Privacy News Border Agents are Copying Travelers’ Data, Leaving it on USB Drives

upnorth

Level 68
Thread author
Verified
Top Poster
Malware Hunter
Well-known
Jul 27, 2015
5,458
Are you one of the travelers to the US who’ve been stopped, questioned, and required to hand over your electronic devices for search? Our apologies: there’s a good chance that we still have your data kicking around on a USB drive. Somewhere. Maybe. Unless we lost it, I guess.

The Office of Inspector General issued a report, published on the Department of Homeland Security (DHS) website earlier this week, that details how well US Customs and Border Protection (CBP) agents have been following standard operating procedures for searching travelers’ electronic devices, as authorized by the Trade Facilitation and Trade Enforcement Act of 2015 (TFTEA). The findings: not so great. CBP agents are allowed to carry out warrantless device searches at all 328 ports of entries in the US: they’re allowed to manually – i.e., visually – inspect travelers’ phones, laptops, tablets, thumb drives or other electronic devices as they look for content related to terrorism, child abuse imagery, or other material that smells of the criminal. Beyond that, in a pilot program launched in 2007 in 67 ports, they’re also allowed to copy device data onto a USB thumb drive and upload it on a platform called an Automated Targeting System (ATS) so they can carry out more complex searches on travelers’ data. The OIG found quite a few standard operating procedure (SOP) SNAFUs besides the unwiped drives, and they’re laying the blame on the CBP’s Office of Field Operations (OFO), which handles training manuals and conducts training sessions.

One SOP that’s unfortunately not all that standard: agents aren’t always turning off the internet access of the devices they search. That’s a no-no, since search is supposed to be restricted to only the data that’s physically on the device, not information stored on a remote server who knows where. In fact, even after an April 2017 memo was issued that required documentation of network connections having been disabled prior to a search, the OIG found that more than one-third – 14 out of 40 – searches had no documentation of internet access having been turned off, leaving the results of the searches “questionable.” And that’s when the CBP could manage to carry out any searches at all: a situation that came to a grinding halt when…Oops – I forgot to renew the license for the search software! According to the report, it’s up to the OFO to manage the equipment used to search electronic devices. Well, somebody dropped the ball on that one: some manager somewhere forgot to renew the annual software license for the search equipment on time.
 
E

Eddie Morra

Agent: "Sir please give me your devices."
Man: "I don't have a phone."
Agent: "You don't have a smart-phone or a laptop?"
Man: "No, I hate those things and I think Mark Zuckerberg is evil, I don't buy into the social media rubbish."
Agent: "Sir please give me your devices."
Man: "I've just told you I do not have any, you can search me and the vehicle."
Agent: **Searches the man and the vehicle and finds nothing**
Agent: "Sir for the last time, I am warning you. Please hand over your devices."
Man: "What devices? You just searched! There aren't any!"
Agent: "Sir you're under arrest for obstruction of justice. You do not have to say anything but anything you do say may be used against you in court."
Man: "Under arrest? What? What have I done? I'm innocent! I haven't commited any crimes? Can you please tell me what I've done wrong? I'm travelling to attend a funeral..."
Agent: "Sir resisting arrest and attacking an agent of law are both illegal and come with harsh punishment!" (Pulls out the taser).
Agent: **To radio** "Backup required immediately, a criminal under arrest is resisting arrest and I feel he is a threat to me and other people around the area. He's been tasered and I am currently restraining him. Bring the cuffs."
 
  • Like
Reactions: upnorth
L

Local Host

Agent: "Sir please give me your devices."
Man: "I don't have a phone."
Agent: "You don't have a smart-phone or a laptop?"
Man: "No, I hate those things and I think Mark Zuckerberg is evil, I don't buy into the social media rubbish."
Agent: "Sir please give me your devices."
Man: "I've just told you I do not have any, you can search me and the vehicle."
Agent: **Searches the man and the vehicle and finds nothing**
Agent: "Sir for the last time, I am warning you. Please hand over your devices."
Man: "What devices? You just searched! There aren't any!"
Agent: "Sir you're under arrest for obstruction of justice. You do not have to say anything but anything you do say may be used against you in court."
Man: "Under arrest? What? What have I done? I'm innocent! I haven't commited any crimes? Can you please tell me what I've done wrong? I'm travelling to attend a funeral..."
Agent: "Sir resisting arrest and attacking an agent of law are both illegal and come with harsh punishment!" (Pulls out the taser).
Agent: **To radio** "Backup required immediately, a criminal under arrest is resisting arrest and I feel he is a threat to me and other people around the area. He's been tasered and I am currently restraining him. Bring the cuffs."
He would probably get executed (shot) in the end on top, if I went USA after reading this article you can be sure I would leave all my devices behind. :coffee:

Nothing to hide, but I don't need others looking through my personal life and work, USA already checks your FB profile when you enter the country, in case you guys didn't know, good thing I don't have a FB either ;)
 

bribon77

Level 35
Verified
Top Poster
Well-known
Jul 6, 2017
2,392
Well, I think before landing the Avion you know who is who. I do not think all cases are the same. If they did not have a lot of work to verify all the devices of all the people that come to the airport.
("But just in case I would not bring my electric toothbrush"):p
 
  • Like
Reactions: upnorth

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top