Years ago, while flying around the country on a family trip, we landed in the Denver airport. This was well after 9-11, but airport security forces were still testing the waters to see just how much they could get away with in the name of anti-terrorism. Even though everyone in the departure area had already gone through the metal detectors, right before they were to board the plane to our next destination, some people were pulled aside, seemingly at random, for further scrutiny. These were the days when you couldn’t even carry a pair of nail clippers onto a plane.
There, in front of everyone else, elderly grandmas and little children were scanned with hand-held metal detectors, subjected to humiliating body pat-downs and forced to remove their shoes. Other, truly creepy-looking folks were allowed to board the plane unhindered. As we sat watching this ugly procedure, a pattern began to emerge. The searches weren’t random at all. Instead, every fifth person in line was targeted. To test our observations, we counted, got in line, and made sure that none of us would be number five. Sure enough, we passed onto the plane without being searched. It made the entire “security” procedure look very arbitrary, cheap and pointless.
Fast forward to 2008. While I still can’t carry my Leatherman multi-tool on a plane (because of its dangerous 3-inch knife blade), matches, cigarette lighters and nail clippers are now allowed. Even 12-inch long knitting needles are allowed. Strange, but true. However, the U.S. Customs and Border Protection (CBP) agency has been focusing on a new class of dangerous terrorist weapons that may be entering the United States: the data and information stored in cell phones, iPods and laptop computers.
Yes, you read that sentence correctly. It’s not necessarily the devices themselves that CBP wants; it’s the information stored in those devices. The CBP has, without probable cause or reasonable suspicion, been inspecting, copying the data contents of and, in some cases, confiscating data devices such as laptop computers belonging to people entering or returning to this country. This craziness has been forced on U.S. citizens and foreigners alike. Of course, no terrorists have been caught and no weapons have been intercepted using these methods. Instead, travelers have been terrorized by CBP’s unreasonable searches and seizures.
Validating these oppressive tactics is a recent decision by the Ninth U.S. Circuit Court of Appeals, which ruled that CBP does not need to provide any reason whatsoever if they decide to copy the contents of your cell phone directory or laptop computer. This is very bad news for business travelers, whose computers and cell phones often contain very sensitive information, such as customer databases, internal company documents, health care information, business plans and private financial files.
Things get especially weird in light of federal and corporate information security rules. Many people whose computers contain sensitive information are subject to rules requiring that this information be encrypted to protect it from thieves and other prying eyes. Corporate couriers often transport encrypted computer hard drives and other storage devices from one business location to another, and they themselves do not know any of the passwords or encryption keys needed to read the data. People that are discovered to have protected information on their laptop computers run the risk of being subjected to lengthy interrogations, missing their airline flights, having their computers confiscated, or worse.
This makes me wonder about my future travel plans in August to attend the annual Defcon computer security conference in Las Vegas. What will happen the day after the conference, when 5000 laptop-toting geeks with encrypted hard drives all show up at the airport to leave town? I may end up hitchhiking home.