Sidd Bikkannavar, it should be noted, is chill.
Im not sure if its because hes from Southern CaliforniaBikkannavar was born in Pasadenaor because his side hobby, racing solar-powered vehicles, requires a certain amount of calm. Whatever the source, over the course of our 30-minute conversation about his experience being detained by US Customs and Border patrol, his voice betrays frustration only once. And its not when he admitsonly after I ask himthat this wasnt the first time.
When there are random searches, Ill often get pulled into the random search, said Bikkannavar. That doesnt offend me. I know they need to search people and if its me, its me. You know, I know I have a foreign sounding name, I know my skin is a little darker, so if it makes me more likely to be searched so be it. Ive really never taken issue with that or been offended by that.
But what happened this time, he adds, was different.
Losing His Chill
What frustrated Bikkannavar, a self-described pretty private person, enough to make him talk to the press was this: Ive now compromised the privacy of my friends, and family, colleagues, contactsanyone whose digital life kind of touched my phone.
How did Bikkannavar betray his friends and family? He left the United States. Or, to be more precise, he returned.
The same weekend that President Trump signed an executive order restricting travel from certain countries, Bikkannavar arrived at the United States border in Houston, Texas. Hed spent two weeks racing cars down in the Patagonia Region of Chile. Chile was not on the list of countries outlined in the executive order, but even if it was Bikkannavar wouldnt have automatically qualified for extra scrutiny.
To begin with, Bikkannavar is an American citizen. His father is of Indian descent, hence his name, but on his mothers side his family has lived in the United States since colonial days. In fact, his grandparents worked at the Jet Propulsion Laboratory (JPL) just like Bikkannavar does now.
When were working with spacecraft, said Bikkannavar, were working with equipment that costs maybe billions of dollars or is highly dangerous, so there is a process to make sure that we are trustworthy and safe.
JPL is part of NASA, but in addition to rocketry it does a significant amount of work for the Department of Defense. As a result, even low level employees at JPL undergo a background check invasive enough that employees once sued to stop it..
But even if Bikkannavar didnt work for JPL, theres still the fact that he forked over $100 and underwent a background check to qualify for Global Entrythe U.S. Customs and Border Protection (CBP) program that allows expedited clearance for pre-approved, low-risk travelers upon arrival in the United States.
Despite a level of vetting that some might even call extreme, Bikkannavar was still detained and placed in a holding room at Customs and Border Patrol.
There were some people asleep [in the room]. I arrived at 5am in the morning, so Im assuming that those people who were in there sleeping on the recliners and the cots had already been there stranded, said Bikkanavar. Eventually I get called into an interview room and they explain to me that because Im trying to enter the country they need to search my property to make sure that Im not bringing anything dangerous in. And they gave me a slip of paper that explains their rights to do all of this stuff.
That stuff included searching his phone. After hesitating, and explaining that the phone was his work phone, he complied.
As soon as I gave them the PIN they sort of pulled the phone back, wrote down the pin, and left with my phone, said Bikkannavar. They returned me to the waiting area with all of my luggage, and they didnt search any of that. They didnt swab it for bomb stuff, they didnt even open it. They didnt check what was in my pockets. They were only interested in the phone.
If they had gone through Bikkannavars luggage, that would have violated his privacy. But going through his phone? That violated the privacy of anyone who had texted, messaged, or otherwise contacted him since the last time hed wiped the device.
Not only is the privacy of the free speech rights of the device holder at stake, said Sophia Cope, a staff attorney with the Electronic Freedom Foundation, but also that of all of their associates.
This may include people who have never set foot near a border, people who have never set foot in this country. That its considered a privacy issue is obvioushow happy would you be to have strangers flipping through your cell phone for no reason? But its also considered a free speech issue, because many argue that theres no such thing as free speech without privacy. If your thoughts and words are closely monitored by the government, can you really consider yourself free?
Free speech and privacy are considered human rights in international law, said Cope, So theres that issue of whether or not the US is going to uphold those international principles.
Brian Turner, Flickr
Can They Do That?
If youre wondering if this is legal, youre not alone.
In theory, the fourth amendment of the US Constitution (which begins, The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures) sounds like it protects us from, well, unreasonable searches and seizures.
But the law, said Cope, is unfortunately fuzzy.
Heres whats clear: within the United States, the fourth amendment prohibits unreasonable search and seizure. Pretty much every procedural court drama gets this part right. A government entity shows up in court, presents evidence that there was probably a crime, and that searching the item in question will confirm it. If the judge thinks that the evidence supports a reasonably high chancesay 60-70 percentof criminal activity she will issue a search warrant. A warrant isnt a carte blanche though. Its particularized to the crime. If theyre searching your phone looking for a terrorist threat and discover that youve illegally downloaded the Rolling Stones entire back catalog, thats a separate issue.
But there is some wiggle room.
If a police officer sees you stuff a pile of crisply-bound $100 bills into a duffel as you run out of a bank thats sounding its alarm, thats enough probable cause to seize youi.e. arrest you. Checkpoints like the kind used to check for drunk drivers are another exception. After all, everyone gets checked whether or not the police officers suspect them of being drunk. The Supreme Court rules this is ok because the scope is narrow and its in the broader public interest.
At the border, said Cope, the Supreme Court says theres a discrete interest in protecting the welfare and the safety of our nation.
Basically, its in the national interest to make sure that we pay duties on the $3,000-dollar bottle of wine we picked up in Italy, that we dont secretly bring in seeds that pose a threat to the American farm industry or drugs and weapons that pose a risk to the American people. So the Supreme Court ruled that routine searches at the border are permitted, even without a warrant or probable cause. This decision was made, however, before we were carrying around computers, never mind ones that contain the level of information contained in a smartphone.
The problem now, said Cope, is that a piece of luggage Is nowhere near that type of personal information, sensitive information. Even if you have a diary or some sexy photos in your luggage that still does not equate to what is essentially your entire life, particularly on your smartphone.
The decision also doesnt take into consideration the fact with cell phones, its not just the person who crosses the border whose information is being searched and potentially cataloged, but anyone who has communicated with that person. Its this that compelled Bikkannavar to speak out, and a thought that should give us all pause.
Its also an act that chills speech. How freely would you speak (or text) if you knew all of your communications were being observed? You dont even have to work very hard to see the differencecompare your text and email conversations to your public social media posts.
The directive that guides U.S. Customs and Border Protection (CBP) electronic seizure rules dates back to 2009its called CBP Directive No. 3340-049. It was only released because of a Freedom of Information Act, or public disclosure request. And while lawsuits in recent years suggest that there have been policy changes, those changes have not been disclosed to the public. That makes it awfully difficult for citizens to know their rights.
In 2009, the year of CBPs publicly available guidelines, the iPhone was 2 years old. Most of us were using blackberries or a flip phone, and apps were few and mostly entertainment based. Now our phones contain personal photos, banking information, inside jokesthe shape and breadth of our lives. We are expected to entrust that informationwithout causeto a department that, according to the The New York Times, recently found that over 10 years almost 200 employees and contract workers had taken nearly $15 million dollars in bribes. In 2015 police officers found 110 pounds of cocaine in a US Border Patrol agents car. One could be rightly concerned as to what an agent might do if they had access to banking information, blackmail fodder, or proprietary info from a border crossers business life.
The policy as disclosed says that they can only searchnot copy or hold onto the deviceunless they see evidence of a crime.
But we were hearing reports at the border of CBP officers writing down like names of people from contact lists and stuff, said Cope. And in Bikkannavars case the phone was taken out of the room, making it impossible to know whether the contents were copied.
To be clear, whats happening isnt new. There are reports Customs and Border Patrol searching laptops and phones dating back to 2008. Hard data on searches is difficult to find (and PopSci will update if it becomes available), but anecdotes suggest that it is becoming more frequent.
And Cope argues that even one person is too many. Especially when you consider how many people are in your contact list.
The natural question, is how can we protect our information at the border?
Since technology, in part, created this problem, it can be tempting to turn to technology to resolve it. For example, its possible to partition a laptops hard drive to boot one way with one passcode and another way with a different one.
You have to be careful, said Scope. If there is evidence that you are lying or misleading a government agent, that is itself a crime.
At minimum, you should practice basic digital security: enable two factor authentication on your social media accounts. Disable any biometric locksfingerprint locks in particular area notoriously easy to forge, and its not hard for a CPB agent to simply press your finger against your phone to make it unlock. Enable hard disk encryption.
None of that matters, however, if you unlock your device for an agent.
American citizens traveling to the United States have the right to return. You cant be denied entry into your own country. So you can simply refuse to complythough you do risk them taking the device.
Increasingly, customs and border patrol agents have been asking peopleprimarily foreign nationalsfor the passwords to their cloud accounts. Americans dont have to comply, and Americans do have the right to an attorneybut foreign nationals have less of a choice.
Bikkannavar said that the interaction between he and the CBP agents was unfailingly polite on both sides, but the situation itself intimidating, in part, because he didnt really know his rights. So before you travel, make sure you know yours.
Cope suggests literally wiping the device before youre forced to hand it over. Or, if youre an American citizen, encrypting the device in the strongest way possible and refusing to comply. They might take the device away, but at least youll know they (probably) cant get at your information.
For those of us who travel a lot, our best option may be to use two sets of devicesone which we use in our everyday lives, and one which we use just for traveling and that we wipe each time we prepare to cross the border.
But the most important way to secure our devices isnt at the borderits with the law. Until legislators or the courts clarify the law, well all have to keep watching our devices.