Who has the legal right to access your personal and private digital assets? The answer can be complex, and will depend on where you live, where you are traveling from and to, and whether or not you’ve been suspected of a crime. The rules governing personal digital access are evolving rapidly, and are often subject to creative, on-the-fly interpretations.
Digital Privacy is the Wild West
Consider the case of Sidd Bikkannavar, a US-born scientist who works for NASA. Last month, while returning from a vacation abroad, he was detained by Customs and Border Patrol personnel for reasons which are still unclear. During his detention, agents seized his phone and demanded that he provide them the access code to unlock it. Left with no other options, he complied, which allowed the agents unrestricted and unsupervised access to all of the data on his NASA-issued phone. Legally, the agents were within their rights to do what they did, as the border screening area isn’t technically in country and therefore the typical protections against unwarranted searches don’t apply. However, the fact that any CBP officer can demand access to – and possibly even download – the data of a U.S. citizen without cause raises some frightening possibilities.
In some cases, the demands for information may go beyond the data itself. There is a proposal – though not yet implemented – that could require incoming travelers or visa holders to surrender their social media login credentials before being granted passage into the United States.
The U.S. isn’t alone in this. Canada also reserves the right to demand access to your devices during an attempted border crossing, and as a Quebec man found out a couple of years ago, refusing to provide a device password is a crime in itself. Israel has had similar cases in the past, in which travelers were asked to log in to provide border agents access to their data. Word of these incidents has led some folks to create travel-only email accounts, or to simply leave their devices behind altogether.
Incidents like these aren’t limited to traveling. Some employers have demanded social media credentials of applicants and employees, although this practice is increasingly being banned by state legislatures. On the cloud storage front, it is possible for law enforcement agencies to execute a search warrant on cloud-stored data without informing the owner of said data, meaning that your data might have been searched and you have no legal right to be notified of the search.
In what might be the most unusual and complex case of digital privacy, a former police officer named Francis Rawls has been jailed for over a year amid allegations that he engaged in child pornography. However, Rawls is not being held on the child pornography charge; rather, he has been jailed indefinitely for failing to unlock two encrypted drives on which authorities suspect he has saved those illicit images (for his part, he claims to have forgotten the passwords). So far, the former police sergeant has not been charged with any crime, but there appears to be no urgency in either releasing him or moving forward with the child pornography charges without the evidence on the encrypted drives. If Rawls truly did engage in child pornography, I hope that the full weight of the legal system will do its business without mercy. However, the fact that the suspect is held without charges because of an unwillingness or inability to decrypt his own data speaks to a deeper quandary of data privacy.
The evolution of the legal system lags behind the pace of technological developments. In many ways, the laws and accepted practices regarding digital privacy – and the subjectivity of their enforcement – remains as tumultuous as the Wild West.
Author’s note: This post was originally published in my Data Geek Newsletter.
After reading this post I have very disturbed feeling of what you are trying to impart. Your opening paragraph has two such egregious errors in it that bothered me immediately.
Personal privacy does not depend on where you live, where you are traveling and what you have done. Also it is not complex. Even the invasion of a criminal’s privacy requires a court order / warrant. That is why it is called an invasion.
You seem to mistake the assumption that some agencies or municipalities have taken upon themselves the right to access anything to do with your personal data as justified and right.
While I am no attorney I do understand that at times laws may be passed that overstep constitutional bounds at even the federal level in answer to certain social pressures. That does not ever make those laws right and just. They are simply a political knee-jerk response to voter outcry.
In every case an individual must give them the right either explicitly or implicitly to access private data. Again I am no attorney and don’t have anywhere near all the facts in the case I would have to wonder how Mr. Rawls can be legally jailed for refusing to help the investigation into his assumed crime. Last I heard Americans still have the right to the 5th Amendment to the US Constitution. I do agree with your sentiment about child pornography but it is up to the investigators to prove the case not the other way around.
Assuming that just because a person, agency or government has invaded your privacy that it is their right is the first step in assuming you have no rights at all.
Richard, thanks for visiting and for sharing your thoughts on this issue, even though they may differ from mine.
Actually I think Richard has a misunderstanding or two of his own. I also am not a lawyer, but I do know that the “right to privacy” is not mentioned anywhere in the US Constitution. Many, perhaps even most of us assume that such a right exists and live our lives as if that were the case. Court decisions are all over the place in this broad area. For example, in general, it seems that it is generally permissible to Video anybody, anywhere with or without their consent. The Patriot Act gave various Federal Agencies broad powers to monitor electronic communications. Another example is the push to “protect our freedom” by authorizing police authorities to force vendors to provide back doors. Amazingly many Americans actually support these intrusions.
I assume that Richard has passed through airport security in the past couple of years. Did he object to the patently worthless invasion of his privacy by TSA?
Does he consider the highly personalized tracking data maintained by Apple, Google, Microsoft, …. an invasion of privacy?
I understand there is a case in progress where the DA has issued subpoena demanding that Amazon turn over the Alexa audio from a subscbriber suspected of a commiting a murder in his house.
There are a few notable privacy rights tha have been protected in Federal, State, and/or Local legislation but in general they are very limited. E.g. the Federal Government is prohibited exposing a person’s tax related data or a person’s SSN and the HIPPA requirements have become Byzatine. However, the general trend is toward a more and more “open” interpretation of privacy.
Ray, I am sure you are correct. However, do not mistake the various invasions of our privacy with the lack of a right to that privacy.
In the case of the TSA I recognize the requirement of society to feel safe and in fact while the things the TSA do are somewhat useless after having worked at a prison I can see it as an acceptable compromise. I do limit my flying to those times when time or distance are factors. Otherwise, I drive.
Yes, there are tons of examples of invasions of our privacy. However, I have the choice to either permit them or not use the systems that require them.
In the case of companies like Apple, Microsoft, Google, et. Al, I decide whether to share information or not in as many scenarios as I possibly can. Otherwise I don’t use their products that try to collect info on me or my family.
As a part time photographer I am well aware of the laws about video and photography governing public venues and also the lengths that government agencies in particular will go to in order to prohibit those folks who do video or photography in places that governments have deemed sensitive. I found very often over the years that it is usually to keep evidence of malfeasance or corruption out of the public eye. But I digress…
In every one of the examples you have sited there has been a requirement for a court order to gain access to the material in question.
I think the point I was trying to make that you perhaps missed is that I as an informed citizen (at least as informed as I am able to be.) have a right to privacy of my person and my property and as long there is no evidence I am committing a crime that also applies to anything that I say or do. It is up to me to decide when to allow it, not some government bureaucrat. That can be taken away on a case by case basis as decided by a court but to just hand it over because some agency says, “I want it.” is unacceptable.
Conflict between the Right to Privacy and broad acceptance of invasions of privacy are a fact of life. I don’t expect it to end any time soon. I do intend to disrupt the invaders at every chance and to remind people that they do not have to give up their rights because some government says so.