Searches at airports and US borders

President Trump’s Executive Order expanding the pre-existing and ongoing #MuslimBan from foreign airports to US points of entry, by forbidding entry to the US by citizens of specified blacklisted countries,  doesn’t say anything explicit about searches or interrogation of people entering or leaving the US.

But this Executive Order seems to have been interpreted by US Customs and Border Protection officers at US borders and international airports and at “preclearance” sites abroad as giving them a green light for intensified questioning and searches (“extreme vetting”) of  travelers including searches and demands for passwords to laptops, cellphones, and other digital devices.

In response to this wave of digital harassment and snooping at airports and borders, several news outlets, civil liberties organizations, and free press and journalists’ rights organizations have posted technical and legal advisories about how journalists and ordinary travelers can protect their data when they travel.

We welcome this attention to airport and border search law, and these efforts to educate travelers.

We want to add one potentially significant law that few travelers (or CBP officers or TSA checkpoint staff) are aware of, and that isn’t mentioned in any of the advice to travelers about airport and border searches that we’ve seen recently: The Privacy Protection Act of 1980.

We’ve written about the Privacy Protection Act several times before, especially in the context of border searches of activists and journalists. But the protection offered by this law isn’t limited to journalists. Here’s an unfortunately necessarily refresher on what this law means and what you can do to take advantage of it:

What is the Privacy Protection Act? The Privacy Protection Act of 1980 is codified at Title 42 US Code, Section 2000aa, and has been implemented by Department of Justice regulations at 28 CFR § 50.10 and provisions of the US Attorneys’ Manual (which have the force of regulations) at § 9-13.400.

What does this law say? The law, regulations, and instructions to Federal officers prohibit certain searches and seizures by Federal state, or local law enforcement officers of documents, data, and the premises where these documents or data are, or are expected to be, found. They impose both substantive and procedural restrictions, including requirements for advance approval by high-level Department of Justice officials, on permissible searches and seizures.

How is this law enforced? The Privacy Protection Act creates a private right of action to sue Federal, state, or local government agencies and agents in Federal court for money damages (and attorneys’ fees) if they violate these rules. Few lawsuits have been brought under this law, probably because almost nobody knows about it.  But the right to recover damages is real. Our parent organization, the First Amendment Project, has represented an independent photojournalist in successful litigation for damages under this law.

The Privacy Protection Act isn’t just for “journalists”.  The law protects “work product materials” or other “documentary materials” that are “possessed by a person reasonably believed to have a purpose to disseminate to the public a newspaper, book, broadcast, or other similar form of public communication.” If you intend to post some of your photos or descriptions of events on social media, your documents and digital materials are covered.

The Privacy Protection Act protects digital data as well as papers. “‘Documentary materials’, as used in this chapter, means materials upon which information is recorded, and includes, but is not limited to, written or printed materials, photographs, motion picture films, negatives, video tapes, audio tapes, and other mechanically, magnetically or electronically recorded cards, tapes, or discs.”

The Privacy Protection Act protects you even at airports and international borders. There is a limited exception to the Privacy Protection Act for border and customs searches, but only for searches and seizures for a limited purpose: “in order to enforce the customs laws of the United States.” Searches and seizures at borders and international airports for any other purpose — such as to enforce immigration laws or investigate terrorist threats — are subject to the restrictions and limitations of the Privacy Protection Act. There is no exception to the Privacy Protection Act law for any other administrative searches, such as those at TSA checkpoints for domestic flights.

There are many exceptions, and exceptions to the exceptions. Read the law, the implementing regulations, and the relevant sections of the US Attorneys’ Manual. If you aren’t sure about what the law means, or what your rights are, get legal advice. (Realize that most lawyers are unaware of, and unfamiliar with, this law, but also that this blog is not legal advice.)

Giving government agents a copy of the law and telling them that you intend to distribute materials to the public might not stop a search, but might delay it or prompt officials to reconsider, consult their superiors, and/or give you a chance to consult your attorney. Or they might give up rather than bother to go through a tedious process of getting the necessary high-level approval.

Ignorance of the law is a defense.  The Privacy Protection Act only applies if the government agents searching or seizing your documents “reasonably believe” that you intend to disseminate information to the public. And, “It shall be a complete defense to a civil action … that the officer or employee had a reasonable good faith belief in the lawfulness of his conduct.”

Most law enforcement officers and other government agents have never heard of this law, and won’t know about it unless you tell them. And unless you tell them, they won’t know that you intend to post photos or descriptions of events on social media.

To protect your rights, be proactive. Don’t give government agents a chance to later plead ignorance of the law or of your status. Tell any US government agents who threaten or attempt to search or seize your papers, digital devices, or storage media that they contain work product and other documentary materials, and that you intend to disseminate some of them to the public. Refer them specifically to the Privacy Protection Act, 42 USC § 2000aa.

Consider carrying a copy of this law in your wallet and/or with your laptop, phone, and/or other devices. (You can fit this version on both sides of a single letter-sized sheet of paper.) And put a copy of this “readme” file in the root and user directories of each device. That way anyone searching any of your devices ought to be warned about the law, even if the search is conducted secretly and not in your presence.

8 Responses to “Searches at airports and US borders”

  1. Edward Hasbrouck Says:

    Privacy Protection Act stickers for your devices (or you can make your own):

    https://www.zazzle.com/collections/privacy_protection_act_stickers-119649310556286098

  2. pam Says:

    Hi Edward — do you have any more specific information for travelers to the US who are NOT citizens? Are green card holders and tourists exempt from the Privacy Protection Act?

    I’m married to a green card holder, so this is a personal concern, and I know people from the Muslim Ban nations who are worried they’ll be harassed at the border if they leave the country, worried they’ll find themselves unable to get back in. Can they also use this act as protection or are they, to use a technical term, screwed?

  3. Edward Hasbrouck Says:

    @Pam – The Privacy Protection Act protects all “persons” regardless of citizenship, residency, or legal status in the US.

    This is very different from many other US laws that only protect US citizens, and that treat freedom as a privilege of US citizenship rather than as a human right.

    However, the Privacy Protection Act may be of very little practical benefit for anyone who is not a US citizen.

    The problem for a non-US citizen (including a green card holder, business visitor, or tourist) is that if they assert their rights under the Privacy Protection Act, the government could retaliate by revoking their green card or visa and expelling them from the US.

    Collecting modest damages under the Privacy Protection Act for an illegal search or seizure probably wouldn’t be worth having your green card or visa revoked.

    It is extremely difficult for anyone to challenge the revocation of a visa or green card in US court. The US government generally argues that “aliens” have no right to enter or remain in the US, and no right to judicial review of visa or entry decisions. This is not a new argument of the Trump Administration, but a longstanding and bipartisan legal position. This was an issue in the no-fly lawsuit by Dr. Rahinah Ibrahim:

    https://hasbrouck.org/blog/archives/002099.html

    This is also an issue in the current #MuslimBan litigation:

    https://papersplease.org/wp/2017/02/16/executive-orders-lawsuits-and-the-right-to-travel/

    Some courts have held that a US-citizen spouse has a right to judicial review of decisions affecting their green card holder spouse. Similarly, states have argued in the current cases that they have a judicially cognizable interest in the ability of students and faculty at their state universities to associate and exchange ideas with foreign scholars. But those arguments for legal “standing” to challenge entry and visa decisions regarding aliens have been, and are being, contested by the Federal government.

    We are extremely interested in reports from anyone who invokes the Privacy Protection Act at an airport (domestic or international) or border, regardless of their citizenship, residency, or legal status in the US.

  4. Doug Says:

    I once saw the following sign in a curio shop:

    “Lovely to look at, delightful to hold. You break it – we mark it sold.”

    Don’t know if this would work, but before you surrender your phone, tablet, and/or laptop, ask for, and demand a receipt and a non refundable cash deposit on your property. After all, you have no assurances as to when or whether your property will be returned to you, and what condition it will be in when/if it is returned.

    If they want to copy your data (and they do) do not hand over your property or passwords without cash compensation on the spot. I’d insist on an immunity agreement, an indemnification agreement, a non disclosure agreement, and a covenant not to compete agreement, all guaranteed by the agent’s (and his supervisor’s) notarized signature on behalf of the federal government and their personal bond as well. How much is your data worth? A million dollars? Fine, let the government pay you first, and it’s theirs.

    Put simply, if the government wants something from you, insist on payment first and a waiver of any and all government claims, charges, and fees, etc. before you hand anything over. Why should you have to wait six months to a year, or more, pay attorney and court fees, just to get your property back?

  5. Edward Hasbrouck Says:

    @Doug — You can ask for whatever you like, but you won’t get it. The sole remedy under the Privacy Protection Act is to recover damages after the fact. You have the right to compensation for any “taking” of your property, but courts have not included temporary seizure in that right.

    If you are given the opportunity to sign a receipt for your property (you might or might not be provided with a receipt, and you might or might not be asked to sign that receipt), read it carefully to make sure it doesn’t falsely claim that you consented to the search. You can note above your signature that you do not consent to the search, and that the items seized contain data protected by 42 USC 2000aa. The point of this is to foreclose bogus after-the-fact claims by government agents that they were unaware of the law or unaware that the items they seized contained protected data.

    We’ve had police knock the pen out of our hand and snatch the receipt away when we tried to do this. So if you are going to try this, try to do it someplace where your attempt to annotate the receipt will be recorded by surveillance cameras, and request the recordings as soon as possible before they are deleted or recorded over.

  6. Doug Says:

    Ed-
    Many thanks for your reply. Thankfully I have not been in this situation.

    Nevertheless, I think it is important that people take the same attitude to police requests/demands as they would as if they were a counter clerk at McDonalds. You want fries, you pay for fries. You want my phone, you pay for my phone. You want my time, you pay for my time. I may not be able to stop them, but perhaps I can get paid for my loss and inconvenience.

    Best regards and many thanks for the great work you are doing.

    -Doug

  7. Papers, Please! » Blog Archive » What should you to do if you are asked for your password at a US airport or border? Says:

    […] on your phone, some of which you might post on Facebook or Twitter — or related materials, invoke your rights under the Privacy Protection Act. (Most CBP officers have probably never heard of the Privacy Protection Act, and don’t […]

  8. Edward Hasbrouck Says:

    “Digital Privacy at the U.S. Border: Protecting the Data On Your Devices and In the Cloud” (Electronic Frontier Foundation, March 9, 2017):

    https://www.eff.org/wp/digital-privacy-us-border-2017

    “Regarding the expressive materials of journalists specifically, it is clear that warrantless and suspicionless searches of digital devices at the border implicate free press rights…. [T]he Privacy Protection Act … prohibits the government from searching or seizing a journalist’s materials without probable cause that the journalist has committed a crime. 42 U.S.C. § 2000aa. While the statute exempts border searches for the purpose of enforcing the customs laws, it does not exempt border searches for other purposes. 42 U.S.C. § 2000aa-5.”

Leave a Reply