Monday, March 2, 2009

ShmooCon ’09: They Took My Laptop!

No, they didn’t take my laptop. That’s the name of the session Tyler Pitchford presented at ShmooCon ’09. Focused on the Fourth Amendment, Pitchford provided an excellent overview on search and seizure, as well as on clauses addressing “reasonableness” and “warrant”.

While a small percentage of ShmooCon attendees really do have something to hide, the vast majority of folks attend to learn, to share, to network. And to party. Definitely, to party. That said, even those of us with nothing to hide paid close attention to Pitchford’s talk. I spend enough time flying internationally that by some random principle, I’d guess that my number will eventually come up for a laptop search.

At which time I’ll be thoroughly pissed. No, I don’t have anything to hide. But, my laptop and everything on it count as my possessions, so I don’t really care to have someone rummaging through them without probable cause.

The good news is that I learned quite a bit from Pitchford’s talk, to be able to have a reasonable (?) discussion with folks who’d like to poke around my zeros and ones. To recap, the Fourth Amendment states: “The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or the things to be seized.”

Things get a little complicated when you take those “effects”, put them on a computer, and return home from a foreign country. Pitchford focused primarily on discussions and examples of warrantless searches, which are the ones that I think concern most of us—when someone in a position of authority chooses to use that authority “just because”, without a legitimate level of suspicion.

Of course, one of the exceptions to the standard rules is when crossing a border. Pitchford discussed the case of U.S. v Arnold, in which the Ninth Circuit ruled in 2007 that laptops are no different that closed containers, and are thus subject to routine (suspicionless) searches. The case fits the bill as “routine”, since you’re crossing a border—but still annoys me. Again, I’d like to think I have nothing to worry about, since I have nothing to hide; and, having been on enough military installations, I don’t really have much of an expectation of privacy. But, I’m still concerned enough that I’ll continue to follow further developments in this space very closely.

One case whose ink is barely dry is if the entire drive is encrypted. In a case tried in Vermont over the past few years (most recently in re: Grand Jury Subpoena to Sebastien Boucher, 2009), the court had found that encryption keys are “products of the mind”, and are thus not subject to disclosure under the Fifth Amendment. The analogy here is a combination lock to a vault versus keys—you can be legally compelled to cough up keys (tangible), but not a vault combo (intangible). However, just a couple of weeks ago (shortly after ShmooCon), the District Court of Vermont ruled that Boucher would have to produce a copy of a portion of his hard drive; I don't think that this particular wording and this particular case counteracts the earliers findings, but the ruling is way too involved for me to go into here. Plus, I'm not a lawyer, so I encourage you to investigate the documents linked here. Warning: some of the content descriptions are not for the faint of heart.

I’d recommend that every international traveler have a look at Pitchford’s slides. Again, I’m not a lawyer, and Pitchford’s not your lawyer, but I’m still confident that you can learn something from his slides.

No comments:

Post a Comment