US Ninth Circuit says forensic laptop searches at the border without suspicion are unconstitional

An en banc (all the 11/20 judges together) decision from the 9th Circuit has affirmed that you have the right to expect that your laptop and other devices will not be forensically examined without suspicion at the US border. It's the first time that a US court has upheld electronic privacy rights at the border, and the court also said that using an encrypted device that can't be casually searched is not grounds for suspicion. The judges also note that the prevalence of cloud computing means that searching at the border gives cops access to servers located all over the world. At TechDirt, Mike Masnick has some great analysis of this welcome turn of events:

The ruling is pretty careful to strike the right balance on the issues. It notes that a cursory review at the border is reasonable:

Officer Alvarado turned on the devices and opened and viewed image files while the Cottermans waited to enter the country. It was, in principle, akin to the search in Seljan, where we concluded that a suspicionless cursory scan of a package in international transit was not unreasonable.

But going deeper raises more questions. Looking stuff over, no problem. Performing a forensic analysis? That goes too far and triggers the 4th Amendment. They note that the location of the search is meaningless to this analysis (the actual search happened 170 miles inside the country after the laptop was sent by border agents to somewhere else for analysis). So it's still a border search, but that border search requires a 4th Amendment analysis, according to the court.

It is the comprehensive and intrusive nature of a forensic examination—not the location of the examination—that is the key factor triggering the requirement of reasonable suspicion here....

Notwithstanding a traveler’s diminished expectation of privacy at the border, the search is still measured against the Fourth Amendment’s reasonableness requirement, which considers the nature and scope of the search. Significantly, the Supreme Court has recognized that the “dignity and privacy interests of the person being searched” at the border will on occasion demand “some level of suspicion in the case of highly intrusive searches of the person.” Flores-Montano, 541 U.S. at 152. Likewise, the Court has explained that “some searches of property are so destructive,” “particularly offensive,” or overly intrusive in the manner in which they are carried out as to require particularized suspicion. Id. at 152, 154 n.2, 155–56; Montoya de Hernandez, 473 U.S. at 541. The Court has never defined the precise dimensions of a reasonable border search, instead pointing to the necessity of a case-by-case analysis....

The court is led by Chief Judge Alex Kozinski, who is a fan of my book Little Brother (which features a scene where DHS officials force a suspect to decrypt his devices, on the grounds that his encryption itself is suspicious), and was kind enough to write me a blurb for the new edition of the book. I'm not saying that Little Brother inspired Kozinski to issue this decision, but I'm delighted to discover that something I've been pushing through fiction since 2008 has made it into law in 2013.

9th Circuit Appeals Court: 4th Amendment Applies At The Border; Also: Password Protected Files Shouldn't Arouse Suspicion


  1. I read this and cheered… and then read more carefully.  Ninth Circuit – the US court with the most overturned decisions.

    I now await the inevitable split between the Fifth and Ninth Circuits (which will come over a similar case at the Texas border or at a Gulf port of entry), and the nearly equally inevitable decision of the US Supreme Court that such an action isn’t an unreasonable search or seizure because we said so.

    Sorry, I’m just not in an optimistic mood today.

    1. This is actually a fairly amusing and cleverly crafted decision. What the 9th said was that these searches require specific circumstances AND that such circumstances existed in this case.  So the decision came down in favor of the US (and against the defendant).  This puts the government in the very odd position of possibly trying to appeal a ruling in which it won.  They can do that, in part by arguing that the criteria drawn were incorrect or that the basis for the decision was incorrect but SCOTUS looks down on such appeals and rarely grants cert.

      And for the record I believe the 9th is no longer the Circuit most overturned by the Supremes.  The 6th now has that dubious distinction.  This is especially true if you look at percentages rather than absolute numbers.  The Ninth is a HUGE Circuit both in terms of geography and in terms of number of people within its boundaries. Thus the sheer number of cases it takes and the number that get appealed to SCOTUS tend to skew the stats.

      What really needs to happen is that the 9th needs to be split into two circuits.  Finding a way to do that without splitting up CA itself is going to be hard and having a state that spans two Circuits is bad juju – it makes for all sorts of weird contortions.  But I digress.

  2.  Yeah, a decision by the Ninth Circuit is kind of like a decision by Elizabeth Warren. Nice, but not often binding. Still, it is a moral victory and could signal changes to come. Unanimous is a good sign.

  3. I can’t believe that my first reaction is surprised delight that the decision actually reflects a basic understanding of the relevant technology.

    Imagine what a utopian fantasy it would be to expect and require that our laws and courts exhibit even the most basic grounding in reality.

  4. The problem is that while they ruled that password-protected files alone aren’t enough to warrant a search, in this case there was reasonable suspicion because there were password protected files and he was convicted of a sex offense 15 years prior.  So while they can’t do forensic analysis for just having password-protected files, if they come up with pretty much any other reason that you’re “suspicious”, they’ll call it reasonable suspicion.

  5. Let’s say this is overturned by SCOTUS.  What then?  What do you do?  …Stuff you should be doing anyways:

    1. don’t take a laptop across the border.
    2. don’t take your passwords in a laptop across the border.
    3. don’t have encrypted files on that laptop that you’re taking across the border.
    4. if you must have encrypted files or partitions on the laptop, at the very least have them hidden, not in plain view.
    5. if you must have plain view encrypted files or partitions on the laptop, at least claim business use rather than as a person.  LLCs are cheap and easy to get; there’s no reason not to have one.  The laptop should be property of the LLC, not you.
    6. ok, let’s go back a couple steps.  If you must have encrypted files, and are subject to a forensic analysis, at least have the encrypted file/partition also contain a hidden encrypted partition, which allows plausible deniability that it even exists, since it appears the same as the rest of the encrypted volume: as gibberish.  They can’t prove that it exists, and you don’t have to tell them.
    7. back up your shit somewhere else they can’t touch. 

  6. I suspect a quick search of your laptop may find a matching “tu” for your constition. I’ll keep an eye out for you at the border, but I’m unlikely to detain you.

  7. Speaking from personal experience, bringing a clean install device (OS, possibly additional commercial software, no personal files yet) across the US border is also considered grounds for reasonable suspicion. A blank device – surely one is concealing something, or trying to avoid declaring a purchase (i keep copies of my receipts for this purpose)

    Also, my laptops sometimes had spyware installed after they were searched and returned by DHS or Customs.

Comments are closed.