Inspector General Says CBP's Device Search Program Still A Mess, Still (Ironically) Mostly Undocumented

from the PAPERS-PLS dept

The CPB continues to increase the number of electronic devices (at least temporarily) seized and searched at border crossings and international airports. Basic searches — ones that don’t involve any additional tech or software — can be performed for almost any reason. For deeper searches, the CBP needs only a little bit more: articulable suspicion.

Even though it’s only a very small percentage of the total, it continues to increase, both in total numbers and as a percentage of the whole.

In fiscal year 2018, OFO processed more than 413 million travelers arriving at U.S. POEs and conducted an estimated 33,062 basic and advanced electronic device searches of those inbound travelers (.008 percent). In FY 2019, CBP processed more than 414 million travelers and conducted an estimated 40,610 basic and advanced electronic device searches of those inbound travelers (.010 percent).

That’s from the DHS Inspector General’s latest investigation [PDF] of CBP device searches. The last time the IG stopped by the CBP to perform some oversight in this area, it declared the whole thing a catastrophe. There was very little direct supervision of searches, documentation was almost nonexistent, and the CBP had no idea whether more searches were resulting in more investigations or arrests of criminals. Not only that, but the CBP had yet to implement any method of quantifying the security/safety gains of performing invasive device searches at border crossings.

Right at the top, the IG refers to the CBP’s policy on device searches, which clearly and succinctly states the agency’s obligations:

CBP’s Directive requires CBP officers to fully document all information related to searches of electronic devices.

You can already guess where this is headed.

First, there’s a callback to the last investigation by the IG:

In our first audit of CBP’s searches of electronic devices at POEs [Ports of Entry], we reported deficiencies in supervision, guidance, equipment management, and performance measures and made five recommendations to improve the program’s effectiveness. CBP concurred with all five recommendations and has taken some actions to improve oversight, such as streamlining license renewals, developing processes to conduct annual field office reviews, and updating its self-inspection worksheet to better identify deficiencies. As of May 2021, CBP had not fully implemented four of five recommended corrective actions.

Since there’s been no improvement on the back end, there’s been no improvement on the front end.

Here’s a more detailed description of what’s required when a phone is searched by CBP personnel:

CBP’s Directive requires CBP officers to include all information related to the search, such as whether the device’s wireless data connection was disabled, a tear sheet was provided, and if a supervisor approved advanced searches. In instances in which OFO detains or seizes an electronic device, officers document such incidents on DHS Form 6051D, Detention Notice and Custody Receipt for Detained Property and DHS Form 6051S, Custody Receipt for Seized Property and Evidence, to demonstrate chain of custody. The Directive also tasks supervisors with ensuring officers complete thorough inspections and that all notification, documentation, and reporting requirements are met.

Here’s what happened instead:

OFO [Office of Field Operations] did not always adhere to all requirements outlined in the Directive when conducting electronic device searches nor properly document searches. Of the 100 from FYs 2018 and 2019 that we reviewed, 79 had one or more instances of non-compliance, which totaled 139 instances. […] We also identified 32 EMRs [electronic media reports] not approved by a supervisor within 7 days.

The largest number of infractions came from two areas: no indication of whether the device’s data connection was disabled (27) — something that’s supposed to prevent agents from intercepting incoming communications or accessing content stored in the cloud — and no indication of whether a supervisor was present for advanced searches (44), which is a violation of CBP policy.

That’s just the problem with the stuff that’s (apparently incompletely) documented. Then there are the cases where no documentation occurred at all.

During site visit… we identified instances in which OFO officials used advanced screening equipment to conduct advanced searches of electronic devices without documenting these searches in TECS. For example, in reviewing DOMEX activity log entries from the three POEs, we identified 33 advanced searches that were not documented in TECS.

CBP officials said these didn’t need to be tracked because they were not related to new searches, but rather to ongoing investigations, training, and “ongoing maintenance.” As proof of this claim, the officials offered nothing.

We could not confirm these assertions because OFO did not have controls to ensure all advanced searches were traceable to the officer conducting the search.

As for seeing if these searches are actually resulting in any net security and public safety gains, the CBP is still sort of working on that. There are existing metrics the CBP could use, but it has simply chosen not to.

According to an OFO official, OFO does not see the benefit of receiving the outcomes of referrals, or tracking prosecutions and convictions, and does not have a system to track or receive this information. Without tracking final legal disposition of devices and information transferred to other Federal agencies, OFO cannot fully evaluate the program’s effectiveness or whether advanced searches are achieving their intended purpose to detect evidence and identify crimes.

The refusal to properly track and document searches also causes problems elsewhere.

For example, OFO equipment used to search computers [equipment name redacted] has not functioned since July 2018 due to network compatibility issues. Because of these technical issues, officers at POEs cannot conduct advanced searches of computers on-site.

Here’s the punchline:

Despite technical issues, OFO renewed the software licenses for all equipment in 2019 and 2020, including for equipment that does not function, at a total cost of $330,629.

Which leads to yet another punchline in the OIG’s recommendations:

We recommend the Executive Assistant Commissioner for the Office of Field Operations: a. Suspend the renewal of licenses for nonfunctional equipment, as appropriate.

You think?

The report concludes like the last one did. Recommendations for the CBP to something — anything! — to improve its tracking and documentation of phone searches. And like last time, the CBP has promised to get right on that… eventually. And we the people can all expect more of the same in the 2022 report, given the lack of progress since the last IG review.

Filed Under: , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Inspector General Says CBP's Device Search Program Still A Mess, Still (Ironically) Mostly Undocumented”

Subscribe: RSS Leave a comment
7 Comments
ECAsays:

how much for a tech? or train a tech?

Let ask,
How and what the F’ are you looking for on a Cellphone?
How much time do you have to Search a cellphone and NOT keep it for a week, to find out whats going on in the background?
How is it that you can take a App, store all your data In the cloud, Erase the app so no one can see you HAD the app, go threw customs and all the BS, CLEAN, then after getting into the USA or any other country that understands this BS, RELOAD the app, and download the stored data?

Lets say you have 5 kids, and ask them WHO did it? You have as much chance as that, in finding anything. BEAT them all or dont even ask.

You want a terrorist, look for the phone with almost nothing on it.

Anonymoussays:

Re: how much for a tech? or train a tech?

You want a terrorist, look for the phone with almost nothing on it.

So, just detain at Gitmo any person going on a business trip mandated by their employer? That would be a great way drive further offshoring, and encouragement of avoiding the US for IP development.

I have a better idea. How about not searching devices without a warrant like our 4th and 5th amendment rights mandate? How about stopping the security theater that actively harms our tourism industry year after year, costs a fortune to maintain, cannot be run properly (as the article provides proof of), creates yet another useless bureaucracy, and provides no material benefit to the public?

Lets say you have 5 kids, and ask them WHO did it? You have as much chance as that, in finding anything. BEAT them all or dont even ask.

If you need to beat the kids to answer a simple question, you have far bigger issues as a parent than the question they refuse to answer.

How is it that you can take a App, store all your data In the cloud, Erase the app so no one can see you HAD the app, go threw customs and all the BS, CLEAN, then after getting into the USA or any other country that understands this BS, RELOAD the app, and download the stored data?

Because that is standard operating procedure for any sane person going through US Customs? Also, it’s a de-facto feature of the hardware. You don’t have to store "incriminating evidence", or whatever the US officials would like to call it, on a phone.

Of course, in reality this is just another trough feeding the US surveillance state. It’s not meant to catch terrorists, it’s meant to keep very detailed tabs on anyone passing through or near (within 100 miles of) a US checkpoint. Which just so happens to cover most of the country’s population.

How much time do you have to Search a cellphone and NOT keep it for a week, to find out whats going on in the background?

As long as they want. There’s people who have "lost" their devices for years due to these "inspections", and some who’ve never recovered their property. It’s the government. They take what they can and, if they can get away with it, give nothing back. All while shouting "Terrorism" as justification for their actions. Well it’s definitely terrorism alright. State-sponsored terrorism of it’s own citizens.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Report this ad??|??Hide Techdirt ads
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...