What Should Attorneys Do at Border Crossings to Protect Client Information?

Published On July 28, 2017 | By Carrie Cordero and Jake Sommer | Data Security, Practical Advice

Earlier this summer, the Secretary of the Department of Homeland Security announced a series of heightened aviation security measures for commercial flights in-bound to the United States, including “enhanced screening of electronic devices.” Increased U.S. government scrutiny of electronic devices raises privacy concerns for every day passengers traveling to and from the United States. Increased searching of electronic devices raises special issues for lawyers, journalists, and others who may owe a heightened duty of confidentiality to others whose data they may be storing on their devices.

Exactly how these heightened security measures can and will be carried out is currently being debated. Support for border searches comes from Supreme Court precedent recognizing strong executive authority at the border, under the “border search doctrine.” Border searches are warrantless searches of personal effects at the international border. Courts have recognized a difference, however, between “routine” and intrusive searches. More intrusive searches, like a forensic examination of a personal electronic device, require reasonable suspicion that the person entering the country has committed a crime. When, exactly, the search rises to the level where a warrant is required is an issue currently on appeal to the Fourth Circuit Court of Appeals. We expect that courts will continue to be called on in the months and years ahead to further distinguish between whether government agents can demand incoming travelers to provide passwords (such as device, social media, and de-encryption passwords), or access to communications apps accessed through their personal device.

Recognizing that being subject to such a search at the border raises special issues for attorneys, the Association of the Bar of the City of New York Committee on Professional Ethics released on July 25, 2017, Formal Opinion 2017-5, detailing An Attorney’s Ethical Duties Regarding U.S. Border Searches of Electronic Devices Containing Clients’ Confidential Information. The opinion advises attorneys that they need to take “reasonable steps” to protect confidential client data, including when at the border. The advice takes two approaches. First, the Bar recommends that attorneys take reasonable steps to secure confidential client data, which can include both avoiding storing client data on a device itself, and restricting access to data stored in the cloud. To that end, attorneys should take reasonable steps to protect client data when traveling, including, but not limited to, measures such as using devices specifically configured for travel, not storing sensitive data on the device itself, turning off “sync” functions for data stored in the cloud and otherwise “signing out” of cloud-based services, and uninstalling applications. Second, attorneys should affirmatively communicate to border agents who are seeking access to a device that the device contains protected client communications. Steps attorneys can take to assist in this communication include carrying a bar membership ID form and business card, and, if the agent persists, asking the agent to elevate the request to a supervisor.

The advice does not cover every scenario, but makes clear that bar associations are thinking about these issues and lawyers should not cross borders without thinking about what might happen to client data if they are subject to search and taking steps to prepare for that possibility. Advice like this confirms that law firms should also train attorneys so that, regardless of whether they are traveling for business or pleasure, they know what to say and do when they cross borders and what their rights and their clients’ rights are.

 

About The Authors

Carrie Cordero’s practice focuses on national security law, homeland security law, and related surveillance, privacy, cybersecurity, insider threat and data protection issues. Her practice also includes advising companies on insider threat program development. A recognized voice on national security legal and policy issues, Carrie was previously Director of National Security Studies at Georgetown Law, and served as Counsel to the Assistant Attorney General for National Security; Senior Associate General Counsel at the Office of the Director of National Intelligence; Attorney Advisor in the Department of Justice, where she practiced before the Foreign Intelligence Surveillance Court; and Special Assistant United States Attorney.

Jacob Sommer’s practice focuses on legal issues related to Internet-based services and social networking, with a focus on protecting client’s rights in litigation or government investigations involving the Copyright Act, Lanham Act, Digital Millennium Copyright Act (“DMCA”), Electronic Communications Privacy Act (“ECPA”), the Wiretap and Communication Acts, CAN-SPAM, FISA and federal and state laws governing Internet gambling. He also helps social networks, search engines, e-mail providers, ISPs and other clients fulfill their compliance obligations pertaining to the discovery and disclosure of customer and subscriber information.

Comments