Texas Immigration Lawyer Sues DHS, CBP Over Seizure And Search Of His Work Phone

from the most-likely-place-to-find-plenty-of-privileged-information dept

A Texas immigration lawyer is suing the DHS and CBP over one of its infamous border device searches. His attempt to keep the federal government from accessing privileged attorney-client communications was rebuffed by CBP officers who decided they'd just keep his phone until they were able to access the contents. This is especially problematic considering the lawyer, Adam Malik, is representing clients currently engaged in lawsuits and other legal actions against or involving both the DHS and CBP. (via ABA Journal)

Another troubling aspect of this case is that Malik had already proved his non-terrorist bona fides to the federal government well before CBP officers decided he was in need of some enhanced screening. From the lawsuit [PDF]:

To facilitate his extensive travel, Mr. Malik applied for and received membership in CBP’s Global Entry Trusted Traveler Program (“Global Entry”). DHS approved him for Global Entry on or about November 2014 and approved his renewal in 2019.

To receive membership in Global Entry, Mr. Malik passed a layer of extremely thorough security checks conducted by DHS. Mr. Malik passed a DHS conducted background check against criminal, law enforcement, customs, immigration, agriculture, and terrorist indices, a process that includes fingerprinting. He also passed an in-person interview with a DHS security officer.

Despite being a government-ordained "Trusted Traveler," Malik was detained upon his return from a trip to Costa Rica. During his trip, he had communicated with clients using his law firm issued iPhone. The CBP officers told Malik he had been "randomly selected" for an "eligibility review." Once they had him detained, they questioned him about his personal life, family, and immigration history.

More worryingly, they questioned him about his legal practice and clients, demanding to know who he was representing and which cases he had handled. Obviously, this involved plenty of litigation work involving the same agency now questioning him. Malik refused to answer those questions. That made the CBP unhappy, leading to the incident at the center of this lawsuit.

During interrogation, Officer Sullivan displayed anger to Mr. Malik when Mr. Malik would not reveal Privileged Information. In response to Mr. Malik’s assertion of privilege, Officer Sullivan asked Mr. Malik to place the iPhone on the table. Mr. Malik placed the iPhone on the table.

Officer Sullivan asked Mr. Malik to unlock the iPhone so that the digital contents could be inspected.

Mr. Malik explained to Officer Sullivan that the iPhone contains extensive Privileged Information and allows for the accessing of Privileged Information that is stored remotely. Mr. Malik told Officer Sullivan that he cannot consent to the search of the iPhone.

Texas bar rules prohibit divulging privileged information. Not that it mattered to the CBP officer, who took everything a disturbing step further.

In response to Mr. Malik’s assertion of privilege, Officer Sullivan informed Mr. Malik that DHS was seizing the iPhone and that the digital contents would be searched. Officer Sullivan did not disconnect the iPhone from the internet or the communications network. He failed to take action that would protect the iPhone from accessing the internet or a communications network. Officer Sullivan ordered Mr. Malik to leave the deferred inspection area without the iPhone while the iPhone still was connected to the internet and a communications network.

Neither Officer Sullivan nor any other employee of Defendants asked Mr. Malik to disable connectivity of the iPhone to the internet or to any network. Had Officer Sullivan or any employee of Defendants offered to permit Mr. Malik to place the iPhone in airplane mode upon or after seizure of the iPhone, Mr. Malik would have done so immediately.

As the lawsuit notes, the CBP is given broad discretion on device searches. It can perform basic or in-depth searches of phones without a warrant and with nothing more than reasonable suspicion evidence of a crime may be found on the devices. It also has some national security powers which give it even more leeway. However, there's nothing reasonably suspicious about someone denying access to privileged communications, especially when doing so means they're abiding by their legal obligations as an attorney, rather than shirking them to avoid further border control nastiness from federal officers with too much power and too little oversight.

Despite all this leeway, Malik says the CBP still violated its very permissive directives. It did not attempt to disconnect the phone from any network, which would have allowed it access to data in motion, rather than just data at rest. It did not make any effort to restrict its search to non-privileged information by use of a filter team. Instead, it seized Malik's phone and searched its contents with it connected to the internet and without the aid of anything that would have steered it clear of information it had no business seeing. According to the lawsuit, the CBP is still in possession of the phone, nearly a month after it seized it.

As evidence of the illegal search, Malik states that he received a request for a verification code from FLYP (a call, text, and voicemail app) one day after he was forced to leave his phone in the CBP's possession. This indicated the phone was still connected to the internet and the CBP had unlocked the device.

Two weeks after seizing the phone, the CBP finally got around to getting a filter team together. It sent an email to Malik demanding a list of clients and their contact info. Supposedly this was to identify who his clients were so the CBP wouldn't access those communications. But, as Malik points out, he is forbidden from providing that information. Not only that, but identifying current and future litigants would compromise them and make them more susceptible to adverse actions by agencies opposing them or targeted by litigation.

Plaintiffs are prohibited from identifying such names because the identification for most, if not all the individuals, are connected inextricably with the privileged and confidential purpose for which the clients sought legal advice.

Part of the Privileged Information contained on the iPhone and on the remote servers is identifiable only by a telephone number of the client. Telephone numbers of the clients are privileged and confidential and will lead to exposure of Privileged Information.

Filter team protocols suck when searches are performed by defendants in lawsuits filed by the lawyer whose phone they've seized.

CBP’s proposed filter team as implemented and as articulated in the Directive, creates the appearance of and potential for improprieties. The Directive authorizes CBP officers to rummage through attorney-client communications. The use of the filter team in these circumstances will chill the free flow of information between clients and lawyers.

Malik asserts a number of First and Fourth Amendment violations. The seizure and search of communications and other information protected by the First Amendment ("expressive content, associational information, and private information") without reasonable suspicion of criminal activity is just one of the problems. The same lack of suspicion carries over the Fourth Amendment, which guards against "unreasonable" searches, no matter what their context.

In addition to findings in favor of his Constitutional claims, Malik is also asking for an independent team to be involved in the search of information on the iPhone and to be given the right to challenge any search that may result in privileged communications being accessed by the government. He also wants CBP blocked from searching the phone until his demands are met and a Special Master put in place to oversee the search. Finally, he asks for a permanent injunction blocking the government from searching the phone at all, which, if granted, would make the intermediate demands unnecessary.

From these allegations, it appears the CBP retaliated against the lawyer because he refused to break his code of ethics. And it appears CBP officers were willing to violate long-held ethics itself if this "Trusted Traveler" wouldn't do it for them. This is the unsurprising side effect of giving border control agencies almost complete control over travelers and their possessions. When there are few restraints, very few will act with restraint. Hopefully a lawsuit like this will start nudging our borders back into Constitutional territory.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: 4th amendment, adam malik, attorney client privilege, cbp, dhs, seizure, texas


Reader Comments

Subscribe: RSS

View by: Thread


  • identicon
    Anonymous Coward, 2 Feb 2021 @ 5:12am

    That just proves what I have said all along. Keep your phone's security dialed up to insane cop proof levels, so that if it is seized for any reason, they will not be able to get at the contents.

    And that includes "booby trap" mode, as I like to call it, where any attempt to brute force crack the password will result in the phone wiping itself and doing a factory reset, after too many failed password attempts.

    Because things like malware put stuff on your phone you don't know about, it is a good idea to secure your phone in that manner when travelling, so that if your phone is seized, they will not be able to access the contents, once they get it back to the cop shop.

    I do that when I go on road trips, because of things like asset forfeiture, especially if I drive to Canada's Wonderland, where there is no way to get there from the west coast, without going through Michigan. If my is ever seized in Michigan.

    Locking law enforcement out of your phone like that does break any criminal laws in any of Canada's 13 provinces, America's 50 (soon to be 51) states, Mexico's 31 states, or any federal laws in Canada, Mexico, or the USA.

    You cannot be prosecuted for refusing to divulge your passwords anywhere in canada, Mexico, or the uSA

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 2 Feb 2021 @ 6:00am

      Re:

      Keep your phone's security dialed up to insane cop proof levels, so that if it is seized for any reason, they will not be able to get at the contents. [...] any attempt to brute force crack the password will result in the phone wiping itself

      The phone should have been pre-wiped before crossing the border. I mean, not that one should have to do that, but a lawyer should know better than to drag data across a border physically, knowing that border agents can search data moving that way but cannot search data moving to a law office VPN (it's probably "legal" under some secret law, but they'll not realistically decrypt that nor block the traffic).

      Lawyers are in a better position than most people, in that they can easily justify the complex setup to allow this. There must be someone willing to sell them software to allow them to quickly and easily save the state over a VPN, wipe it, then restore after crossing the border. I hope that future generations of Americans will consider it ridiculous that people had to guard against the American government in this way; still, this lawyer was in Costa Rica, and would have had to guard against that government anyway—no data on non-Costa-Rican cases should've been present.

      if I drive to Canada's Wonderland, where there is no way to get there from the west coast, without going through Michigan.

      Um... the Trans-Canada Highway? The Canadian followed by TTC line 1 and YRT bus 20? Or I-90, or Amtrak via Niagara Falls and Toronto, if you're worried about Michigan itself rather than the border (though you'd get to Wonderland without dealing with the US CBP, if starting from the US west coast).

      reply to this | link to this | view in chronology ]

      • icon
        nasch (profile), 2 Feb 2021 @ 6:00pm

        Re: Re:

        Um... the Trans-Canada Highway?

        I've called him out on this false claim repeatedly, and he keeps making it. Can't tell if he doesn't read replies, or just doesn't care.

        You cannot be prosecuted for refusing to divulge your passwords anywhere in canada, Mexico, or the uSA

        Not quite true.

        https://www.lawfareblog.com/fifth-amendment-decryption-and-biometric-passcodes

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 3 Feb 2021 @ 4:32pm

          Re: Re: Re:

          However, if my phones were seized on asset forfeiture, they could not and arrest me later when they could not unlock my phone.

          Police in Michigan would not be able to come and arrest me later on if they were unable to access my phones

          reply to this | link to this | view in chronology ]

          • icon
            nasch (profile), 3 Feb 2021 @ 4:59pm

            Re: Re: Re: Re:

            I don't know about Michigan but in a jurisdiction and situation where compelled production of passwords is allowed they could issue a subpoena for the password and jail you for contempt if you don't produce it.

            reply to this | link to this | view in chronology ]

            • identicon
              Anonymous Coward, 3 Feb 2021 @ 5:08pm

              Re: Re: Re: Re: Re:

              That would violate the fifth amendment in the United States.

              reply to this | link to this | view in chronology ]

              • icon
                nasch (profile), 3 Feb 2021 @ 5:29pm

                Re: Re: Re: Re: Re: Re:

                Read the link I posted above. It is not settled law.

                reply to this | link to this | view in chronology ]

                • identicon
                  Anonymous Coward, 3 Feb 2021 @ 6:04pm

                  Re: Re: Re: Re: Re: Re: Re:

                  The lawyer can probably affiord the $122,000 Jaguar 575 XJR

                  If he had one of those, he could take off if they came to arrest him, and no law enforcement car can catch a XJR 575

                  That top of the line Jaguar XJ can do 186 miles an hour, where no law enforcement vehicle would ever catch him. That thing has 575 horses under the hood, more than any law enforcement vehicle on American roads today.

                  There is no law enforcement vehicle in America that can do 186 miles an hour.

                  If I were that lawyer, I would be out buying one right now and be prepared to outrun the cops, if I had to.

                  That thing is even fast enough to outrun a Corvette. That is how fast that the XJR 575 is

                  If that lawyer is reading this, he would be well advised to buy a Jaguar XJR 575 ASAFP to be prepared to give the cops a run for their money, if necessary, as there is no police vehicle on American roads that could catch him in one of those.

                  reply to this | link to this | view in chronology ]

            • identicon
              Anonymous Coward, 3 Feb 2021 @ 5:11pm

              Re: Re: Re: Re: Re:

              That is why, before I leave home, I wipe my laptops and phones so that if they do compel decryption, that will not get anything useful.

              Doing that before I leave home does not break any laws in any of the 50 American states, 14 Canadian provinces, or 31 Mexican states.

              reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 3 Feb 2021 @ 5:04pm

        Re: Re:

        With some of the stories I have heard, I would take extra precuations.

        I also plan, soon, to use a bank where I can restrict where bank cards will work.

        I will be able to whitelist where my card cab be used, so that if ERAD is used, they will not be able to take my money. It will give them the balance, but when an LEO tries to run to get any of my money, the transaction will be decline by the bank erase ERAD is not in the "whitelist", and said LEO will never figure why the transaction keeps getting declined every time he tries it.

        I will not say which bank it is, but their system will prevent ERAD from being able to take your money, becuase they were not on the whitelist.

        For example, I can whitelist hotels, restaurants, and gas stations, but disallow everything else, and that will stop any LEO with an ERAD from ever being able to take my money. And LEO will never figure out why the tranasction is declined by the bank.

        This will be for when I am travelling on Oklahoma or Tenneesee where ERAD is used like that.

        And I always wipe my phone before going to San Diego, just in case I accidentally cross the border into Mexico (some people zig when they should zag), so that if my phones are searched upon re-entering the USA, anything there I did not know about that could get me into trouble cannot be recovered.

        With the fact that I have to go to Coco's, for breakfast, which is that close to the border, I take a lot of precautions before I even leave home. It is about 25 miles from downtown, and 30 miles from SeaWorld

        My laptops are wiped and Windows re-installed. My phones are wiped and reset and all the apps reinstalled.

        when I travel, I take the security of devices seriously, becasue you never know what is going to happen.

        I do all that, and carry Mexican auto insurance, in case I do end up accidentally crossing the border into Mexico.

        When I take road trips to Mexico, Canada, or Centreal America, my laptops are wiped, at the maximum level of destruction, and the OS and all my programs reinstalled, so that neither the Canadian Border Services Agency, or the CBP/DHS will ever be able to recover anything I don't know about that could get me into trouble.

        And as far as Michigan, it is not just Michigan, but anywhere in the Constitution Free Zone that can be a problem.

        I do that when I go to Disneyland, because Disneyland is just inside the 100 mile limit with the border. Disneyland is about 97 miles from the border, as the crow flies.

        So part of my routine before going to Disneyland is to wipe and reinstall the OS on my laptops, encrypt my phones, and then do a Factory Reset, meaning what was there before will just be bunch of gibberish.

        And since Orange is still pretty much a conservative redneck county, you never know when asset forfeiture will be used, within the Constitution Free Zone, so that if either CHP, Orange County Sheriff, or Anaheim PD decide to to an asset foreituure, they will get nothing from my electronics, even with the best forensic analysis software out there.

        Orange is one of the most conservative counties in California, so I really dial up security, before crossing into the Constitution Free Zone, which is right about where you would turn off I-5 to go to Knotts.

        I also used to do that when one aunt was alive, I go to go to Hemet to visit her. Her house was 82 miles as the crow flies from the border, so before taking off visit her, I would wipe my laptops and then encrypt and then factory reset my phones.

        reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 3 Feb 2021 @ 5:20pm

        Re: Re:

        Well, when I go through Michigan, I take the shortest route through Michigan, getting on I-275 in Toledo, and then 75 and 94 in Detroit, and into Canada. I can be through Michigan and at the border. in about an hour. It is 59 miles from Toledo to the border, using that route.

        reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 4 Feb 2021 @ 7:47am

        Re: Re:

        Like I said, I go by way of Toledo. Just 59 miles from Toledo to the border, so I do not spend long in Michigan. Just take 275 to 75 and then the road to the Ambassador Bridge.

        And like I said, I will soon be banking with one bank, where I can prevent from ERAD device from getting my money. I can "whitelist" where the card can be used, so that transactions on ERAD will be declined, and that LEO will figure out why the bank declined the transaction.

        I will whitelist hotels, gas stations, and restaurants, while blocking everything else, and neither ERAD, or the police agency using it, will ever figure out why the transaction was declined by the bank.

        This bank is the first bank I know of that allows for that.

        reply to this | link to this | view in chronology ]

  • icon
    Upstream (profile), 2 Feb 2021 @ 5:25am

    Malik should know better

    He should know that when entering a police state one should, at the very least:
    Have complete phone encryption.
    Have SIM card password in place.
    Have phone turned off, requiring actual password to access it (no fingerprint, swipe, or other shortcuts).

    He should also know that even with these protections in place, it is likely the government can access his data if they really want to.

    A better solution would have been to use a burner phone, encrypt all data and send it to a secure server, preferably one owned and possessed by his law firm, and thoroughly destroy the burner phone before leaving the foreign country.

    Passing through the customs of a police state with a powered-up phone that contains privileged data and has a connection to a network that contains even more privileged data is just a really, really bad idea, particularly when some of that privileged data might concern wrongdoing by the customs agency.

    Bad on DHS and CBP, but Malik really should have seen this coming. Or maybe he did, and this is just step one in a longer plan to slam DHS and CBP? It is a nice thought, but I doubt that is the case.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 2 Feb 2021 @ 5:52am

      Re: Malik should know better

      Another thing he should have done was to encrypt his phone, and then do a factory data reset so that the contents that were that would have been obliterated and CBP would not be able to recover anything.

      I do that when I go to San Diego to Seaworld, because the only place to get breakfast is a Cocos right before the border.

      Before I go to San Diego, I wipe and reset my phone so that if I miss the exit and accidentally cross into Mexico, any phone search upon my crossing back in the USA will not get anything that was there previously.

      Becuase I have two phones, one for music and calls, and the other my GPS application, I am like to attract more suspiscion than the average traveller, so before I leave home, I wipe and reset both phones and re copy my MP3s onto the phone that does the music, and re-download my Sygic maps on the other phone used for GPS.

      I need both phones, so that I can my music on one phone and my GPS on the other, so that I can select music on the one phone without disrupting my GPS on the other.

      Becuase I am in the constitutiuon free zone, on I-5, from roughly Disneyland southward, I also do a secure wipe on my laptop, and then re install the operating system.

      Asset forfeiture is mainlyh in the Constitution Free Zone, so before travelling in that Zone, I securely wipe and reinstall my devices so that if they are ever seized in asset foreiture, anything I don't know about that could get me into trouble is rendered uncoverable.

      Maybe that is what Mr Malik needs to do in the future, once his firm trashes their iPhones and get Android phones. Just wipe his devices, then reinstall the OS and all his apps, before he goes abroad.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 2 Feb 2021 @ 6:11am

      Re: Malik should know better

      Malik really should have seen this coming. Or maybe he did

      Apparently not: "As evidence of the illegal search, Malik states that he received a request for a verification code from FLYP (a call, text, and voicemail app) one day after he was forced to leave his phone in the CBP's possession." They've obviously got access to his apps and at least partial authentication data, which means the device was neither pre-wiped nor fully encrypted. If he said he saw this coming, he'd be admitting to improper protection of client data—unless he'd done a partial wipe of that data, including all apps used to deal with clients.

      Apart from the Police State in the USA, Costa Rica isn't known for its honest police and respect for human rights.

      reply to this | link to this | view in chronology ]

    • icon
      Thad (profile), 2 Feb 2021 @ 7:43am

      Re: Malik should know better

      Yeah, fuck off with that "she shouldn't have dressed like that" shit.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 2 Feb 2021 @ 9:45am

        Re: Re: Malik should know better

        What? Nobody is obliged to dress a certain way when crossing a border, but lawyers are obliged to protect client data, and the CBP is a known predator. People need to be prepared for that. I hope the lawyer wins so that we'll only have to guard against the foreign governments—you know, the ones that don't claim to respect human rights against unreasonable searches.

        reply to this | link to this | view in chronology ]

      • identicon
        Rekrul, 2 Feb 2021 @ 10:22am

        Re: Re: Malik should know better

        Yeah, fuck off with that "she shouldn't have dressed like that" shit.

        There's a huge difference between what one should be able to do and what one can practically do.

        I should be able to walk through Central Park at 2am waving a large wad of cash while singing "I'm in the money!", but actually doing so would be stupid. I should be able to park an expensive sports car on the street in New York City and leave the keys in the ignition, but actually doing so would be stupid. I should be able to leave my wallet on the table unattended in a busy restaurant while I use the restroom, but actually doing so would be stupid. Women should be able to get falling down drunk in a room full of horny strangers, but actually doing so would be stupid.

        reply to this | link to this | view in chronology ]

      • icon
        JMT (profile), 2 Feb 2021 @ 2:36pm

        Re: Re: Malik should know better

        That's a very different scenario.

        reply to this | link to this | view in chronology ]

        • icon
          Uriel-238 (profile), 2 Feb 2021 @ 11:42pm

          "A very different scenario"

          Okay, I'll bite. How is it relevant?

          Right now, most of the US public believes its phones are secure, even from law enforcement. This includes employees of government departments that have secrets.

          Is it stupid? Sure, but right now we're in a maelstrom of lies and vicious rumors. Are we losing our data to hackers? All the time.

          And yet, there is an expectation of privacy, one that has been affirmed by courts multiple times that police should not be searching phones without warrants.

          ICE and CBP don't care. They're not even obeying the President of the United States right now.

          I call bullshit. We were told by Apple and Google that our data is safe. We've been told by courts police won't search our phones without good reason (and a warrant). We've been told we who do no wrong have nothing to hide.

          Malik wore the right clothes and deigned not to drink too much. He just didn't wear the clothes a hypercautious tech guru (or a journalist experienced with run-ins with law enforcement) might use.

          And Officer Sullivan is abusing his position of power. He is committing a crime if anyone cared. (Actually I'm not sure of that. Maybe law enforcement officers are allowed to use police resources to stalk ex-partners and neighbors they don't like. Are they? It's about the same level of misconduct in this case.)

          I think if Malik did anything wrong, it was to underestimate the degree of lack of accountability the CBP can depend on, and the level of corruption in the department that is routine in 2021.

          reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 3 Feb 2021 @ 8:15am

        Re: Re: Malik should know better

        Damn man, You hit the nuclear button pretty fucking quickly.

        reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 2 Feb 2021 @ 5:34am

    "He should also know that even with these protections in place, it is likely the government can access his data if they really want to."

    Not with the security level I have. If they try to brute force crack the password, the phone will wipe and do a factory reset, where all the contents will be wiped and the phone cannot even be set up again without your Google password.

    And the fact he was using an iPhone shows his law firm needs to trash their iPhones and get Android devices.

    The "booby trap" mode that causes the phone to wipe and reset after too many failed password attempts does not exist on iPhones

    And they cannot come and arrest you later if the phones wipe and resets after too many failed password attempts

    That should be a clear message to iPhone users to trash their iPhones and get Android phones

    Android RULES
    iPhone SUCKS

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 2 Feb 2021 @ 12:29pm

      Re:

      Phone guy, i fucking missed you so much. gg.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 4 Feb 2021 @ 6:18am

        Re: Re:

        I have to do what I do, because I have three phones running, one for calls and music, the second for my S\ygic maps, and the third to use as a dash cam

        Having three phones is going to bring some suspicion, so I wipe and reset all three and resintall everything before I leave home.

        There is no law anywhere in any country I might drive in that makes it a crime to wipe my phone before I leave home

        There is law anywhere in Russia or China (assuming either of the proposed highway routes to Asia are ever built), Alaska, Canada, Mexico, Central or South America, or the USA that makes it a crime to wipe, reset, and then install apps on my phone, before I leave home.

        Ther is also no law anywhere in Europe (icluding the UK) that makes it illegal to wipe my phone before I leave home, assuming the road links to Russia are ever built and I were to drive to Europe someday.

        There is no law anywhere in Britain, or the Schengen region countries, that makes it a crime to wipe my phone before crossing their borders. So should the Bering strait bridge ever exist in my drive, and I, say, drive to Britain, there is no law in Britain that makes a crime to wipe my phones before I cross their border. There is no law in Britain the could prosecute me under, because I wiped my phones before crossing their border.

        The fact I drive with three phones attached to the vents is naturally going to bring suspicion and I make sure to allow for enough time in secondary inspection, especially going into Canada or the USA.

        With the tasks each phone is there for, there is no way to get that down to just one phone. I need all three phones for what I do with tjhem.

        reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 2 Feb 2021 @ 6:15am

    Can't he remotely wipe the iPhone as if it had been stolen? They are obviously not using RF screening if they are accessing the internet with the device.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 2 Feb 2021 @ 6:45am

      Re:

      Not on iPhones

      If he were on Android, he could use Find My Android.

      Android supports remove wiping, iPhone does not

      Another reason his firm needs to trash their iPhones and get Android phones.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 2 Feb 2021 @ 7:39am

        Re: Re:

        I have never used an iThing but a quick search came up with a lot of hits on how to remotely wipe an iPhone/iPad
        e.g.
        https://osxdaily.com/2012/06/05/remote-wipe-iphone-or-ipad/

        What you really want is a duress code so it looks like you are complying but the phone wipes everything.. "sorry sir, I don't understand what happened. It's never done that before"

        reply to this | link to this | view in chronology ]

        • icon
          JMT (profile), 2 Feb 2021 @ 2:41pm

          Re: Re: Re:

          Destroying evidence is a crime that can be charged on top of the suspected crime itself. So even if you are completely innocent, there's a non-trivial chance you'll end up with even more legal trouble, particularly with less restrained law enforcement groups.

          reply to this | link to this | view in chronology ]

          • identicon
            Anonymous Coward, 3 Feb 2021 @ 1:53am

            Re: Re: Re: Re:

            Not if the evidence is on a remote server. Backup before you enter the country

            reply to this | link to this | view in chronology ]

          • identicon
            Anonymous Coward, 3 Feb 2021 @ 6:08pm

            Re: Re: Re: Re:

            Not if you wipe the phone before you leave home.

            reply to this | link to this | view in chronology ]

          • identicon
            Anonymous Coward, 4 Feb 2021 @ 6:39am

            Re: Re: Re: Re:

            They have to prove it, and the company of one guy who has the policy of wiping seized phones can use Tor, so that the wipe cannot be traced to them.

            Then use one of number of secure disk wiping programs to obliterate any evidence on that hard disk that a wipe was performed from that machine if an LEO should ever seize the machine. A forensic analysis will get nothing. No evidence means no case if they cannot get anyting from the hard disk of the seized machine.

            reply to this | link to this | view in chronology ]

      • identicon
        Cowardly Lion, 3 Feb 2021 @ 5:42am

        Re: Re:

        You CAN remote wipe iPhones.

        Our company use them. I have one. We're told not to keep local data on it, and if we lose it [or have it seized] to notify our security, who notify our admins, who will then do an immediate remote wipe.

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 3 Feb 2021 @ 5:25pm

          Re: Re: Re:

          And if they do it using Tor, and then immediately wipe the hard disk of the computer used to do it, so that they do take it as part of an investigation, any evidence will not be recoverable.

          The computer used will have to be a Windows machine, because programs like Evidence Eliminator and KillDisk are not made for Macs.

          No evidence that you remote wiped the phones = NO CASE

          reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 2 Feb 2021 @ 6:52am

    That fact that he refused to unlock the phone and they took from him is all that they can do.

    They cannot prosecute you criminally for refusing to unlock your electronics.

    reply to this | link to this | view in chronology ]

    • icon
      Norahc (profile), 2 Feb 2021 @ 9:11am

      Re:

      There's been more than one person who spent a lot of time in jail disproving your claim.

      reply to this | link to this | view in chronology ]

    • icon
      ECA (profile), 2 Feb 2021 @ 10:12am

      Re:

      Yes, In jail, sitting waiting for someone to tell a judge you are coming to court.
      What was that 1 person, declared a Hacker, in for 3 years?? and never went to court.

      For everything we Hate about other countries. Its been mighty strange in ours, as they practice what others do.
      Thanks Mr. Bush.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 2 Feb 2021 @ 9:24pm

      Re:

      That fact that he refused to unlock the phone and they took from him is all that they can do.

      Not true. They can kick him out of the trusted traveler program and hassle him every time he crosses the border.

      reply to this | link to this | view in chronology ]

  • icon
    sumgai (profile), 2 Feb 2021 @ 10:24am

    reverse-Charon is correct, beaucoup people have spent time in Crow-bar Hotel for not revealing their passwords, or otherwise opening their devices (not just phones) for Polizie inspection. One need only look at past pages of TD for confirmation of this, but a quick DuckDuckGo search reveals DeHart, Rawls, and other in similar straits.

    And Thad's statement notwithstanding, I do blame Malik for lack of foresight. Just because one government entity likes you, that does NOT preclude other government entities from disliking you - we all know that one hand doesn't know what the other is doing, right? Or even worse, the second hand does indeed know what the first hand is doing, and capriciously thwarts their efforts out of mere spite (or perhaps jealousy, who knows). Ditto for persons within one entity.

    If you really and truly must use a phone for sensitive stuff, then use a simple dumb phone (aka burner) as a conduit to remote servers, like Upstream explained above. Then dispose of it before traveling where Gendarme interference is quite likely to be the order of the day. If you simply must call someone before getting all the way back home, pick up another burner - they're too cheap not to do this.

    reply to this | link to this | view in chronology ]

    • icon
      ECA (profile), 2 Feb 2021 @ 11:30am

      Re:

      And the cooky crumbles.
      The CIA had problems in the past, as they wished to Watch over things in the USA, instead of depending on Other agencies, SHARING. So, instead of going against the law they they Couldnt do it TO the USA, only Outside. They decided to make an OUTSIDE looking into the USA. From the point of law that It wasnt Against the law OVer there.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 3 Feb 2021 @ 6:32pm

    One way he could have done it was to keep what he did not want CBP to see on his home computer, where he would use a home VPN to access, and then make sure that the password was not save on tablets, phones, laptops, etc.

    One password they cannot make you hand over is the VPN password to your home or office network.

    I used to do that when I ran my online radio station. Anything I did not want US or Australian Customs to see was on my home VPN connection, and I made sure the password was not saved, so that that netither the Australian Border Force, Canadian Border Services Agency, HM Customs, nor DHS/CBP could log on and see what was there.

    Your password to your home or office network is something that that you cannot be compelled to hand over in Canada, Australia, Britain, New Zealand, or the United States.

    Maybe that is what Mr Malik needs to do in the future, so that when his devices are searched, they will not be able to get anything without the passwords to his home and office comput networks, which you cannot be compelled to hand over

    reply to this | link to this | view in chronology ]

    • icon
      nasch (profile), 3 Feb 2021 @ 8:02pm

      Re:

      Your password to your home or office network is something that that you cannot be compelled to hand over in Canada, Australia, Britain, New Zealand, or the United States.

      Got a reference for that?

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 3 Feb 2021 @ 10:33pm

        Re: Re:

        Maybe the AC means that if they don't even know you have a home or office network, they won't be likely to ask for a password to it? I'm being generous here.

        reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 4 Feb 2021 @ 4:24am

        Re: Re:

        Another solution is for the company to temporarily erase and back up the employee's files to another part of the network, so that Customs, if they insist on looking at your work folder, will not see anything, and have no idea the files exist elsewhere.

        reply to this | link to this | view in chronology ]

        • icon
          sumgai (profile), 4 Feb 2021 @ 10:34am

          Re: Re: Re:

          ... the company to temporarily erase and back up the employee's files to another part of the network

          This requires both extra work and diligence on the part of a network admin. What happens if the reporter/lawyer files a document, and moments later the Secret Police break down his door and demand the computer, etc.? Security is all in the timing.

          Some might think that a server-side script to automate this would be a good idea, but the timing is the thing - it still might not be fast enough.

          Better would be to simply have the remote computer log in each time with a script that creates a new folder on the server, using any of a variety of naming schema. This might chew up some storage space, but it guarantees that a forensics investigator will not be able to divine the whereabouts of previous folders. At that point, it's better to leave the password stored by the OS and/or app, in some fashion, and usable by the investigator - such would seem "normal" to that person. An empty folder would raise concerns, but the explanation would be equally simple - "My employer (or network admin) must've moved it, I dunno".

          reply to this | link to this | view in chronology ]

    • icon
      sumgai (profile), 4 Feb 2021 @ 10:16am

      Re:

      Yes AC, citations are needed for each of the listed jurisdictions, if you please. I too would like to know why VPN passwords are immune to disclosure and/or scrutiny.

      reply to this | link to this | view in chronology ]

    • icon
      ECA (profile), 4 Feb 2021 @ 12:37pm

      Re:

      Dear AC.
      If you didnt notice.
      Windows has this GREAT history file, buried into your system.
      I hope you erased ALL OF THEM.
      Then also note, that in <1 min one of these groups can Install a Keylogger, and that on Next inspection, it will be Copied and looked at.
      Get a program to Verify ALL programs and makes a list of them. Then Verifies NO NEW ONES have been installed.

      Just get a Netbook. they dont understand those at all.

      reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Close

Add A Reply

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Special Affiliate Offer

Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads
.

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.