The database’s rapid expansion and the ability of 2,700 Customs and Border Protection officers to access it without a warrant — two previously unknown details of the database — raised alarms in Congress about the government’s use of the information, much of it captured from people not suspected of any crime. . Customs and Border Protection officials told congressional staff that the data is kept for 15 years.
Details of the database were revealed Thursday in a letter to Customs and Border Protection Commissioner Chris Magnus of Senator Ron Wyden (Raw Democrat), who criticized the agency for “allowing indiscriminate theft in Americans’ private records” and called for stronger privacy protections.
These discoveries add new details to what is known about the expanded ways federal investigators use technology that many Americans may not understand or approve of.
He has managed agents from the FBI and Immigration and Customs Enforcement, another agency of the Department of Homeland Security Face recognition searches on me Millions US driver’s license photo. They eavesdropped private databases From people’s financial and utility records to find out where they live. and they have Location data elicited of license plate reader databases that can be used to keep track of places people are driving.
CBP checking people’s phones, laptops, tablets, and other electronic devices when they enter the country has long been a controversial practice that the agency has advocated as a low-impact way to track potential security threats and determine an individual’s “intentions upon entry” into the United States but reveal that thousands of clients have access to A searchable database without public oversight is a new development in what privacy advocates and some lawmakers have warned could be a violation of Americans’ Fourth Amendment rights against unreasonable searches and seizures.
CBP spokesman Lawrence “Rusty” Payne said in a statement Thursday that the agency conducts “border inspections of electronic devices in accordance with legal and regulatory authorities” and has enforced rules to ensure “inspections are exercised prudently, responsibly, and consistent with the public’s confidence.”
He said the database, known as the Automated Targeting System, is used to “further review, analyze and assess information obtained from Customs and Border Protection from electronic devices associated with important law enforcement and counterterrorism personnel” or national security concerns.
However, CBP officials declined to answer questions about how many Americans’ phone records are in the database, how many searches were conducted or how long the practice lasted, saying it did not provide additional statistics “due to law enforcement sensitivities and the implications.” on national security.”
A 2018 CBP guidance setting rules for searches said officers should only keep information about immigration, customs or “other enforcement matters” unless they had a probable cause that could justify keeping more phone contents.
One of Wyden’s assistants at the briefing this summer, however, said CBP officials said the default configuration for some searches was to download and keep all contact lists, call logs, and messages.
CBP officials keep people’s phone data in a very small portion of searches and only when “absolutely necessary,” Aaron Booker, director of CBP’s Office of Field Operations, said in an interview Thursday.
Customs and Border Protection conducted nearly 37,000 searches for passenger devices in the 12 months ending October 2021, according to the Agency dataThat year, more than 179 million people traveled through US ports of entry. The agency did not provide an exact number of devices whose contents have been uploaded to the database for long-term review.
One of Wyden’s aides said their office was told that 2,700 DHS officials had access to the data. Booker said that number is incorrect and that 5 percent of the operational workforce of 60,000 CBP employees, or 3,000 officials, are given access.
Booker said these certified officials are trained, audited and monitored, and that the level of data access is appropriate given the scale of the task. No other government agency has direct access to this data, Booker said, but officials can request the information on a case-by-case basis.
“You have to have enough working people who are able to do it right around the clock,” Booker said. We have 328 ports of entry. We work 24/7. You don’t know who will appear, where and when.”
Law enforcement agencies must show the likely cause and convince a judge to approve a search warrant before searching Americans’ phones. But courts have long granted exceptions to border authorities, allowing them to search people’s devices without a warrant or suspicion of a crime.
Customs and Border Protection officials relied on this exception to support data collection from travelers’ phones. Senators Wyden and Rand Paul (R-Kentucky) presented a law Project Last year this required border officials to obtain a warrant before searching a traveler’s device.
The CBP . directive It gives officers the authority to search and swipe through any traveler’s device using what’s known as “basic search,” and any traveler who refuses to unlock their phone for this process can confiscate it for up to five days.
in Presentation 2018A Customs and Border Protection (CBP) official said the officer could access any device, including in cases where the traveler is not suspected of doing anything wrong, and look at anything that “would normally be visible by scrolling through the phone.” manually”, including contact lists, calendar entries, messages, photos, and videos.
If officers have a “reasonable suspicion” that a traveler is breaking the law or presenting “national security concerns,” they can perform “advanced research,” linking the phone to a device that copies its contents. This data is then stored in an automated targeting system database, which CBP officials can look up at any time.
Faiza Patel, senior director of the Freedom and National Security Program at the Brennan Center for Justice, a New York think tank, said the bottom line for such searches is so low that authorities may end up getting data from “a lot of people in the world” as well as potential “bad guys,” with “Targeting them because they look a certain way or have a certain religion.”
Department of Homeland Security investigators have increasingly used analytics and machine learning tools to map relationships and behaviors from vast reserves of phone data, meaning that even people whose phones aren’t accessed can be swept up in a database search.
“It’s not just what you say or do that matters to the Department of Homeland Security, but what everyone you know says and does,” Patel said. “You might become suspicious just because someone you casually relate to says something on your schedule or it’s in the call log. … and when you have access to 2,700 people, you have very little control over the uses for which they use that information. “.
CBP guidance on device searches was issued several years later by the Federal Court of Appeals Rule That the forensic copy of the suspect’s hard drive was “essentially a computer search” and said officials’ concerns about the crime “do not justify unrestricted crime-fighting searches or the unorganized assault on the private information of citizens.”
The assistant Wyden also said that the CBP database does not require officers to record the purpose of their search, which is a common technical protection against data access misuse. CBP officials said all searches are being tracked down for later scrutiny.
Office of the Inspector General at the Department of Homeland Security He said In a 2018 report, officers did not always fully document searches on their devices, making it difficult to verify whether they were running correctly. Customs and Border Protection officials then said they would conduct closer monitoring.
But in Follow-up report Last year, the inspector general’s office said the agency continues to “challenges” in adequately managing searches for people’s phones. CBP said it was working to address these issues.
The Advanced Search programme, which began in 2007 as a project known as Document and Media Exploitation, has expanded to include more than 130 ports of entry, IGO He said in its report last year.
Over the years, CBP has forwarded information from people’s devices to Immigration and Customs Enforcement, local police agencies and the FBI for further investigation, the report said.
Customs and Border Protection officials give travelers a printed document By saying that the searches are “mandatory,” the document did not say that the data could be kept for 15 years and that thousands of administrators would have access to it.
Wyden’s aide said officers are also not required to give the document to travelers before a search, which means some travelers may not fully understand their rights to refuse a search until after they hand over their phones.
Customs and Border Protection officials did not say what technology they used to capture data from phones and laptops, but federal documents show that the agency previously used forensic tools, made by companies like Cellebrite and Grayshift, to access devices and extract their contents.
Agency leaders told Wyden’s office that a Customs and Border Protection officer conducting a search of the system would only see phone data extracted from checkpoints in their part of the country. But officers will be told that an infection has been found in data from another region, and allowed to request permission to review that data. CBP did not say how many of these types of requests were filed, granted, or denied.
Customs and Border Protection (CBP) reveals echoes of NSA program first open in 2013 by Edward Snowden, who once seized the phone records of millions of Americans as part of a surveillance initiative targeting suspected terrorists. Since officials can follow, or “jump,” from one phone records to another, the system has been found to expose the records of millions of people not suspected of any crime.
The National Security Agency program finished In 2019, he said some data was collected in error and that the system was not useful in tracking terrorists or fighting crime.