Laptop Searches

Recently, a client who came to Canada from the US in order to assist in the negotiation of an outsourcing contract had his laptop examined by Canada customs agents while clearing customs at the border. While nothing incriminating was found and he was quickly on his way, the incident highlights the increased risk of international travelers having their laptops searched or detained by Canadian and/or US border agents.

A decision last summer in U.S. v. Romm by the 9th Circuit Court of Appeals sent shockwaves through the legal community. The defendant was denied entry into Canada after the Canada Border Security Agency (CBSA) discovered that he had a criminal history and found several child pornography websites in his laptop’s “internet history”. The CBSA agents also informed U.S. Customs that Romm had been denied entry and probably had illegal images on his computer. Upon his return to the U.S., Romm was interviewed by agents from the Immigration and Customs Enforcement (ICE) who also discovered images of child pornography stored on his laptop following a “warrantless” search of his laptop including forensic analysis.

At his trial, the Court denied his attorney’s motion to suppress the evidence obtained from the border search of Romm’s laptop. On appeal, the Ninth Circuit held that the forensic analysis of Romm’s laptop fell within the scope of the “border search” exception to the requirement to obtain a warrant, and that under this exception, the routine border search of Romm’s laptop was reasonable without the need for a warrant. In other words, searches made at the border are reasonable simply because they occur at the border.

In a more recent ruling, U.S. v. Arnold (2006 U.S. Dist. LEXIS 73311), released on October 2, 2006, the US District Court of the Central District of California (also part of the Ninth Circuit) recognized that files on a laptop computer may include trade secrets, attorney-client privileged information, and other proprietary business information, and concluded that Fourth Amendment protection extends to the search of this type of personal and private information at the border. The U.S. Fourth Amendment protects the right of people to be secure in their persons, houses, papers and effects against unreasonable searches and seizures.

While not physically intrusive as in the case of a strip or body cavity search, the search of one’s private and valuable personal information stored on a hard drive or other electronic storage device can be just as much, if not more, of an intrusion into the dignity and privacy interests of a person. The Court concluded that a border search of the information stored on a person’s electronic storage device be based, at a minimum, on a reasonable suspicion that the confidential information contained evidence of a crime.

According to the Court, the reasonableness of a border search is determined by balancing the need for a particular search against the invasion that the search entails. While the balance is struck more favourably toward the government because of the lessened expectation of privacy and the need to protect the nation’s borders, highly invasive searches are not reasonable merely because they take place at the border. Instead, such an invasive search must be supported by reasonable suspicion.

While the two decisions are not necessarily contradictory (since in Romm, the ICE agents were put on alert by the CBSA and therefore presumably had a reasonable basis for their search), lawyers and their business clients would be well advised to implement mitigation strategies this quickly evolving area of the law becomes clearer and makes its way into consistently applied procedures.

Specifically, consideration should be given to minimizing or encrypting any highly confidential information carried on laptops. However, encryption alone may not be a viable strategy since the failure to voluntarily provide access to encrypted information stored on a laptop could potentially result in the confiscation, at least temporarily, of the laptop. A preferred option, if available, may be to take along a laptop that contains a minimum of confidential information and to instead access such information from the corporate or law firm system using secure remote access applications (such as Citrix, GoToMyPC or LogMeIn) or virtual private network (VPN) technology.