CBP Officers Aren’t Deleting Data After Warrantless Device Searches, IG Says

Pedestrians crossing from Mexico into the United States at the Otay Mesa Port of Entry wait in line in San Diego.

Pedestrians crossing from Mexico into the United States at the Otay Mesa Port of Entry wait in line in San Diego. Denis Poroy/AP File Photo

An inspector general report found Border Patrol officers didn’t follow standard procedures during device searches, mostly because those procedures weren’t clearly laid out.

Customs and Border Protection officers over two years searched more than 47,400 electronic devices owned by travelers entering the U.S. but often failed to delete travelers' information from portable drives, according to an inspector general investigation.

More than 787 million travelers entered the U.S. in 2016 and 2017, and border patrol officers downloaded and searched the data on devices for approximately 0.006 percent of those travelers, known as an advanced search. The criteria for what warrants an advanced search—compared with a standard, non-tool-assisted search of a device—was redacted in the report.

The program began as a pilot in 2007 at four ports of entry and has since expanded to include 67 distinct locations. When an advanced search is deemed necessary, officers download data from the device to a portable drive—usually a thumb drive—which is then plugged into CBP’s Automated Targeting System for analysis.

During such searches, officers are required to sever any external connections so they can only review data stored on the device and must immediately delete the information from the thumb drive after transfer. The IG’s analysis showed neither procedure was being properly followed.

According to the report, these issues were largely the result of unclear or undocumented policies. For instance, the office managing the program issued a memo in April 2017 requiring officers to ensure devices are disconnected from the internet or other networks. However, CBP’s standing directive at the time did not include that requirement.

The IG reviewed 154 search reports filed before the April 2017 memo and found none of the devices were properly disconnected before being searched. Of the 40 reports filed after the April 2017 memo that were reviewed, 14 did not include documentation from the supervisor proving the device’s connections had been severed prior to the search.

An additional memo in January 2018 included stronger, clearer language concerning disconnecting devices and an October 2017 system update added a mandatory data field in the reports to verify these actions.

The audit also showed officers failed to delete travelers' information from portable drives after they uploaded them to ATS, as required. During the review, investigators found travelers’ information stored on portable drives at three of five ports of entry, creating a significant privacy and security issue.

The deletion process is part of each officer’s training, according to CBP, however, there is no official written policy, the IG found.

“Based on our physical inspection, as well as the lack of a written policy, it appears [the Office of Field Operations] has not universally implemented the requirement to delete copied information, increasing the risk of unauthorized disclosure of travelers’ data should thumb drives be lost or stolen,” the report states.

“It’s bad enough that the search happens in the first place. What’s worse is that they’re keeping the data around,” Adam Schwartz, senior staff lawyer for the Electronic Frontier Foundation, told Nextgov, noting the foundation has a lawsuit pending against CBP asserting the search of devices without a warrant violates the Constitution. “What’s alarming about this inspector general’s report is that they were supposed to be deleting the thumb drives but they’re not, which shows a failure of minimally adequate management of this data in a secure fashion.”

Beyond poor cyber hygiene and data stewardship, the failure to clear the thumb drives “reflects, overall, a system that’s not committed to the privacy of these travelers,” he said.

The IG also docked CBP for not instituting performance metrics to measure the progress of these pilots. CBP records the number of device searches at each location but does not continue to track what comes next, including whether those searches led to prosecutions or convictions, according to the IG.

“Without performance measures … OFO will not be able to determine whether the advanced searches are achieving their intended purpose or whether the use of advanced searches should be expanded to other ports of entry,” auditors wrote.

Investigators made several recommendations to clarify policies and increasing documentation requirements, as well as creating and implementing better performance metrics. CBP officials agreed with all the recommendations and outlined immediate plans of action in response.

For their part, Schwartz said EFF was heartened by the fact that the investigation took place and considers the recommendations sound. That said, the foundation would like CBP and the IG to go further.

“I would say it is good the inspector general has done this study and brought these issues to light,” he said. “But our primary reaction is concern that there are so many problems concerning how they’re gathering and storing this sensitive traveler information.”

Editor's Note: This story has been updated to clarify which CBP employees are conducting device searches.