Protecting confidential information from border searches

  Customs and Border Protection (CPB) adopted a revised regulation on border searches (Directive #3340-049A, available online), one portion of which, §5.2, deals with privileged material.   With regard to password protected or encrypted devices, the directive authorizes officials to request access to the materials.  §5.3.1.  Further, if the material is not accessible, the directive allows the CPB to detain the device for a reasonable period of time and to seek technical advice to access material on the device. §§5.3.4 and 5.4.1.  Authors of an article on the revised directive argue that “best practice” would be to follow the guidance of New York City Bar Op. #2017-05: (1) not carry any confidential information across the border, (2) carry only a clean “burner” device, and (3) return with a clean device with all syncing turned off. See Karen Rubin & Steven Stransky, Border Searches of your e-device: encryption may be of limited value in protecting client data.   The CPB states that the inspection rate of devices crossing the border is .007.  Id. While the best practice might be to cross the border only with clean devices, this level of protection may not be ethically necessary.  Lawyers are only required to take reasonable efforts to protect the confidentiality of client information.  See Model Rule 1.6(c).  The New York City opinion states that “even if a border search seems highly unlikely, that consideration should be weighed against the amount and sensitivity of the information held and any additional harm that may result from its disclosure without the client’s consent.”

For more information, Nathan M. Crystal.