The Risk Manager, Winter 2018
The recent ABA Center for Professional Responsibility Conference included the panel program Prying Eyes: Think Confidential and Privileged Client Information is Safe at the Border? Guess Again. The panelists pointed out that lawyers crossing international borders are at an increasing risk that border control officers will seek to search smart phones, portable hard drives, USB thumb drives, and laptops. The panel stressed the ethical duty lawyers have when crossing a border with e-devices to protect privileged or confidential information.
This ethical duty is complicated by the fact that the U.S. Customs and Border Protection Agency asserts the authority to conduct routine searches without probable cause to review any information on e-devices of U.S. citizens when crossing the U.S. border. Lawyers are not exempt. This necessitate that lawyers carefully plan what e-devices they will travel with and what information is on them.
There are two good sources for guidance for lawyers crossing the U.S. border with e-devices. Both are readily available via Google:
- The Association of the Bar of The City of New York Committee on Professional Ethics Formal Opinion 2017-5: An Attorney’s Ethical Duties Regarding U.S. Border Searches of Electronic Devices Containing Clients’ Confidential Information
- Digital Privacy at the U.S. Border: Protecting The Data on Your Devices and in the Cloud (Electronic Frontier Foundation, March 8, 2017).
A lawyer’s ethical duties when crossing the U.S. border with e-devices is summed up in Formal Opinion 2017-5 as follows:
Before crossing the U.S. border, an attorney must make reasonable efforts to protect [e-devices] against the disclosure of clients’ confidential information in response to a demand by border agents. Because “reasonable efforts” depend on the circumstances, no particular safeguards are invariably required. However, attorneys should generally (i) evaluate the risks of traveling with confidential information and (ii) consider what safeguards to implement to avoid or reduce the risk that confidential information will be accessed or disclosed in the event of a search. At the border, if government agents seek to search the attorney’s electronic device pursuant to a claim of lawful authority, and the device contains clients’ confidential information, the attorney may not comply until first making reasonable efforts to assert the attorney-client privilege and to otherwise avert or limit the disclosure of confidential information, e.g., by asking to speak to a superior officer. To add credence to the claim of attorney-client privilege, an attorney should carry attorney identification and be familiar with the customs agency’s policies or guidelines regarding searches of privileged information. Finally, if the attorney discloses clients’ confidential information to a third party during a border search, the attorney must inform affected clients about such disclosures.
Digital Privacy at the U.S. Border is an excellent practical consideration of the whole range of ethics issues and risk management options bearing on crossing the U.S. border with e-devices. It is divided into three parts:
PART 1: DIGITAL PRIVACY GUIDE FOR TRAVELERS
- Covers risk assessment factors including immigration status, travel history, and the data stored on an e-device.
- Reviews risk management actions to protect confidentiality:
“Before your trip. Travelers should decide whether they can reduce the amount of digital information that they carry across the border. For example, they may leave certain devices at home, use temporary devices, delete content from their devices, or shift content to the cloud. Travelers should protect the information they do carry over the border. Most importantly, they should use full-disk encryption and backup their data somewhere else. Also, shortly before arriving at the border, travelers should power off their devices, which will resist a variety of high-tech attacks against encryption. Travelers should not rely solely on fingerprint locks, which are less secure than passwords.”
PART 2: CONSTITUTIONAL RIGHTS, GOVERNMENT POLICIES, AND PRIVACY AT THE BORDER
Covers individual rights at the border and government policies and practices at the border.
PART 3: THE TECHNOLOGY OF PRIVACY PROTECTION
Covers a variety of tools to protect privacy. These include:
- Understanding Weaker Screen-Lock or User Account Passwords
- Strong Full-Disk Storage Encryption
- Activating Encryption
- Secure Deletion and Forensics
- Overview of Secure Deletion.
- Wiping Hard Drives and Removable Media
- Individual File Secure Deletion
- Clearing Free Space
- Encryption and Secure Deletion
- Cloud Storage
The foregoing only scratches the surface of the wealth of information on border crossings contained in Digital Privacy at the U.S. Border. We urge you to review it now as part of your professional reading even if you have no plans to cross the U.S. border.