In late February, shortly after the story we posted about the Canada Border Services Agency delaying our request for documents on their policies on searching laptops and other personal electronics, a slim brown envelope arrived in our office. The response came just over two weeks after the extended deadline the CBSA set for itself had expired. The delay was frustrating, but not nearly as long as we’d feared given the abysmal state of access to information responses from other governmental agencies.
Image: jasonunbound on Flickr
Now that we’ve had a chance to go through the documents, there were few surprises. The documents provided by the CBSA were disorganized and still fail to provide a clear and complete picture of CBSA policies and practices on data search and retention. In the end, the documents raised more questions than they answered, but are fairly interesting in their own right, if only for the glimpse into the institutional culture of the CBSA they can provide.
Many categories of important information were completely redacted or exempted from disclosure. Some of the redactions were legitimate—legal opinions, for instance, would generally be covered by solicitor-client privilege. Other omissions were less convincing, and the practice of redacting in white rather than in black left it unclear whether information was missing or not. Some areas of the request were completely ignored or omitted. For instance, we asked for statistics on how many searches of personal electronics had been conducted. These statistics were not even referred to in the documents provided.
The BCCLA has filed another complaint with the Office of the Information Commissioner, this time regarding the exemptions and redactions from the documents provided by the CBSA in response to our request. For now, here’s a review of some of the highlights of the documents we have received:
The consistent:
CBSA policy states that “the difference between a paper document and information stored electronically is only the medium it is stored on” (A-2009-01850-Vol2 on p. 5). We can think of lots of other differences—the kind and quantity of information that is regularly brought across the border by travellers bringing their laptops and smart phones, for instance—but this fits with what we had learned about CBSA search practices.
The CBSA spends a lot of time thinking about child pornography. We’d always assumed this was the case, but the documents show that an entire chapter of the Customs Enforcement Manual is dedicated to the subject (A-2009-01850-Vol4).
The CBSA can and does perform laptop searches at random, but “will only scan or peruse a document to the extent necessary to either confirm or negate its association to an offence or intelligence concern” (A-2009-01850-Vol2 on p. 2).
Most screening is not at random, relying instead on various “indicators” including “known importers, exporters, known export locations (specific locations or geographical areas), the nature of the goods being imported (commodities known to be suspect) and/or information disseminated through regional or headquarters intelligence channels. … Officers should also be aware of high-risk geographical locations for child sex tourism” (A-2009-01850-Vol4 at p. 6). Specific indicators and suspect nations were redacted from the documents CBSA provided us. However, from court documents filed in the case of former Bishop Raymond Lahey, we know that “border officials flagged Lahey because he was a man travelling alone and his passport showed several trips to Southeast Asia, Germany, Spain and other areas known for child pornography”.
Screening also relies on various databases, including the Integrated Primary Inspection Line system (IPIL) and Integrated Customs Enforcement System (ICES) for primary screening, and Field Operations Support System (FOSS), the Canadian Police Information Centre (CPIC), National Crime Information Center (NCIC), the sex offender database, Treasury Enforcement Communications System (TECS), and Police Information Records System for secondary screening (PIRS) (A-2009-01850-Vol6 on p. 14).
The “Electronic Media Search Form” sets out a lot of what CBSA officers are looking for when they decide to search a computer. Officers will look for user accounts visible on the login screen, note the operating system, any encryption, and provides space for passwords provided, but also a box for “password not located”. There are also suggested image and keyword searches to guide officers (A-2009-01850-Vol6 on p. 6-8).
The CBSA has software to assist border agents with laptop searches. If, after an initial search, the border agent feels further scrutiny is required, he or she uses software called ICWhatUC to scan images stored on the traveller’s hard drive. ICWhatUC only works on Windows machines. It scans for image files on a computer, including images in the web browser’s cache, image files with strange file extensions (like .doc instead of .jpg) and files in the recycle bin. Deleted files and files in archives do not show up. We’ve purchased a copy of the law enforcement version of ICWhatUC and will be doing an analysis of its capabilities and limitations in another post this month.
The weird:
A Powerpoint presentation illustrates the physical size of media that it is possible to store on media of various capacities. For instance, “one meter (or close to a yard) of shelved books” is about 100 megabytes, while a “pickup truck filled with books” is about 500 megabytes of data (A-2009-01850-Vol7 on p. 4). A USB key could “contain a stack of paper (8.5×11), 35 feet higher than the CN tower” that “would take two years to print @ 24/7″ (A-2009-01850-Vol7 on p. 1).
Another bizarre Powerpoint charts porn vs. time, showing that every second $3075 is spent on pornography, 28258 internet users are viewing pornography, and 372 people are typing adult search terms into search engines (A-2009-01850-Vol7 on p. 3). It follows this information up with statistics on youth viewing pornography, and then directly to statistics on seizures of child pornography (p. 4). This disingenuous attempt to link legal, adult pornography with the production and distribution of child pornography in its training materials may be part of the reason for CBSA’s continued targeting of legal materials it finds objectionable, like artsy queer films.
A chart breaks down the difference between “child pornography” and “not child pornography”, in case there was any confusion (A-2009-01850-Vol4 on p. 16). This chart seems to be common sense, but given some of the ridiculous accusations that have been made in the past, it’s probably a good thing that CBSA agents are provided with this handy cheat sheet:
A later document notes another example: “Japanese Anime – most not child porn” (A-2009-01850-Vol6 on p. 13).
The missing:
Five key areas were not addressed adequately (or at all) in the CBSA’s response to our request:
Criteria for selection of individuals for device inspection. Information was referred to, and some information provided, but the contents of these sections were heavily redacted.
Policies for copying and retention of electronic information. Some information was provided, but it only referred to cases where potentially criminal conduct was detected during the CBSA’s initial search. Further information is required here.
Statistics on the number and kinds of devices inspected.
Demographic information on individuals whose devices have been inspected.
Policies for the distribution of electronic information copied from electronic devices to other government agencies.
These areas make up the substance of our second complaint to the Information Commissioner.
Overall, the CBSA’s lack of transparency on this important issue is discouraging. While their policies on searches appear to be quite similar, the CBSA has not been as forthcoming with information as even the secretive U.S. Department of Homeland Security, which has made its policy publicly available.
The documents:
As promised, we’ve made all the documents we received available online. Download them and have a look through them yourself. If you see anything of special note, have your own story of having your electronics searched at the Canadian border, or have something to add, please let us know in the comments or by email: [greg]@[bccla].[org]
CBSA laptop search documents
In late February, shortly after the story we posted about the Canada Border Services Agency delaying our request for documents on their policies on searching laptops and other personal electronics, a slim brown envelope arrived in our office. The response came just over two weeks after the extended deadline the CBSA set for itself had expired. The delay was frustrating, but not nearly as long as we’d feared given the abysmal state of access to information responses from other governmental agencies.
Now that we’ve had a chance to go through the documents, there were few surprises. The documents provided by the CBSA were disorganized and still fail to provide a clear and complete picture of CBSA policies and practices on data search and retention. In the end, the documents raised more questions than they answered, but are fairly interesting in their own right, if only for the glimpse into the institutional culture of the CBSA they can provide.
Many categories of important information were completely redacted or exempted from disclosure. Some of the redactions were legitimate—legal opinions, for instance, would generally be covered by solicitor-client privilege. Other omissions were less convincing, and the practice of redacting in white rather than in black left it unclear whether information was missing or not. Some areas of the request were completely ignored or omitted. For instance, we asked for statistics on how many searches of personal electronics had been conducted. These statistics were not even referred to in the documents provided.
The BCCLA has filed another complaint with the Office of the Information Commissioner, this time regarding the exemptions and redactions from the documents provided by the CBSA in response to our request. For now, here’s a review of some of the highlights of the documents we have received:
The consistent:
The weird:
A later document notes another example: “Japanese Anime – most not child porn” (A-2009-01850-Vol6 on p. 13).
The missing:
Five key areas were not addressed adequately (or at all) in the CBSA’s response to our request:
These areas make up the substance of our second complaint to the Information Commissioner.
Overall, the CBSA’s lack of transparency on this important issue is discouraging. While their policies on searches appear to be quite similar, the CBSA has not been as forthcoming with information as even the secretive U.S. Department of Homeland Security, which has made its policy publicly available.
The documents:
As promised, we’ve made all the documents we received available online. Download them and have a look through them yourself. If you see anything of special note, have your own story of having your electronics searched at the Canadian border, or have something to add, please let us know in the comments or by email: [greg]@[bccla].[org]
CIVIL LIBERTIES CAN’T PROTECT THEMSELVES