only sensible but mandatory.) At the threshold this blocks a border search if the traveler refuses to give up his password. Interestingly, the two Directives do not explicitly deal with this situation. One would have thought, after the decision in Boucher, that guidance would have been given to CBP and ICE agents on what to do when confronted by an encrypted drive and a refusal by a traveler to reveal the password to the drive. Not so.

Instead, the Directives set out a series of steps which CBP or ICE agents should take to seek the help of other federal agencies in decrypting the encrypted drive. There is no suggestion in the Directives that the agents could or should demand that the traveler himself or herself disclose the password. The Directives thus appear to accept the proposition that the Fifth Amendment privilege against self-incrimination may be invoked by a traveler as a bar to disclosure of a password to an encrypted drive, and the border agents must accept that and turn elsewhere for assistance in decryption. This is a significant, though unstated, concession in the Directives. Whoever drafted these things was not eager to draw attention to the civil liberties of targeted travelers even when compelled to respect them. [This, of course, is not the begrudging attitude toward the Constitution that one might have expected from the new administration. I think many assumed that the anti-civil-libertarian policies of the Bush administration would terminate when Obama took office. That unfortunately is proving not to be entirely true. At least not in Secretary Napolitano's shop.]

Comforting though it is to know that one may invoke the Fifth Amendment and decline to give a CBP or ICE agent the password to his/her encrypted drive or file, the traveler must reckon with the possibility that the laptop will thereupon be seized or at least detained (remember that ICE agents can do this at will) while the agents seek technical decryption help from elsewhere in the federal government. Whether they do this in fact we do not know. The traveler must take it on board in any event. He or she might face a delay at the border while the government tries to decrypt the drive or the device in question, or, more likely, the traveler will face a stand off in which the CBP or ICE agent will either give in and let the traveler proceed with his/her laptop or play hardball and seize the laptop, leaving the traveler to proceed without it. From the point of view of the rule of law, this is unexplored territory. The Obama administration and Secretary Napolitano in particular should not have put travelers in this position.

[To be continued.]

Monday, September 14, 2009

Laptop Seaches -- Obama's Department of Homeland Security Disappoints

The Two New DHS Directives

At the close of the Bush Administration the state of the law of laptop searches at the border was in an unfortunate state. In the leading case of U.S. v. Arnold the Ninth Circuit Court of Appeals had held, in effect, that laptops may be searched at the border even though the searching agent has no reasonable suspicion that the traveler is carrying illegal data on the laptop. Now, in the early months of the Obama administration, the matter has grown worse.

The objection to the Arnold decision (which has since gained in stature by virtue of the Supreme Court's refusal to review it) is that agents of the Customs and Border Protection (CBP) service and its companion Immigrations and Customs and Enforcement (ICE) branch, both agencies of the Department of Homeland Security (DHS), are subject to no rule whatsoever governing their right to search laptops of travelers entering or leaving the U.S. They have complete discretion. They may do as they please.

The Two New Directives

a. The Right to Search Laptops

On August 27 of this year Janet Napolitano, as Secretary of DHS, announced two new directives, one from CBP and one from ICE, governing laptop searches at the border. On the core question of the right of CBP and ICE to search laptops both Directives carry forward, in effect, the rule of the Arnold case, i.e., there is no limit.

The ICE Directive puts it as follows:
ICE Special Agents acting under border search authority may search, detain, seize, retain, and share electronic devices, or information contained therein, with or without individualized suspicion, consistent with the guidelines and applicable laws set forth herein. (Section 6.1, ICE Directive.)
The operative language is, of course, the infelicitous phrase "with or without individualized suspicion." This clumsy expression was not invented by DHS for this purpose but dates back at least to a 2001 opinion of Chief Justice Rehnquist in U.S. v. Knights. The phrase has been used here by ICE to mean that its agents at the border are not restrained by a rule of reasonable suspicion or any other rule whatsoever.

The CBP Directive employs the same phrase in its grant of laptop search authority to its agents:

In the course of a border search, with or without individualized suspicion,, an Officer may examine electronic devices and may review and analyze the information encountered at the border, subject to the requirements and limitations provided herein and applicable law (sic). (Section 5.1.3, CBP Directive)

Thus, on the key civil liberties question, when confronted with the need to choose between a rule of reasonable suspicion or follow Arnold and dispense with such a rule, both ICE and CBP elected to follow Arnold and adopt what is in reality a no-rule rule. The Secretary of DHS obviously approved and issued the Directives. We do not know what role the White House played in the issuance of these directives, even less do we know whether the President explicitly approved. In any event, from a civil liberties perspective, the state of the law has worsened under the new administration.

b. The Right to Seize Laptops

Although both CBP and ICE adopt the same rule governing the right to search laptops, they take different approaches to the right to seize laptops.

As quoted above, the ICE Directive specifically includes the right to seize laptops within the scope of its basic no-rule rule. ICE agents "may... retain, seize, detain and share [laptops] with or without individualized suspicion...." (ICE Directive, Section 6.1.)

The CBP Directive curiously departs from the ICE Directive. Its search rule is confined to examination, review and analysis. CBP Directive, Section 5.1.3. In a separate section the CBP agent is given the right to detain a laptop "for a brief, reasonable period of time to perform a thorough border search." CBP Directive, Section 5.3.1. Up to this point the agent is still operating under the no-rule rule. Then, in a rather casual and offhand manner, the CBP Directive suddenly subjects its agents to a rule of probable cause: "...if after reviewing the information [stored in the laptop]...there is not probable cause to seize it [the laptop must be returned]." CBP Directive, Section

Whether this language of probable cause is specifically meant to give the traveler greater protection or whether it somehow slipped through the editing process in the legal department at CBP we do not know. In any event it is an odd bit of drafting.

Any protection this probable cause rule might be thought to offer the traveler is more illusory than real, however. Who determines "probable cause?" The searching officer. What standards guide him? None are given. If the CBP agent is in doubt whether he has probable cause or not does anything prevent him from calling in an ICE agent, who has authority to seize the laptop without finding probable cause, and asking him to seize the laptop? No. If the CBP agent gets it wrong and seizes a laptop without having probable cause is there anything the traveler can do about it? No. In effect, the CBP agent can comply with this rule and seize a laptop by simply declaring that he has probable cause to do so. This is less a legal rule than a suggestion, a mere bow in the direction of legality.

Saturday, August 29, 2009

Laptop Searches -- The Disastrous End to the Arnold case

A Sad End to a Bad Decision and a Disappointing New Start by the Obama Administration

The Arnold case

In April, 2008, I commented on the Ninth Circuit's decision in United States v. Arnold holding, in effect, that laptops may be searched at the U.S. border even though the customs agent has no reasonable suspicion that the traveler in question has illegal data stored on the device. See, this link or scroll to April, 2008, below. (In this context, "laptop" includes iPhones, Blackberries, iPods, conventional mobile phones, memory sticks, external hard drives, CD's, digital cameras, and all other digital devices capable of storing information.)

Arnold thereupon petitioned the U. S. Supreme Court for a writ of certiorari, that is for review of the Ninth Circuit's decision, there being no appeal as of right to the Supreme Court in such a case.

On February 23 of this year Arnold's legal counsel was notified by the Supreme Court that Arnold's petition for a writ of certiorari had been denied. Two days later Michael Arnold committed suicide. See the Declaration of Marilyn E. Bednarski in support of her motion to de-publish the Ninth Circuit decision following Mr. Arnold's death (the motion was denied). See also, the Wikipedia article on the Arnold case.

The case and Mr. Arnold's life thereby came to an end, but the regrettable law created by the Ninth Circuit in Mr. Arnold's case lives on and is now the leading opinion in the law of border searches of laptops. As a result, at the U.S. border the Fourth Amendment prohibition of unreasonable searches and seizures, the former rule of reasonable suspicion, and all other rules regulating or restraining the suspicions, curiosities, prejudices and whimsies of customs agents are nullified and the Customs and Border Protection (CBP) service and its companion agency, the U.S. Immigration and Customs Enforcement (ICE) branch, may search whatever laptops they please, whenever they please and for whatever reasons they please, or for no reason at all. It is open season on your laptop at the U.S. border.

In this context it is well to remember what the CBP itself says on its website about how it decides who to search:
Please be aware, some of CBP's biggest seizures have come from inspections of "respectable looking" people, such as grandmothers, corporate executives, college professors, etc. Everyone is subject to a CBP inspection when they arrive in the U.S.
If our grandmothers are at risk of having their laptops searched, then so are the rest of us.

The Feinberg Senate Committee Hearings

On June 25, 2008, the Subcommittee on the Constitution, Civil Rights and Property Rights of the Senate Judiciary Committee, chaired by Senator Russ Feingold of Wisconsin, held a hearing on "Laptop Searches and Other Violation of Privacy Faced by Americans Returning from Overseas Travel."

A balanced panel of witnesses said predictable things pro and con about the CBP's border laptop search policies and practices, few of the committee members bothered to attend the hearing and the Department of Homeland Security, under whose umbrella the CBP and the ICE reside, boycotted the hearing altogether and refused to send a witness. It was well that Senator Feingold held the hearing and it may have served to raise the level of public consciousness about the issue, but the hearing itself was a non-event.

The New York Times Editorial

Following the Feingold committee hearing, on July 10, 2008, the New York Times published an important editorial captioned "The Government and Your Laptop."

The Times noted the policy of the Department of Homeland Security to routinely search laptops and had this scathing comment: These out-of-control searches trample the privacy rights of Americans, and Congress should rein them in.

The Times correctly perceived that a search of a laptop is fundamentally different from a search of a suitcase: [b]ecause of the enormous amount of private information people keep on their laptops, the searches are more akin to rifling through someone’s home and reading every letter, financial record and personal journal. Those of us who use laptops every hour of every day in our professional and private lives know exactly what the Times editorial board meant by this observation.

The Times went on to note the Arnold decision, which it characterized as "disappointing," and recommended that Congress enact legislation imposing a mandatory standard requiring that the CBP have "... a reasonable suspicion about the specific person being searched" before a laptop search is allowed.

As will be seen in the next chapter of this comment, the Times' appeal for a "reasonable suspicion" has not been heard by the Obama Department of Homeland Security.

Tuesday, June 24, 2008

Laptop Searches -- The German Computer Rights Case

The German Court Gets it Right

In a nice coincidence of timing, while observers in the U.S. were awaiting the 9th Circuit decision in U.S. v. Arnold, on February 27, 2008, the German Federal Constitutional Court (Das Bundesverfassungsgericht (BVG)) announced an historic decision in a case also involving the individual's right to privacy of personal data stored in digital form. Whereas the 9th Circuit found such data to be no more entitled to constitutional protection at the border than underwear in a suitcase, the BVG held that the general Right of Personality (for our purposes, the Right of Privacy) contained in Article 2 the German constitution (das Grundgesetz) includes the fundamental right to a guarantee of the confidentiality and integrity of IT systems.

(German cases are not cited by reference to the names of the parties, but are cited in the form, BVerfG, 1 BvR 370/07 vom 27.2.2008, which is the cite for the case in question. In the press, however, the case is referred to as the "Computer Rights" case, so we will use that name here.)

The Computer Rights case came to the BVG on a challenge by a group of private individuals to the constitutionality of a recently-enacted statute of the state of North-Rhine-Westfalia (the capital of which is Duesseldorf) enabling the state investigative agency to secretly hack into the computers of targeted individuals while they were online and search and copy data stored there. Thus, the case does not involve a non-consensual laptop border search, but involves instead a non-consensual online computer search. German legal counsel, consulted in connection with this post, are of the opinion that the Computer Rights case would apply to a laptop border search.

And while the 9th Circuit in U.S. v. Arnold relieved the government of the necessity of meeting any legal standard whatsoever as a prerequisite to a border search of a laptop, the NRW statute did at least contain a "reason to believe it may be helpful" standard. Nevertheless, the BVG said this was too broad and articulated a higher standard: a secret infiltration of an individual's IT system by means of which the system can be observed and its storage media read is only constitutionally permissible when grounds exist in fact which show a danger to an important legally-protected interest such as the safety, life and liberty of persons or the fundamental principals or existence of the state. And, further, the exercise of such a secret IT system search is subject to judicial oversight.

It is notable also that in its opinion the BVG used the generic term "IT system" rather than specific term "computer," evidencing the court's intention that its decision should have broad application over the entire realm of digital devices and networks.

The BVT reached these results only after an exhaustive, painstaking and detailed examination of the nature of data stored on computers in the present age. The court's review is akin to that conducted by Judge Pregerson in the U.S. District Court in U.S. v. Arnold and which Judge O'Scannlain conspicuously did not do in the 9th Circuit.

In particular, the BVG recognized that people store on their computers their most personal data, including private correspondence, photographs, sound files, etc., which contain detailed information about the relationships and conduct of the individual's life, which if obtained and disclosed can enable the government or third parties to build an extensive picture of that individual's behavior and communications. Furthermore, the secret capture of such data from the computer of one person damages third parties with whom the targeted individual has had communication, which third parties then find their own privacy violated even though they are not targets of an investigation. This in turn impinges upon the general freedom of the citizenry, who now must fear surveillance and therefore find themselves inhibited in their digital communications and relationships with their fellow human beings. In U.S. constitutional law terms, warrantless searches of laptops can have a chilling effect upon free speech.

The BVG thus developed an incisive understanding of the extent of private data now stored by the population in their "IT systems" and a realistic, even street-wise, appreciation of how that information can be in fact be used by agents of the government once it has been captured. It then concluded that the rights of individuals to be secure in the privacy of their digitally stored data were so important they were entitled to constitutional protection, and, there being no exact constitutional provision covering such "computer rights," the court fashioned a new constitutional Computer Right.

Would that the 9th Circuit had taken the same pains and worked conscientiously through the emerging privacy issues of the present digital age and come to a better appreciation that the rights of traveling citizens to privacy of their stored data deserve protection even at the border unless the CBP has at least a reasonable suspicion that illegal data may be stored on the traveler's laptop, and even that is a preciously loose standard. As U.S. law develops and as other circuit courts, and ultimately the U.S. Supreme Court, consider the problem they would do well to follow the lead of the Bundesverfassungsgericht.

Sunday, June 22, 2008

Laptop Searches -- Two Disturbing Case Studies, Part II

As reported by Lynnley Browning in the New York Times UBS finds itself in the middle of a sensational IRS investigation into the conduct of its private banking division and its U.S. clients. The bank is accused of advising, aiding and abetting evasion of U.S. taxes by wealthy U.S. clients. The bank is under pressure from the Department of Justice to turn over the names of no less than 20,000 U.S. clients of UBS. It is hard to imagine a worse nightmare for the venerable Swiss bank.

According to the Times report, one Bradley Birkenfeld, an American citizen and a former senior UBS private banker, has pleaded guilty in Ft. Lauderdale, Florida, to abetting tax evasion by U.S. clients of UBS. Birkenfeld has apparently submitted a statement of facts to the federal prosecutors describing, among other almost comical practices, smuggling a client's diamonds into the U.S. in a toothpaste tube, urging his clients to destroy offshore banking records, recommending the use of Swiss credit cards not discoverable by the IRS and recommending the characterization of withdrawals from clients' Swiss accounts as loans rather than withdrawals of the clients' own funds. In the words of one of Birkenfeld's former clients, "He's going to sing like a parakeet."

In the face of these astonishing disclosures UBS is understandably getting nervous about travel by its private bankers to and from the U.S. According to one report UBS has advised some of its U.S. clients to travel to Switzerland if they wish to confer with their advisers. The bank has taken the further prudent step of advising its private bankers not to travel to the U.S according to the Financial Times.

We do not know but we can assume that UBS has also advised its private bankers never to travel to the U.S. carrying laptops. It would be a simple matter for the IRS and the SEC to identify the entire UBS private banking staff, input their names to the IBIS databank, notify the CBP that when any of the names in the databank appear at the border they are to targeted for further examination including, in particular, search of their laptops, Blackberries and other digital storage media. As we know (see the prior posts to this blog) on the present state of U.S. law the U.S. border is not only a privacy-free zone it is a Constitution-free zone and the CBP need show no legal basis whatsoever for a laptop search other than the presence of the traveler at the U.S. border.

We can only speculate about the kinds of data stored on UBS laptops, but the IRS and the SEC do not need to speculate, they have the right to go in and find out. Whether this is a proper result of the CBP's right to engage in warrantless laptop searches at the border is a question that we hope will be addressed in the U.S. Senate Constitution Subcommittee hearings on June 25.

Laptop Searches -- Two Disturbing Case Studies, Part I

To appreciate the power and potential of warrantless laptop searches at U.S. borders as investigative tools, consider the following two cases, both of which are true cases, one is currently in the daily news and the other was related to me by the attorney in question:


Attorney Z is a partner in a prominent Toronto commercial law firm. His practice includes giving advice and support to business clients around the world wishing to immigrate to Canada. He travels frequently to foreign destinations, including the U.S., to meet with his clients. He visits the U.S. frequently because it is convenient and many of his clients also travel there on business or are residing there on short term visas.

When traveling to the U.S. attorney Z is “pre-cleared” in Canada by the U.S. Customs and Border Protection service (CBP). This means he must present his credentials to the CBP agents, answer their questions and supply the information they request or he will not be allowed to board his plane for the U.S. On a recent trip to the U.S. he was questioned during pre-clearance along the following lines:

Q. What is your occupation?

A. I am a lawyer.

Q. What is your field?

A. Immigration

Q. Why are you traveling to the U.S. today?

A. To meet with clients.

Q. Where are they located?

A. New York city.

Q. What are their names and addresses?

A. [Answer unknown]

Q. Are your clients in the U.S. legally, and if so on what kind of visas?

A. [Answer unknown]

Q. What is the nature of your business with these clients on this trip?

A. [Answer unknown]

Q. How much are you being paid for representing these clients?

A. [Answer unknown]

Just consider now the position in which this puts Attorney Z. He is being asked to divulge confidential attorney-client information. That information, in the hands of the U.S. government, could be detrimental to his clients -- suppose, for example, they are in the U.S. illegally, having overstayed their visas. Attorney Z has a professional duty not to reveal privileged attorney-client information whether detrimental or not. He also has a duty not to aid and abet violations of U.S. law. So what can Attorney Z do? If he answers truthfully he is violating his duty to his clients and possibly exposing himself to criminal charges under U.S. law. If he lies to the CBP agent he commits a federal crime. If he refuses to answer, invoking the attorney-client privilege or otherwise, he may be denied entry to the U.S. and his business trip will fail.

[For the purpose of this post I will skip over the question of whose attorney-client privilege law applies to Attorney Z, the U.S.'s or Canada's, but the question lurks.]

I hope it will come as a shock to the reader, as it did to me, to learn that CBP is asking such intrusive and improper questions of a lawyer traveling to the U.S. on business. Clearly the CBP is doing more here than simply checking the credentials of an inbound traveler. It should not be relevant, e.g., to any legitimate border inquiry to determine how much a Canadian lawyer is being paid by his clients. With this kind of examination the CBP is using the pre-clearance procedure as a general investigative tool.

Now consider the unrestricted laptop search as an additional tool in the hands of the CBP in connection with the examination of a traveler such as Attorney Z. If Attorney Z gives the CBP agent sufficient information on his clients or his business to create suspicion or excite interest in further inquiry, or if Attorney Z declines to answer the agent's questions, then the next step for the CBP agent is to search his laptop. The decisions of the Fourth and Ninth Circuits in Ickes and Arnold give the CBP agent an unrestricted right to require Attorney Z to boot his laptop and then to stand aside while the agent, and perhaps an ICE (U.S. Immigrations and Customs Enforcement) team, conduct a search of the files on his hard disk. If Attorney Z is like most traveling attorneys he will in fact be carrying a laptop and it will not be encrypted, either in whole or in part, or, even if it is, Attorney Z may feel it the better part of discretion to enter the passwords or encryptions keys or to divulge them to the agent. (See the discussion of the encryption dilemma on Jennifer Granick's blog on the EFF website.) The CBP will therefore readily discover the names of his clients, his correspondence with his clients, the documents involved in the matter he is handling for the clients and the his fee agreement with his clients. [In the actual case Attorney Z was carrying a laptop but it was not searched -- he dodged the Black Swan on that trip.]

For another account of the actual experience of a Canadian traveler whose laptop was searched at the U.S. border, apparently at random, see the article "Illegal Downloads -- New Concern for Cross-Border Travelers."