Press Releases: January 2018
Eleven Travelers in Groundbreaking Case Face Substantial Risk of Future Unconstitutional Searches
Boston, Massachusetts—The Electronic Frontier Foundation (EFF) and the American Civil Liberties Union (ACLU) urged a federal judge today to reject the Department of Homeland Security’s attempt to dismiss an important lawsuit challenging DHS’s policy of searching and confiscating, without suspicion or warrant, travelers’ electronic devices at U.S. borders.
EFF and ACLU represent 11 travelers—10 U.S. citizens and one lawful permanent resident—whose smartphones and laptops were searched without warrants at the U.S. border in a groundbreaking lawsuit filed in September. The case, Alasaad v. Nielsen, asks the court to rule that the government must have a warrant based on probable cause before conducting searches of electronic devices, which contain highly detailed personal information about people’s lives. The case also argues that the government must have probable cause to confiscate a traveler’s device.
The plaintiffs in the case include a military veteran, journalists, students, an artist, a NASA engineer, and a business owner. The government seeks dismissal, saying the plaintiffs don’t have the right to bring the lawsuit and the Fourth Amendment doesn’t apply to border searches. Both claims are wrong, the EFF and ACLU explain in a brief filed today in federal court in Boston.
First, the plaintiffs have “standing” to seek a court order to end unconstitutional border device searches because they face a substantial risk of having their devices searched again. This means they are the right parties to bring this case and should be able to proceed to the merits. Four plaintiffs already have had their devices searched multiple times.
Immigration and Customs Enforcement (ICE) policy allows border agents to search and confiscate anyone’s smartphone for any reason or for no reason at all. Customs and Border Protection (CBP) policy allows border device searches without a warrant or probable cause, and usually without even reasonable suspicion. Last year, CBP conducted more than 30,000 border device searches, more than triple the number just two years earlier.
“Our clients are travelers from all walks of life. The government policies that invaded their privacy in the past are enforced every day at airports and border crossings around the country,” said EFF Staff Attorney Sophia Cope. “Because the plaintiffs face being searched in the future, they have the right to proceed with said Cope.
Second, the plaintiffs argue that the Fourth Amendment requires border officers to get a warrant before searching a traveler’s electronic device. This follows from the Supreme Court’s 2014 decision in Riley v. California requiring that police officers get a warrant before searching an arrestee’s cell phone. The court explained that cell phones contain the “privacies of life”—a uniquely large and varied amount of highly sensitive information, including emails, photos, and medical records. This is equally true for international travelers, the vast majority of whom are not suspected of any crime. Warrantless border device searches also violate the First Amendment, because they chill freedom of speech and association by allowing the government to view people’s contacts, communications, and reading material.
“Searches of electronic devices at the border are increasing rapidly, causing greater numbers of people to have their constitutional rights violated,” said ACLU attorney Esha Bhandari. “Device searches can give border officers unfettered access to vast amounts of private information about our lives, and they are unconstitutional absent a warrant.”
Below is a full list of the plaintiffs along with links to their individual stories, which are also collected here:
- Ghassan and Nadia Alasaad are a married couple who live in Massachusetts, where he is a limousine driver and she is a nursing student.
- Suhaib Allababidi, who lives in Texas, owns and operates a business that sells security technology, including to federal government clients.
- Sidd Bikkannavar is an optical engineer for NASA’s Jet Propulsion Laboratory in California.
- Jeremy Dupin is a journalist living in Massachusetts.
- Aaron Gach is an artist living in California.
- Isma’il Kushkush is a journalist living in Virginia.
- Diane Maye is a college professor and former captain in the U. S. Air Force living in Florida.
- Zainab Merchant, from Florida, is a writer and a graduate student in international security and journalism at Harvard.
- Akram Shibly is a filmmaker living in New York.
- Matthew Wright is a computer programmer in Colorado.
For more EFF information on this case:
For more ACLU information on this case:
For more on privacy at the border:
Warrantless Border Searches of Phones, Laptops, Are Unconstitutional
San Diego, California—The Electronic Frontier Foundation (EFF) urged the U.S. Ninth Circuit Court of Appeals to further limit the government’s ability to conduct highly intrusive searches of electronic devices at the border by requiring federal agents to obtain a warrant if they want to access the contents of travelers’ phones.
“The Ninth Circuit four years ago issued an important ruling requiring officials to show they have reasonable suspicion of criminal activity to forensically search digital devices. While that was an improvement over the government’s prior practice of conducting suspicionless searches, the court didn’t go far enough,” said EFF Staff Attorney Sophia Cope. “We are now asking the Ninth Circuit to bar warrantless device searches at the border.”
“Our electronic devices contain texts, emails, photos, contact lists, work documents, and other communications that reveal intimate details of our private lives. Our privacy interests in this material is tremendous. Requiring a warrant is a critical step in making sure our Fourth Amendment protections survive into the digital age,” said Cope.
The Ninth Circuit is being asked to throw out evidence obtained through a warrantless forensic search of the defendant’s cell phone at the U.S.-Mexico border in southern California. The case, U.S. v. Cano, is a drug prosecution and the first before the Ninth Circuit since the U.S. Supreme Court ruled that because devices hold “the privacies of life,” police need a warrant to search the phones of people who are arrested.
In an amicus brief filed today in U.S. v. Cano, EFF urged the court to recognize that people traveling through our international borders deserve the same privacy protections that the Supreme Court has extended to arrestees. The Ninth Circuit’s rulings apply to states in the west and southwest, several of whom share borders with Mexico and Canada,
Warrantless border searches of luggage have been allowed under an exception to the Fourth Amendment for routine immigration and customs enforcement. But since digital devices provide so much more highly personal, private information than what is traditionally carried in a suitcase, agents should be required to show a judge that they have probable cause to believe that the device contains evidence of a violation of the immigration or customs laws, EFF said in the brief.
Digital device searches at the border have more than tripled since the inauguration of President Trump. This increase, along with the increasing number of people who carry these devices while traveling, has highlighted the need for stronger privacy rights while crossing the U.S. border. Last year, EFF and ACLU filed a lawsuit in Boston against the federal government on behalf of 11 travelers whose smartphones and other electronic devices were searched without a warrant at the U.S. border.
“Digital devices differ wildly from luggage and other physical items a person carries across the border,” said EFF Senior Staff Attorney Adam Schwartz. “Now is the time to apply the full force of constitutional privacy protections to digital devices.”
For the brief:
For more on privacy at the border:
Playboy Lawsuit Against Boing Boing Should Be Dismissed
Los Angeles, California—Playboy Entertainment's lawsuit accusing acclaimed website Boing Boing of copyright infringement—for doing nothing more than reporting on a historical collection of Playboy centerfolds—is groundless and should be thrown out, the Electronic Frontier Foundation (EFF) told a federal court today.
As EFF and co-counsel Durie Tangri LLP explain in a request to dismiss the lawsuit filed on behalf of Boing Boing owner Happy Mutants LLC, Playboy’s copyright claim seeks to punish Boing Boing for commenting on and linking to an archive of Playboy “playmate” centerfold images that a third party posted. The blog contained links to an imgur.com page and YouTube video—neither of which were created by Boing Boing. But courts have long recognized that simply linking to content on the web isn’t unlawful.
“Boing Boing didn’t upload, publish, host, or store any images that Playboy owns, didn’t control the images, and didn’t contribute to the infringement of any Playboy copyrights,” said EFF Legal Director Corynne McSherry. “It’s frankly mystifying that an entertainment company that has often fought to defend free speech rights is trying to punish Boing Boing for doing what has made it a leading online source of news and commentary: unique and groundbreaking reporting on art, science, and popular culture.”
“Boing Boing’s reporting and commenting on the Playboy photos is protected by copyright’s fair use doctrine,” said EFF Senior Staff Attorney Daniel Nazer. “We’re asking the court to dismiss this deeply flawed lawsuit. Journalists, scientists, researchers, and everyday people on the web have the right to link to material, even copyrighted material, without having to worry about getting sued.”
For more on fair use:
Mobile Devices Compromised by Fake Secure Messaging Clients – Hundreds of Gigabytes of Data Stolen
San Francisco – The Electronic Frontier Foundation (EFF) and mobile security company Lookout have uncovered a new malware espionage campaign infecting thousands of people in more than 20 countries. Hundreds of gigabytes of data has been stolen, primarily through mobile devices compromised by fake secure messaging clients.
The trojanized apps, including Signal and WhatsApp, function like the legitimate apps and send and receive messages normally. However, the fake apps also allow the attackers to take photos, retrieve location information, capture audio, and more.
The threat, called Dark Caracal by EFF and Lookout researchers, may be a nation-state actor and appears to employ shared infrastructure which has been linked to other nation-state actors. In a new report, EFF and Lookout trace Dark Caracal to a building belonging to the Lebanese General Security Directorate in Beirut.
“People in the U.S., Canada, Germany, Lebanon, and France have been hit by Dark Caracal. Targets include military personnel, activists, journalists, and lawyers, and the types of stolen data range from call records and audio recordings to documents and photos,” said EFF Director of Cybersecurity Eva Galperin. “This is a very large, global campaign, focused on mobile devices. Mobile is the future of spying, because phones are full of so much data about a person’s day-to-day life.”
“Dark Caracal is part of a trend we’ve seen mounting over the past year whereby traditional APT actors are moving toward using mobile as a primary target platform,” said Mike Murray, Vice President of Security Intelligence at Lookout. “The Android threat we identified, as used by Dark Caracal, is one of the first globally active mobile APTs we have spoken publicly about.”
Dark Caracal has been operating since at least 2012. However, one reason it has been hard to track is the diversity of seemingly unrelated espionage campaigns originating from the same domain names. The researchers believe that Dark Caracal is only one of a number of different global attackers using this infrastructure. Over the years, Dark Caracal’s work has been repeatedly misattributed to other cybercrime groups. In fact, EFF’s Operation Manul report from 2016 misidentified espionage from these servers as coming from the Indian security company Appin.
“One of the interesting things about this ongoing attack is that it doesn’t require a sophisticated or expensive exploit. Instead, all Dark Caracal needed was application permissions that users themselves granted when they downloaded the apps, not realizing that they contained malware,” said EFF Staff Technologist Cooper Quintin. “This research shows it’s not difficult to create a strategy allowing people and governments to spy on targets around the world.”
For the full report:
For more on Dark Caracal:
For more on how to avoid downloading malware: