For almost nine years, Haitao Xiang, a Chinese national and U.S. resident, had worked for Monsanto, Co in St. Louis as a research application engineer specializing in hyperspectral imaging technology. As with most jobs of this type, Xiang had signed a non-disclosure and confidentiality agreement with his employer, agreeing not to take or use any of Monsanto’s trade secrets. When Monsanto became suspicious about Xiang’s Google searches and the fact that he had sent packets of information to a Monsanto competitor in China, they confronted him. Ultimately, Xiang quit his job and was returning to China through Chicago. His now former employer, concerned that Xiang had taken trade secrets, coordinated with U.S. Customs and Border Protection (CBP) officials, who put Xiang on a “Record Lookout,” triggering an intensive border search when he sought to leave the country pursuant to CBP policy.
When Xiang sought to leave O’Hare, the CBP officials seized his cell phone, laptop computer, SD card, and SIM card while Xiang boarded his flight and left. CBP shipped the seized electronic materials to St. Louis, where they could be examined both by law enforcement officials and Monsanto officials there. Ultimately, Xiang was charged with (and provisionally plead guilty to) a violation of the federal criminal trade secret law – The Economic Espionage Act.
On May 5, 2023, the United States Court of Appeals for the Eighth Circuit ruled that the border patrol officials were within their authority, under the so-called “border search” doctrine to seize Xiang’s computers and devices, and ship them off for later imaging and a detailed inspection.
Border Searches
Anyone who has traveled internationally is familiar with the concept of a border search. Whether you are departing or arriving, if you are traveling internationally, the government has the right to inspect you, your carry-on bags and your checked baggage as part of its power to enforce the customs and immigration laws. They can look for illicit plants, drugs, child pornography, or anything that is illegal to import or export. They can also enforce the laws on importation or export of monetary instruments, cash, etc.
Increasingly, however, CBP and other government agencies have been attempting to use the border security’s authority to search not simply to enforce the export/import laws, but also to collect evidence for a broad range of criminal cases due to the relaxed rules of search and seizure at the border.
In Riley v. California, the Supreme Court invalidated a general search of a suspect’s cell phone as a “search incident” to a lawful arrest. The court found that a search of a cellphone, with the potential for containing massive amounts of personal data, was fundamentally different from a search of a briefcase, backpack, or jeans pocket, requiring a warrant for police to search the contents of a cellphone incident to an arrest. CBP adopted a border search protocol which allowed it to conduct a cursory review of electronic devices at the border, and:
“[I]n instances in which there is reasonable suspicion of activity in violation of the laws enforced or administered by CBP, or in which there is a national security concern, and with supervisory approval at the Grade 14 level or higher (or a manager with comparable responsibilities), a [Border Patrol] Officer may perform an advanced search of an electronic device.”
The difference between an ordinary and advanced search for electronic devices is similar to the difference between an agent asking you to open your luggage for inspection and them conducting a full cavity search for electronic devices. With an advanced search, the border agents can have the entirety of the contents of your devices forensically imaged and shipped for later analysis, inspection, review and, critically, dissemination to other agencies. That’s the kind of search CBP conducted with Mr. Xiang based on “national security” concerns.
Purpose for the Search
In theory, the reason there is a “border search” doctrine is to protect the border. In fact, the CBP policy expressly states that the search can only be conducted when there is a reasonable suspicion of a violation not of all laws or any laws, but of the laws enforced by CBP (or a national security concern). In fact, other courts like the Ninth US Circuit Court and the Fourth Circuit Court have held that the purpose of border searches, and the reason they are reasonable, is to enforce import/export laws and not for “general law enforcement purposes.” However, in the case of Mr. Xiang, the Eighth Circuit joined the Second Circuit in finding that the border agents can use their border search authority to search for and seize evidence of any criminal violation.
What’s the Significance?
The 8th Circuit found the search to be reasonable even though it was “extended” and intrusive under the border search doctrine. Under its doctrine, as long as any CBP official has any reason to believe that there is a violation of any law, they may conduct an invasive search and imaging of the device. Furthermore, there is no restriction on the sharing of the results of that search.
So, if the State of Ohio suspects you are shortchanging their taxing authority but they don’t have enough information to get a warrant, they can wait until you travel from Toledo to Windsor, and alert CBP to seize your computer without a warrant. Moreover, the border search exception applies not only to searches conducted at the actual border but also to those conducted within a “functional equivalent” of the border, such as international airports, as well as within a “reasonable distance” of the border, defined by federal regulations as 100 air miles. This means that cities like Cleveland, Akron, and even Columbus are considered to be on the “border” and that CBP can demand people in those cities to hand over their laptops and cell phones upon suspicion of any crime , whether they are traveling internationally or not. It also means that CBP can use the “border search” doctrine as a pretext to conduct a search when any other agency wants to examine your computer. No warrant. No court order. Just a seizure at the “border.” In other cases, federal courts have rejected arguments that the government must show some suspicion that the electronic device contains actual contraband (something that is illegal to transport, like digital child porn) as distinguished from containing evidence of some crime.
This ruling paves the way for a range of pretext border searches as far as 100 miles from the border, allowing anyone’s electronic devices to be searched without a warrant, as long as there is suspicion that the device contains evidence related to the commission of a crime. Additionally, the results of the search can be shared with other agencies, intelligence agencies, or foreign agencies.
Conclusion
Under the rationale of this case, the government could use the fact that someone is traveling across a border (entering or leaving the US) as a pretext to conduct an invasive search of the contents of their electronic devices, even in situations where there is no warrant or probable cause to conduct the search. Using the relaxed rules applicable at the border (one might say where there are no rules) the contents of the phone, iPad or laptop can be shipped off to a remote site, imaged and analyzed, and shared with any government agency – irrespective of whether this has anything at all to do with protecting the borders.
For travelers, this means that the contents of your electronic devices are not secure. A good approach is to have every electronic device encrypted with both biometric and password based encryption, or better yet, have a password that is held by some third party. An alternative is to have a “throwaway” computer – like a Chromebook – that contains no data whatsoever. It’s safe to assume that if you travel, your devices do too, and all of you are subject to search.
For further information regarding the information provided in the article, please contact KJK’s Cyber Security, Data Breach and Privacy Chair, Mark Rasch (MDR@kjk.com; 301.547.6925) or another member within the practice group.