Company Laptops Subject To Search And Seizure At U.S. Borders 

(Published September 22, 2008)

 

Today's business travelers have an extra concern when flying internationally: the possibility of having their laptop computers or other electronic devices searched and seized as they re-enter the U.S. What does this mean for employers? A potential data breach nightmare.

 

Warrantless Search And Seizure Allowed 

A 9th Circuit Court ruling confirmed the right of the U.S. Customs and Border Protection Service to examine and download the electronic contents of any air traveler's laptop at will, without having reasonable cause or suspicion.

 

The traveler was a U.S. citizen returning from a trip to the Philippines and going through Customs at Los Angeles International Airport. The man was asked to turn on his laptop, and two Customs agents proceeded to open folders entitled "Kodak Pictures" and "Kodak Memories," which contained photos of nude women. After a more thorough search revealed photos of child pornography, the laptop was seized, and the traveler was arrested.

 

A district court suppressed the search, finding that it was conducted without reasonable suspicion and was unconstitutional under the Fourth Amendment's prohibition against unreasonable search and seizure. The appeals court overturned the finding, holding that reasonable suspicion was not required at the border because the laptop was akin to a closed container, thereby subject to warrantless search and seizure. (U.S. v. Arnold, No. 06-50581, 2008)

 

The Association for Corporate Travel Executives (ACTE) and the Electronic Frontier Foundation (EFF) filed an amicus brief with the court, seeking to reverse the decision. Their position: A traveler's laptop is essentially intellectual property and should not be treated the same as luggage or freight.

 

"There are serious implications here for travelers who are carrying trade secrets, reporters with sources listed in their computers, and individuals who may lose access to critical data for which there may be no copies," said ACTE Executive Director Susan Gurley in a press release. "There is also a question of economics. Some companies would be compelled to change business plans if they thought their strategies had been compromised by a laptop seizure."

 

Business travelers have complained that Customs agents who seize their equipment often do not return it promptly (if at all) or provide assurances that the data has not been unnecessarily breached, accessed by persons without appropriate authority and training, or copied and saved elsewhere. Of concern: Even if a laptop is promptly returned, agents may have copied the computer's contents by creating a mirror image of the hard drive, which contains all of the computer's memory, including deleted files and password-protected files.

 

Jayson Ahern, Deputy Commissioner, U.S. Customs and Border Protection, addressed "some questions and some misinformation" regarding the agency's policy on searches of electronic media. First, Ahern emphasized that "travelers whose laptops are searched represent a very small number of people." Second, Customs officers "are trained professionals with a defined mission, and they have neither the time nor the desire to search travelers' personal belongings for any reason other than to ensure compliance with our customs and related laws and to protect the United States…[O]fficers are subject to numerous policy restrictions regarding the retention, sharing, and scrutiny of travelers' documents and information." In fact, the agency took the "unprecedented step" of posting online a policy that would typically be reserved for internal purposes.

 

Protect Your Company's Computers  

Although a company laptop may legally be searched and seized at U.S. borders, these are some steps employers can take to minimize the disruption, based on ACTE recommendations.

 

1. Limit the amount of proprietary business data employees may carry on their laptop computers. (According to a 2008 ACTE survey, only 65% of corporate travel managers said their employers currently have such a policy in place.) Rule of thumb: Employees should not carry any information on their laptop, Blackberry®, cell phone, etc., that they (or their managers) would not want examined by third parties, including financial data, photos, and e-mail.

 

2. Have employees transmit important data (via e-mail, for example) before crossing the border, so that they still have access to it in the event their laptop is seized.

 

3. Provide traveling employees with a specially prepared, IT-sanitized travel laptop containing only the essential business information needed for the trip.

 

Related Topic(s):

Privacy Policy Guidelines - Electronic Communications, Record-Keeping Documents - Identity Theft