EFF: Harvard Student’s Deportation Raises Concerns About Border Device Searches and Social Media Surveillance

Harvard Student’s Deportation Raises Concerns About Border Device Searches and Social Media Surveillance

Media outlets reported this week that an international student at Harvard University was deported back to Lebanon after border agents in Boston searched his electronic devices and confronted him about his friends’ social media posts. These allegations raise serious concerns about whether the government is following its own policies regarding border searches of electronic devices, and the constitutionality of these searches and of social media surveillance by the government.

As the Harvard Crimson reported, Ismail Ajjawi alleges that after he arrived at Logan International Airport, U.S. Customs and Border Protection (CBP) officers subjected him to hours of questioning, including about his religious practices. Officers also had him unlock his cell phone and laptop, and took the devices out of his sight for approximately five hours. A CBP officer ultimately confronted Ajjawi about political posts that his friends had made on social media, cancelled his visa, and denied his admission to the United States.

How Did CBP Officers Gain Access to Ajjawi’s Friends’ Social Media Posts?

CBP’s policy on border searches of electronic devices expressly prohibits officers from accessing data stored in the cloud, that is, “stored remotely” (see § 5.1.2 [.pdf]). Before searching a device, border agents must put the device into “airplane mode” or otherwise disable Internet connectivity. CBP should confirm whether officers disconnected Ajjawi’s cell phone from the Internet.

If not and the officers perused his social media apps with Internet connectivity, this was a flagrant violation of CBP policy. This would provide officers with the limitless ability to search Ajjawi’s social media information, including his own posts, group memberships, and “friend” lists, as well as his friends’ posts, profiles, and group memberships, and other information—including social media posts that are blocked from public view by privacy settings. As we know from a 2018 Department of Homeland Security Inspector General report [.pdf], evidence suggests that CBP officers have a history of failing to disable a device’s data connectivity.

Even if CBP officers placed Ajjawi’s device in airplane mode, it is possible that they were able to open his social media apps and view cached content within the apps—content that is temporarily copied from a company’s servers and reflects the last time an app’s feed was updated. This could have disclosed a limited—but nevertheless revealing—amount of information about who his “friends” are and what they recently posted—again, including non-public posts. If CBP officers viewed cached content on Ajjawi’s device, this is a striking example of how even a limited amount of information can lead to CBP making judgments about someone’s social media activity and ultimately their admissibility. In our travel guide, we urge travelers to take steps to minimize cached content in apps and browsers before crossing the U.S. border.

Warrantless, Suspicionless Border Searches of Electronic Devices Violate Privacy and Free Speech Rights

Apart from whether CBP officers violated their agency’s policy, the search of Ajjawi’s electronic devices is yet one more example of why we continue to argue that warrantless, suspicionless border searches of electronic devices are unconstitutional given the significant intrusion into privacy and free speech.

The problem of border agents having unfettered access to travelers’ devices is growing. Last year, CBP conducted over 33,000 border searches of electronic devices, up from just over 5,000 searches six years prior. EFF has a pending lawsuit, Alasaad v. Nielsen, that challenges the constitutionality of warrantless, suspicionless border searches of electronic devices.

We argue that warrantless, suspicionless border searches of electronic devices violate the Fourth Amendment, given the vast amounts of highly personal information these searches can yield. We also argue that these searches violate First Amendment rights, including the right to have your relationships and associations remain private—whether they are reflected in your contact lists, call logs, text messages and emails, or social media.

As Ajjawi alleges, not only did officers probe into his relationships and associations, but also based his admissibility determination on the posts of his social media contacts, which is particularly attenuated and contrary to freedom of speech.

The Federal Government Is Engaging in a Broad Campaign of Social Media Surveillance

The search of Ajjawi’s social media information via his devices should be also considered within the context of the federal government engaging in a broader campaign of social media surveillance.

Since 2016, EFF has criticized the Department of Homeland Security and other federal agencies for unveiling plans to collect social media information from various visitors and immigrants to the U.S., including travelers from visa waiver countries, Chinese students, and supposedly “suspicious” visa applicants. Most recently, the State Department implemented a rule requiring virtually all visa applicants to disclose their social media identifiers.

EFF also expressed free speech and privacy concerns about CBP’s latest plan to engage in social media surveillance for situational awareness. Even when the government monitors public posts, this can have a chilling effect on people, causing them to self-censor their expressive activities. And privacy is violated when the government connects via fake profiles—that is, those that are not identified as belonging to the government—with individuals who have non-public accounts.

The government claims that social media surveillance is necessary to identify threats, but evidence shows that such vetting is not effective, in part because both human and automated review often fail to understand slang, jokes, or context.

We call on CBP to explain the justification behind cancelling Ajjawi’s visa and disclose whether they violated their own policy prohibiting the accessing of cloud content. Transparency is crucial because, ultimately, Ajjawi’s border searches of his electronic devices and subsequent visa revocation create a ripple effect that impacts far more than just him. News of such invasive searches quickly spreads and affects other potential travelers, which could lead to mass self-censorship or cause potential visitors to forego travel to the United States altogether—which in turn harms their American classmates, colleagues, and family members.


Comments

Popular posts from this blog

EFF: No Digital Surveillance of Iranians at the U.S. Border—or Within the U.S.

EFF: Corporate Speech Police Are Not the Answer to Online Hate

Living on the (IT) Edge: Schneider Electric at HPE Discover 2018