According to a report by Zack Whittaker on TechCrunch, security researcher, and blogger Sam Curry “was taken into secondary inspection by U.S. federal agents on September 15 after returning from a trip to Japan. Curry said agents with the Internal Revenue Service’s Criminal Investigation (IRS-CI) unit and the Department of Homeland Security questioned him at Dulles International Airport in Washington DC about a ‘high profile phishing campaign,’ searched his unlocked phone, and served him with a grand jury subpoena to testify in New York the week after.”
How did this happen, and what recourse do you have if you are similarly searched?
Sadly, the used of (entirely unrelated) international travel as a pretext for searches of electronic devices and data, including searches or researchers and journalists, is not new.
A TECS Lookout can be used by the DHS or other Federal agencies to flag, watch for, and intercept any “person of interest” whenever they take an international flight to or from the US, regardless of whether there is probable cause for a search warrant. A TECS Lookout can be set at the request of any Federal law enforcement agency, for any reason. It’s also no surprise that this loophole for pretextual searches is being used by IRS agents: As we have noted previously, it’s described in detail in the section of the IRS’s manual on techniques for “Locating Taxpayers and their Assets”.
Mr. Curry reportedly said he was later told that the copies of data seized from his phone by Federal agents had been deleted, and the subpoena was withdrawn. But it also appears that, as a blogger, his data was protected from seizure by the Privacy Protection Act, which provides greater protection for many travelers’ data than most other forms of privilege. If Mr. Curry had known to assert his status and rights under the Privacy Protection Act, he would probably be entitled to damages from the agents who searched and seized his data.