Homeland Security details new tools for extracting device data at US borders

Homeland Security details new tools for extracting device data at US borders. The agency says it can now obtain details including your phone’s location history, social media information, and photos and videos.

Alfred Ng

Aug. 10, 2020 1:08 p.m. PT


Travelers heading to the US have many reasons to be cautious about their devices when it comes to privacy. A report released Thursday from the Department of Homeland Security provides even more cause for concern about how much data border patrol agents can pull from your phones and computers.

In a Privacy Impact Assessment dated July 30, the DHS detailed its US Border Patrol Digital Forensics program, specifically for its development of tools to collect data from electronic devices. For years, DHS and border agents were allowed to search devices without a warrant, until a court found the practice unconstitutional in November 2019.

In 2018, the agency searched more than 33,000 devices, compared to 30,200 searches in 2017 and just 4,764 searches in 2015. Civil rights advocates have argued against this kind of surveillance, saying it violates people’s privacy rights.

The report highlights the DHS’ capabilities, and shows that agents can create an exact copy of data on devices when travelers cross the border. According to the DHS, extracted data from devices can include:

·      Contacts

·      Call logs/details

·      IP addresses used by the device

·      Calendar events

·      GPS locations used by the device

·      Emails

·      Social media information

·      Cell site information

·      Phone numbers

·      Videos and pictures

·      Account information (user names and aliases)

·      Text/chat messages

·      Financial accounts and transactions

·      Location history

·      Browser bookmarks

·      Notes

·      Network information

·      Tasks list

The agency didn’t respond to a request for comment. The policy to retain this data for 75 years still remains, according to the report.

That data is extracted and saved on the DHS’ local digital forensics network, and transferred to PenLink, a phone surveillance software that helps manage metadata taken from devices. The company is used by police across the US to intercept text messages, phone calls and GPS data from devices.
But it also analyzes data from social media and tech platforms, according to its website.

On its free trial offer, PenLink tells potential customers that it can map collected data including Snapchat geolocations, Facebook logged locations and Google’s geofenced data. The company didn’t respond to a request for comment.

“USBP uses the information it gathers using these tools to develop leads, identify trends associated with illicit activity, and further law enforcement actions related to terrorism, human and narcotic smuggling, and other activities posing a threat to border security or national security or indicative of criminal activity,” the DHS report stated.

HOW MUCH information your phone can give about you

The detailed list of how much information your phone can give about you came several days before the National Security Agency advised its staffers of the best practices for keeping their device data private. They include turning off location services and advertising permissions, and deactivating Bluetooth and Wi-Fi.

The DHS said the privacy risks of using the tools are low because only trained forensics technicians will have access to the tools, and only data relevant to investigations will be extracted.

That assurance is in stark contrast from what lawyers from the American Civil Liberties Union and the Electronic Frontier Foundation found, after a lawsuit revealed that agents had searched through travelers’ devices without any restrictions, and often for unrelated reasons like enforcing bankruptcy laws and helping outside investigations.

CBP Privacy Impact Assessment Says It Can Pull All Sorts Of Data And Communications From Peoples’ Devices At The Border


Leave a Reply

Your email address will not be published. Required fields are marked *