[Senate Hearing 110-589]
[From the U.S. Government Publishing Office]



                                                        S. Hrg. 110-589

  LAPTOP SEARCHES AND OTHER VIOLATIONS OF PRIVACY FACED BY AMERICANS 
                     RETURNING FROM OVERSEAS TRAVEL

=======================================================================

                                HEARING

                               before the

                    SUBCOMMITTEE ON THE CONSTITUTION

                                 of the

                       COMMITTEE ON THE JUDICIARY
                          UNITED STATES SENATE

                       ONE HUNDRED TENTH CONGRESS

                             SECOND SESSION

                               __________

                             JUNE 25, 2008

                               __________

                          Serial No. J-110-103

                               __________

         Printed for the use of the Committee on the Judiciary





      



                     U.S. GOVERNMENT PRINTING OFFICE

45-091 PDF                 WASHINGTON DC:  2008
---------------------------------------------------------------------
For sale by the Superintendent of Documents, U.S. Government Printing
Office  Internet: bookstore.gpo.gov Phone: toll free (866)512-1800
DC area (202)512-1800  Fax: (202) 512-2250 Mail Stop SSOP, 
Washington, DC 20402-0001

                       COMMITTEE ON THE JUDICIARY

                  PATRICK J. LEAHY, Vermont, Chairman
EDWARD M. KENNEDY, Massachusetts     ARLEN SPECTER, Pennsylvania
JOSEPH R. BIDEN, Jr., Delaware       ORRIN G. HATCH, Utah
HERB KOHL, Wisconsin                 CHARLES E. GRASSLEY, Iowa
DIANNE FEINSTEIN, California         JON KYL, Arizona
RUSSELL D. FEINGOLD, Wisconsin       JEFF SESSIONS, Alabama
CHARLES E. SCHUMER, New York         LINDSEY O. GRAHAM, South Carolina
RICHARD J. DURBIN, Illinois          JOHN CORNYN, Texas
BENJAMIN L. CARDIN, Maryland         SAM BROWNBACK, Kansas
SHELDON WHITEHOUSE, Rhode Island     TOM COBURN, Oklahoma
            Bruce A. Cohen, Chief Counsel and Staff Director
           Stephanie A. Middleton, Republican Staff Director
              Nicholas A. Rossi, Republican Chief Counsel
                                 ------                                

                    Subcommittee on the Constitution

                RUSSELL D. FEINGOLD, Wisconsin, Chairman
EDWARD M. KENNEDY, Massachusetts     SAM BROWNBACK, Kansas
DIANNE FEINSTEIN, California         ARLEN SPECTER, Pennsylvania
RICHARD J. DURBIN, Illinois          LINDSEY O. GRAHAM, South Carolina
BENJAMIN L. CARDIN, Maryland         JOHN CORNYN, Texas
                    Robert F. Schiff, Chief Counsel
               Lauren B. Petron, Republican Chief Counsel














                            C O N T E N T S

                              ----------                              

                    STATEMENTS OF COMMITTEE MEMBERS

                                                                   Page

Brownback, Hon. Sam, a U.S. Senator from the State of Kansas.....     4
Feingold, Hon. Russell D., a U.S. Senator from the State of 
  Wisconsin......................................................     1
    prepared statement and attachments...........................   114
Leahy, Hon. Patrick J., a U.S. Senator from the State of Vermont, 
  prepared statement.............................................   142

                               WITNESSES

Carafano, James Jay, Assistant Director, Kathryn and Shelby 
  Cullom Davis Institute for International Studies, and Senior 
  Research Fellow, Douglas and Sarah Allison Center for Foreign 
  Policy Studies, The Heritage Foundation, Washington, D.C.......    15
Cunningham, Larry, Assistant District Attorney, Bronx County; 
  Assistant Professor of Legal Writing, St. John's University 
  School of Law, Queens, New York................................    12
Gurley, Susan K., Executive Director, Association of Corporate 
  Travel Executives, Alexandria, Virginia........................    10
Khera, Farhana Y., President and Executive Director, Muslim 
  Advocates, San Francisco, California...........................    13
Sales, Nathan A., Assistant Professor of Law, George Mason 
  University School of Law, Arlington, Virginia..................     8
Swire, Peter P., Professor, Moritz College of Law, The Ohio State 
  University, and Senior Fellow, Center for American Progress, 
  Washington, D.C................................................    17
Tien, Lee, Senior Staff Attorney, Electronic Frontier Foundation, 
  San Francisco, California......................................     6

                         QUESTIONS AND ANSWERS

Responses of Larry Cunningham to questions submitted by Senator 
  Brownback......................................................    36
Responses of Farhana Khera to questions submitted by Senator 
  Feingold.......................................................    40
Responses of Lee Tien to questions submitted by Senator Feingold.    44

                       SUBMISSIONS FOR THE RECORD

Ahern, Jayson P., Deputy Commissioner, Customs and Border 
  Protection, Department of Homeland Security, Washington, D.C., 
  statement......................................................    52
Asian Law Caucus, Inc., Shirin Sinnar, Staff Attorney, San 
  Francisco, California, statement and attachments...............    60
Carafano, James Jay, Assistant Director, Kathryn and Shelby 
  Cullom Davis Institute for International Studies, and Senior 
  Research Fellow, Douglas and Sarah Allison Center for Foreign 
  Policy Studies, The Heritage Foundation, Washington, D.C., 
  statement......................................................    81
Cunningham, Larry, Assistant District Attorney, Bronx County; 
  Assistant Professor of Legal Writing, St. John's University 
  School of Law, Queens, New York, statement.....................    87
Gurley, Susan K., Executive Director, Association of Corporate 
  Travel Executives, Alexandria, Virginia, statement.............   124
Khera, Farhana Y., President and Executive Director, Muslim 
  Advocates, San Francisco, California, statement................   131
Muslim Bar Association of New York, Asim Rehman, Esq., President, 
  New York, New York, letter.....................................   144
Organizations urging the Committee on the Judiciary to hold 
  hearings on Department of Homeland Security practices:
    May 1, 2008, joint letter....................................   146
    June 20, 2008, joint letter..................................   149
Sales, Nathan A., Assistant Professor of Law, George Mason 
  University School of Law, Arlington, Virginia, statement.......   153
Swire, Peter P., Professor, Moritz College of Law, The Ohio State 
  University, and Senior Fellow, Center for American Progress, 
  Washington, D.C., statement....................................   162
Tien, Lee, Senior Staff Attorney, Electronic Frontier Foundation, 
  San Francisco, California, statement...........................   174
U.S. Immigration and Customs Enforcement, Julie L. Myers, 
  Assistant Secretary, Washington, D.C., directive...............   187
U.S. News and World Report, June 24, 2008, article...............   197
Washington Post, February 7, 2008, article.......................   199



























 
  LAPTOP SEARCHES AND OTHER VIOLATIONS OF PRIVACY FACED BY AMERICANS 
                     RETURNING FROM OVERSEAS TRAVEL

                              ----------                              


                        WEDNESDAY, JUNE 25, 2008

                                       U.S. Senate,
                          Subcommittee on the Constitution,
                                Committee on the Judiciary,
                                                   Washington, D.C.
    The Subcommittee met, pursuant to notice, at 9:06 a.m., in 
room SD-226, Dirksen Senate Office Building, Hon. Russell D. 
Feingold, Chairman of the Subcommittee, presiding.
    Present: Senators Feingold, Durbin, and Brownback.

 OPENING STATEMENT OF HON. RUSSELL D. FEINGOLD, A U.S. SENATOR 
                  FROM THE STATE OF WISCONSIN

    Chairman Feingold. Welcome to this hearing of the 
Constitution Subcommittee entitled ``Laptop Searches and Other 
Violations of Privacy Faced by Americans Returning from 
Overseas Travel.'' We will be hearing this morning from a panel 
of experts who can help us explore the legal and practical 
implications of this important issue.
    Let me start by making a few opening remarks, then I will 
recognize the Ranking Member, Senator Brownback, for an opening 
statement, and then we will turn to our witnesses.
    If you asked most Americans whether the Government has the 
right to look through their luggage for contraband when they 
are returning from an overseas trip, they would probably tell 
you yes, the Government has that right. But if you asked them 
whether the Government has the right to open their laptops, 
read their documents and e-mails, look at their photographs, 
and examine the websites they have visited, all without any 
suspicion of wrongdoing, I think those same Americans would say 
that the Government has absolutely no right to do that. And if 
you asked them whether that actually happens, they would say, 
``Not in the United States of America.''
    But it is happening. Over the last two years, reports have 
surfaced that customs agents have been asking U.S. citizens to 
turn over their cell phones or give them the passwords to their 
laptops. Travelers have been given a choice between complying 
with the request or being kept out of their own country. They 
have been forced to wait for hours while customs agents 
reviewed and sometimes copied the contents of their electronic 
devices. In some cases, the laptops or cell phones were 
confiscated and returned weeks or even months later, with no 
explanation.
    Now, the Government has an undeniable right and 
responsibility to protect the security of our borders. The 
Supreme Court has thus held that no warrant and no suspicion is 
necessary to conduct ``routine searches'' at the border. But 
there is a limit to this so-called ``border search exception.'' 
The courts have unanimously held that invasive searches of the 
person, such as strip searches or x-rays, are ``non-routine'' 
and require reasonable suspicion. As the Supreme Court has 
stated, these searches implicate dignity and privacy interests 
that are not present in routine searches of objects.
    So the constitutional question we face today is this: When 
the Government looks through the contents of your laptop, is 
that just like looking through the contents of a suitcase, car 
trunk, or purse? Or does it raise dignity and privacy interests 
that are more akin to an invasive search of the person, such 
that some individualized suspicion should be required before 
the search is conducted?
    This administration has argued in court that a laptop can 
be searched without any suspicion because it is no different 
from any other ``closed container.'' I find that argument to be 
disingenuous, to say the least. The search of a suitcase, even 
one that contains a few letters or documents, is not the same 
as the search of a laptop containing files upon files of 
photographs, medical records, financial records, e-mails, 
letters, journals, and an electronic record of all websites 
visited. The invasion of privacy represented by a search of a 
laptop differs by an order of magnitude from that of a 
suitcase.
    Ultimately, though, the question is not how the courts 
decide to apply the Fourth Amendment in these uncharted waters. 
I guarantee you this: Neither the drafters of the Fourth 
Amendment nor the Supreme Court when it crafted the ``border 
search exception'' ever dreamed that tens of thousands of 
Americans would cross the border every day, carrying with them 
the equivalent of a full library of their most personal 
information. Ideally, Fourth Amendment jurisprudence would 
evolve to protect Americans' privacy in this once unfathomable 
situation. But if the courts cannot offer that protection, then 
that responsibility falls to Congress. Customs agents must have 
the ability to conduct even highly intrusive searches when 
there is reason to suspect criminal or terrorist activity. But 
suspicionless searches of Americans' laptops and similar 
devices go too far. Congress should not allow this gross 
violation of privacy.
    Aside from the privacy violation, there is reason for 
serious concern that these invasive searches are being targeted 
at Muslim Americans and Americans of Arab or South Asian 
descent. Many travelers from these backgrounds who have been 
subject to electronic searches have also been asked about their 
religious and political views. As we will hear today, travelers 
have been asked why they chose to convert to Islam, what they 
think about Jews, and their views of the candidates in the 
upcoming election. This questioning is deeply disturbing in its 
own right. It also strongly suggests that border searches are 
being based, at least in part, on impermissible factors.
    The disproportionate targeting of this group of Americans 
does not mean that other Americans are exempt. The Association 
of Corporate Travel Executives has surveyed its members, and 7 
percent of business travelers who responded to the survey had 
experienced seizures of their laptops or other electronic 
equipment. That is an incredible number when you consider how 
many Americans are required to undertake overseas business 
travel today and the amount of confidential business 
information stored on their laptops. As we will be hearing 
today, the problem is large enough to have a real impact on the 
way Americans do business.
    Americans have tried to find out from the Department of 
Homeland Security what its specific policies are on searching 
and seizing electronic equipment at the border. Two nonprofit 
organizations filed a Freedom of Information Act request in 
October 2007 to get DHS to turn over its policies. Eight months 
later, DHS has not complied with that request. My own questions 
for Secretary of Homeland Security Michael Chertoff on this 
issue, which I submitted to him in early April after his 
appearance at an oversight hearing held by the full Judiciary 
Committee, have not been answered, despite my specific request 
that they be answered before this hearing.
    I asked DHS to send a witness to testify today. DHS 
responded that its preferred witness was unavailable on the day 
of the hearing. So I asked DHS to send a different witness, but 
DHS declined. I felt it was so important to have a DHS witness 
here that I wrote a letter to Secretary Chertoff last week 
urging him to reconsider, and that letter will be made part of 
the hearing record. The Secretary has not responded.
    DHS did provide written testimony. That testimony--which, 
incidentally, was submitted over 30 hours later than the 
Committee rules require--provides little meaningful detail on 
the agency's policies and raises more questions than it 
answers--questions that no one from DHS is here to address.
    Needless to say, I am extremely disappointed that the 
Department of Homeland Security would not make a witness 
available to answer questions today. Once again, this 
administration has demonstrated its perverse belief that it is 
entitled to keep anything and everything secret from the public 
it serves and their elected representatives, while Americans 
are not allowed to keep any secrets from their Government. That 
is exactly backward. In a country founded on principles of 
liberty and democracy, the personal information of law-abiding 
Americans is none of the Government's business, but the 
policies of the Government are very much the business of 
Congress and the American people.
    [The prepared statement of Senator Feingold appears as a 
submission for the record.]
    In any event, I look forward to hearing from the witnesses 
who did accept my invitation to testify today so we can begin 
to explore this important issue in more detail. But first let 
me recognize the Ranking Member, Senator Brownback, for any 
comments he would like to make.

STATEMENT OF HON. SAM BROWNBACK, A U.S. SENATOR FROM THE STATE 
                           OF KANSAS

    Senator Brownback. Thank you, Mr. Chairman. Let me pass on 
my condolences to you and the State of Wisconsin for the 
flooding that had happened up there. We are going to dealing 
with it throughout the Midwest. We have had a lot of storms in 
our part of the country. We have not had quite the level of 
flooding that you have had, and I know that is something that 
is concerning all of us and concerning people--
    Chairman Feingold. It is rough, yes.
    Senator Brownback. Yes, just amazing numbers of things we 
are going to need to deal with. That is aside from this 
hearing.
    I want to thank the panelists for all being here, and I 
want to thank you for holding this hearing. I find it a very 
interesting topic and one I think that is certainly worthy of 
this Subcommittee to be exploring and to be looking at. I 
believe it is always informative and challenging to explore the 
intersection between the needs to safeguard our country against 
terrorists and criminal threats and the desire and need to 
protect our citizens' privacy interests. It seems like to me 
that has been one of the big challenges that we have had to 
confront as we have served in the U.S. Senate, and we have 
certainly seen a great amount since 2001 and the September 11th 
attacks that we have had. These questions only seem to become 
more and more complicated as technology advances, as travel and 
communications reflect an ever more globalized society, and as 
the dangers we face shift from easily identifiable, nation-
specific threats to threats from more diffuse terrorist groups 
and affiliations. These just get to be more and more 
complicated and difficult, and they need a lot of expertise. 
That is why I am appreciative of the panel being here and 
providing your thoughts and your advice.
    New technology in some cases, unfortunately, brings with it 
new ways to misuse technology. The sad fact is that while the 
vast majority of Americans and visitors to our country use 
laptop computers and other digital devices for purely 
legitimate reasons and purposes--business, academic research, 
personal household management and the like--others use 
technology for more nefarious purposes. All the cases to 
address laptop searches at the border, for example, have 
involved individuals who are transporting child pornography on 
their computers. We also know that terrorists take advantage of 
this kind of technology. Mr. Moussaoui, for example, kept 
information on his laptop computer that, if discovered, might 
have prevented the September 11th terrorist attacks. That is a 
sobering thought.
    As we examine the question of when and how Government 
officials may search laptop computers at the border, we face 
two sets of questions--the first are legal, the second seem to 
be practical. As a legal matter, it seems clear to me that 
Government officials do have the right under the Constitution 
to search laptop computers and similar devices without probable 
cause or reasonable suspicion at the border. I think you 
address that as such. The Fourth Amendment prohibits 
unreasonable searches and seizures. However, the Supreme Court 
has long held that border searches are inherently reasonable 
and, therefore, do not violate the Fourth Amendment. In the 
United States v. Ramsey, the Court examined that 2 months 
before Congress proposed the Bill of Rights, including the 
Fourth Amendment, it had enacted a customs statute that gave 
officials ``full power and authority to enter the search'' and 
search ``any ship or vessel in which they shall have reason to 
suspect any goods, wares, or merchandise subject to duty shall 
be concealed.''
    The close timing of the customs statute and the Bill of 
Rights makes it abundantly clear that Congress did not think 
that border searches and seizures were unreasonable, nor did it 
intend to require a warrant or probable cause for such 
searches. The reason for the border search exception seems 
obvious. Within constitutional limits, a sovereign nation must 
have the ability to control who and what enters the country. In 
certain cases, of course, the search will be so intrusive that 
it must be justified and justifiable by reasonable suspicion. 
The Supreme Court and the Federal appellate courts have 
recognized that strip searches, body cavity searches, prolonged 
detentions, and certain x-ray examinations, so-called non-
routine searches are so invasive and embarrassing that they 
must be based on reasonable suspicions. And I think those are 
right and those are appropriate to have those limitations on 
those non-routine searches. Only in cases where they are 
actually destructive, though, or conducted in a particularly 
offensive manner do property searches require reasonable 
suspicion. Otherwise, they are deemed routine searches and are 
considered reasonable by nature of the very fact that they 
occur at the border.
    The reason that I went through some of the legal analysis 
very quickly on this--and this does not do any of it just--is 
it seems here we are having the discussion, OK, what is 
reasonable and routine, and what is not reasonable and non-
routine. And that goes to the question that we are involved in 
here today.
    I hope, Mr. Chairman--and I have a fuller statement to put 
into the record, but rather than going through that, I would 
like to get to the panel. I hope we can go through this on a 
very basis of protecting an individual's right, but also 
looking at trying to protect the country and getting 
information that we need to have to be able to protect the 
country or to get at criminal elements trying to bring material 
into the country that would be deemed inappropriate, and that 
we can have a good discussion of what that intersection is in 
this technology age, in this age of ever increasing 
globalization, that we can look at this in both a 
constitutional way and in a way that we can protect the 
citizenry of the United States.
    So I appreciate very much your holding the hearing. I look 
forward to the witnesses' comments and testimony as we explore 
this topic.
    Chairman Feingold. Thank you, Senator Brownback. I think 
you have certainly correctly characterized the way we should 
look at this issue, and I believe your comments were very 
consistent with my opening remarks as well. We are trying to 
make sure we get this right.
    We will now turn to our panel of witnesses. Will the 
witnesses please stand to be sworn in? Will you all please 
raise your right hand to be sworn? Do you swear or affirm that 
the testimony you are about to give before the Committee will 
be the truth, the whole truth, and nothing but the truth, so 
help you God?
    Mr. Tien. I do.
    Mr. Sales. I do.
    Ms. Gurley. I do.
    Mr. Cunningham. I do.
    Mr. Khera. I do.
    Mr. Carafano. I do.
    Mr. Swire. I do.
    Chairman Feingold. Thank you. You may be seated.
    I want to welcome you and thank you for being here with us 
this morning. I will ask that each of you limit your remarks to 
5 minutes, as we have a full panel today. Your full written 
statements will, of course, be included in the record.
    We will begin today with Mr. Lee Tien. Mr. Tien is a senior 
staff attorney at the Electronic Frontier Foundation, a 
nonprofit organization that works to protect civil liberties 
and consumer rights in the digital age. Along with the Asian 
Law Caucus, EFF filed a Freedom of Information Act lawsuit 
seeking disclosure of DHS policies on border searches and 
searches of electronic devices. Mr. Tien specializes in free 
speech and privacy litigation and has written several law 
review articles on free speech and privacy issues.
    Mr. Tien, we are pleased to have you here today, and I 
appreciate your traveling here from San Francisco to give us 
your testimony. You may proceed.

   STATEMENT OF LEE TIEN, SENIOR STAFF ATTORNEY, ELECTRONIC 
         FRONTIER FOUNDATION, SAN FRANCISCO, CALIFORNIA

    Mr. Tien. Thank you very much. Mr. Chairman, Ranking Member 
Brownback, the Electronic Frontier Foundation is pleased to 
discuss an issue of growing importance to Americans' privacy. 
The problem is simple. The Government claims that it can search 
any laptop, cell phone, or BlackBerry at the border. It does 
not matter whether you are a Senator on a fact-finding trip or 
a tourist on vacation. Your data is fair game.
    It is clear that most people regard this as a serious 
privacy invasion. People keep their lives on these devices: 
diaries, personal mail, financial records, family photos. Even 
Secretary Chertoff told this full Committee back in April, and 
I quote, ``There are absolutely privacy concerns.''
    It is also a free speech problem. Journalists' laptops and 
cell phones contain drafts of works in progress and records of 
their sources. The Government should not be able to read this 
information without a good reason.
    And it is a business problem. It is no surprise that a 
major law firm like Arnold & Porter recently warned its clients 
about the risks of laptop border searches.
    Now, EFF does not dispute that the Fourth Amendment works 
differently at the border, but differently does not mean not at 
all. Under the Fourth Amendment, any search must be reasonable. 
And while a routine border search is reasonable by definition, 
not all border searches are routine.
    There is no bright-line rule here, but the Supreme Court 
has said that non-routine searches are largely defined by their 
invasion of a person's dignity and privacy interests. As you 
have already pointed out, most courts agree that strip 
searches, x-ray examinations, and body cavity inspections are 
non-routine.
    Our point is that data searches also invade dignity and 
privacy. Invasiveness is not just physical. Wiretapping invades 
privacy without any kind of physical intrusion. And because our 
devices store our thoughts and communications, these searches 
implicate the First Amendment as well. Fourth Amendment 
requirements apply with scrupulous exactitude where speech is 
at issue. In short, searching a laptop, iPhone, or BlackBerry 
invades dignity and privacy interests and threatens freedom of 
speech and should require reasonable suspicion, not no 
suspicion.
    I have two more quick points before moving on to a few 
recommendations. First, the word ``search'' in this context is 
slippery. Border agents do not just look at laptops. They copy 
data and even seize devices. We feel that copying data is a 
seizure of that data. If the Government has a copy, you have 
lost your property right to control it. That is especially 
invasive.
    Now, Secretary Chertoff said in April that, as a matter of 
practice, DHS searches the contents of laptops or cell phones 
only when there is a reasonable suspicion, and that he believed 
DHS uses a probable cause standard before seizing a device or 
retaining copies of its contents. Well, if that is the real 
policy, there is no reason why these standards cannot be 
codified in the law.
    Second, if border agents can legally search any device at 
the border, then they can search every device at the border. 
``Any'' really means ``every.'' Without a standard, resources 
are the only limit on this power, and technology is removing 
that limit. In February, Microsoft announced the COFEE, which 
stands for Computer Online Forensic Evidence Extractor. It is a 
USB thumb drive that contains 150 commands that can 
dramatically cut the time it takes to gather digital evidence.
    In May, the CSI Stick, which stands for Cell Seizure 
Investigator Stick, was announced. It can capture all data on 
most models of cell phones or just grab the text messages, 
phone books and call logs, or multimedia messages.
    Now, CBP may already be using such devices. My point is not 
that they should never do so; rather, it is that agents have 
great practical power to search and seize personal information. 
And with great power comes great responsibility. After all, the 
Fourth Amendment is intended to prevent arbitrary and 
oppressive interference by enforcement officials with the 
privacy and personal security of individuals.
    Ideally, the courts would modernize border search law. But 
so can Congress. As Senator Leahy once noted, the law must 
advance with the technology to ensure the continued vitality of 
the Fourth Amendment. The same is true here. Congress can 
protect the privacy of devices that typically contain e-mail 
and other stored communications and records. Congress can 
clarify that seizing data and devices requires probable cause. 
And, finally, Congress can make DHS accountable by requiring 
border agents to report their search and seizure activities and 
informing people of their rights about any seized data or 
devices.
    Thank you for allowing me to testify.
    [The prepared statement of Mr. Tien appears as a submission 
for the record.]
    Chairman Feingold. Thanks so much, Mr. Tien.
    We will now turn to Professor Nathan Sales. Professor Sales 
is an Assistant Professor at the George Mason University School 
of Law, where he teaches national security law and 
administrative law. Prior to joining the faculty of George 
Mason, Professor Sales served as Deputy Assistant Secretary for 
Policy Development at the Department of Homeland Security, and 
he previously served as Senior Counsel in the Department of 
Justice Office of Legal Policy.
    Professor Sales, thank you for being here today, and you 
may proceed with your testimony.

   STATEMENT OF NATHAN A. SALES, ASSISTANT PROFESSOR OF LAW, 
   GEORGE MASON UNIVERSITY SCHOOL OF LAW, ARLINGTON, VIRGINIA

    Mr. Sales. Thank you, Mr. Chairman, and thank you, Mr. 
Brownback, both of you, for holding this hearing on an 
important issue.
    Before we talk about the law of laptop searches, I would 
like to spend a few minutes talking about the policy. Why does 
CBP occasionally search travelers' computers at the border? 
Well, the answer is because it is an effective way of detecting 
child pornography and terrorism. Here is the key statistic. 
There have been 11 Federal decisions testing the ability of CBP 
to search laptop computers at the border. Every single one of 
those cases has involved child pornography.
    Let me tell you about a man named Stefan Irving. Irving 
used to be the pediatrician for a school district in New York, 
but he lost his license and was sent to jail after a 1983 
conviction for attempted sexual abuse of a 7-year-old boy. In 
1998, after serving his time, he flew back to the United States 
from vacation in Mexico. Customs officers searched his luggage 
and found children's books. They also found children's 
drawings. They also discovered two computer disks. When they 
looked at the disks, they discovered numerous images of child 
pornography. It turns out that Irving was in Mexico to visit--
and these are the court's words--``a guest house that served as 
a place where men from the United States could have sexual 
relations with Mexican boys''; Irving ``preferred prepubescent 
boys, under the age of 11.''
    Irving is now serving a 21-year sentence. Part of the 
reason he is behind bars and no longer preying on innocent 
children is because of a laptop search.
    Laptop searches are not just about child exploitation. They 
are also about terrorism. We have already heard that Zacarias 
Moussaoui kept a wealth of data on his laptop, including 
information about crop-dusting aircraft and wind patterns.
    In 2006, more recently, a laptop search at Minneapolis-St. 
Paul helped CBP detect a high-risk traveler. Officers inspected 
this man's laptop and found video clips of roadside bombs being 
used to kill soldiers and destroy vehicles. They also found a 
video on martyrdom.
    So what does the Constitution have to say about laptop 
searches at the border? Not much, actually. The Fourth 
Amendment applies differently at the border than it does inside 
the country. Here is how the Supreme Court puts it: Routine 
border searches ``are not subject to any requirement of 
reasonable suspicion, probable cause, or warrant.''
    Let me give you some more statistics. There have been 11 
Federal decisions in this area. Seven of the 11 hold that CBP 
can search laptops with no particularized suspicion whatsoever. 
Three courts punted. In those cases, the officers had 
reasonable suspicion to search the laptops, so it was 
unnecessary to consider the legal issue. Other than a single 
California district court that was reversed on appeal, no court 
has held that CBP needs reasonable suspicion. No court has held 
that probable cause is required. And no court has held that 
Customs has to get a warrant.
    My sense is the Supreme Court is unlikely to disturb this 
lower court consensus for a simple reason: technological 
neutrality. The privacy protections we enjoy should not depend 
on whether we store our information on paper or in the digital 
world. Officers can search mail, they can search address books, 
they can search photo albums at the border with no suspicion at 
all. Why should the rule change when we keep our 
correspondence, contacts, or pictures on a laptop? The mere 
fact of computerization should not make a difference to the 
scope of our privacy rights.
    Now, while the Fourth Amendment does not have much to say 
about laptop searches, it is not the end of the conversation. 
Policymakers should consider adopting a few safeguards above 
the constitutional floor. For starters, CBP might usefully shed 
some light on the standards it uses for picking people for 
laptop searches. Are they selected randomly? Because of travel 
history? Because of tips from other Government agencies? What 
about observations regarding passenger demeanor? More 
transparency here would help assure people whose laptops are 
searched that they were picked for legitimate law enforcement 
reasons and not because of impermissible characteristics such 
as race or religion.
    Also, CBP might adopt standards on what it does with data 
copied from laptops. If a search does not uncover anything 
illegal, CBP would be hard pressed to justify keeping files 
from a passenger's computer. For data that it does keep, CBP 
should strictly enforce policies that punish employees who 
access it or disclose it without authorization. Also, CBP 
should take special care to see that any sensitive business 
information, such as trade secrets or attorney-client 
privileged materials, are handled with all appropriate 
discretion.
    Mr. Chairman, thank you again for the opportunity to 
testify. I would be happy to answer any questions.
    [The prepared statement of Mr. Sales appears as a 
submission for the record.]
    Chairman Feingold. Thank you, Professor Sales.
    Now we will turn to Susan Gurley. Ms. Gurley is the 
Executive Director of the Association of Corporate Travel 
Executives, a nonprofit education and advocacy organization 
supporting the global corporate travel industry. Ms. Gurley has 
been instrumental in the ACTE's development of data privacy, 
travel security, and corporate social responsibility 
initiatives. Under Ms. Gurley's leadership, the ACTE has taken 
an active role in voicing concerns about suspicionless searches 
and seizures of electronic devices at the border.
    Ms. Gurley, thank you for being here, and the floor is 
yours.

 STATEMENT OF SUSAN K. GURLEY, EXECUTIVE DIRECTOR, ASSOCIATION 
      OF CORPORATE TRAVEL EXECUTIVES, ALEXANDRIA, VIRGINIA

    Ms. Gurley. Thank you. Chairman Feingold and Senator 
Brownback and distinguished members of this Committee, I 
appreciate this opportunity to present the views of the 
Association of Corporate Travel Executives, known as ACTE. The 
seizure of electronic devices from travelers is real, and it is 
not mere speculation. ACTE represents the safety, security, and 
financial interests of business travelers, and we represent 
more than 2,500 members from 82 countries, including the United 
States. ACTE's members represent over $300 billion in annual 
business travel expenditures and are among the companies listed 
in the Fortune 1000.
    ACTE's member companies are responsible for over 1 million 
business travelers and have hundreds of thousands of business 
travelers on the road at any given time. They routinely cross 
U.S. borders. All of these U.S. and international business 
travelers who cross U.S. borders have two things in common: All 
carry electronic devices, and all are currently subject to the 
claimed authority of DHS officials to inspect and seize these 
electronic devices without suspicion or warrant. Thus, ACTE is 
requesting improved and transparent communications from DHS 
regarding the policies and safety measures it has in place to 
protect downloaded data.
    We specifically ask that the following actions be taken:
    We hope that this Committee requests a Privacy Impact 
assessment from DHS on the number of seizures of laptops or 
other electronic devices. The assessment should also ask for 
the minimum, average, and maximum amount of time that it takes 
to return the electronic devices to the owner and the reasons 
for the seizure.
    We request that the policies regarding electronic device 
seizure and data retention policies be published by DHS in the 
Federal Register and on the agency's home page. These published 
policies should included at a minimum the following: policies 
for protecting the integrity of the data; policies for the 
length of time seized data will be stored and where and how it 
will be stored; policies for whether the downloaded information 
will be shared and, if so, with what other U.S. Government and 
international agencies and under what circumstances; 
information as to what rights the traveler has to ensure that 
their electronic device is returned.
    I am here to advise you that the seizure, copying, and 
retention of sensitive business information imposes both a 
personal and economic hardship on business travelers and their 
corporations. In today's wired and networked and borderless 
world, one's office no longer sits within four walls or a 
cubicle. Rather, one's office consists of a collection of 
mobile electronic devices. It is common for business travelers 
to carry their electronic devices that contain business, 
financial, and personal information. These devices constitute 
the office of today. Under the U.S. Constitution, a warrant is 
needed to search a physical space such as an office. Yet the 
unanticipated seizure of one's mobile office has been allowed 
to occur and can immediately deprive an executive or a company 
of the very data and, most importantly, revenue a business trip 
was intended to create.
    As a businessperson returning to the U.S., you may find 
yourself effectively locked out of your mobile office 
indefinitely, and thereby deprived of the resources required to 
sustain your livelihood. In the case of an independent 
entrepreneur, a laptop seizure can represent the loss of his or 
her entire business.
    It can be argued that the percentage of seized computers 
and data is small in comparison to the total number of 
travelers crossing the border. But we simply do not know. Due 
to DHS' lack of transparency, the actual number of seizures, 
the extent of data downloading, and potential data breach are 
not known. Here is what we do know: ACTE surveyed its members 
in February 2008 on this issue. Seven percent reported that 
they had been subject to the seizure of a laptop or other 
electronic device. The survey also revealed that 81 percent of 
survey respondents were unaware that the informational 
electronic devices could be copied and held indefinitely. Even 
though the total number of business travelers subject to these 
searches and seizures can only be estimated, what is certain is 
the severe economic and behavioral impact that can follow when 
a laptop is seized. Fifty percent of the respondents to ACTE's 
2008 survey indicated that having a laptop seizure could damage 
a traveler's professional standing within a company. The 
seizure of data or computers carrying business proprietary 
information has and will force companies to implement new and 
expensive internal travel policies.
    In fact, this is already happening. Costly and time-
consuming travel measures that companies are mandating include 
having their business travelers send data to themselves via 
web-accessible e-mail, encrypting files, or using secure USB 
drives. In addition, companies are purchasing additional 
computers that are scrubbed of any prior e-mails so that they 
can be used by business travelers on their trips.
    All of these measures and business behavior changes cost 
time and money. In today's economy, American businesses do not 
need additional and unnecessary financial burdens placed upon 
them.
    Thank you very much.
    [The prepared statement of Ms. Gurley appears as a 
submission for the record.]
    Chairman Feingold. Thank you, Ms. Gurley. I will now turn 
to Mr. Larry Cunningham. Mr. Cunningham is an Assistant 
District Attorney in Bronx County in New York City and in short 
order will be starting work as an Assistant Professor of Legal 
Writing at St. John's University School of Law. He has also 
taught law courses at Brooklyn Law School, Texas Wesleyan 
University School of Law, Stetson University College of Law, 
and Texas Tech University School of Law.
    Mr. Cunningham, welcome to you as well, and you may 
proceed.

  STATEMENT OF LARRY CUNNINGHAM, ASSISTANT DISTRICT ATTORNEY, 
BRONX COUNTY; ASSISTANT PROFESSOR OF LEGAL WRITING, ST. JOHN'S 
           UNIVERSITY SCHOOL OF LAW, QUEENS, NEW YORK

    Mr. Cunningham. Thank you, Mr. Chairman, and I would also 
like to extend my appreciation to you for holding this hearing 
on this very important topic.
    I taught the law of search and seizure as both a full-time 
and adjunct professor. I have also conducted research and 
written in the area of border searches, and this is what I 
found.
    Historically, the Government has had broad authority to 
conduct searches at the international border without suspicion 
and without the need to obtain warrants. Case law speaks of the 
sovereign having an inherent right to protect the country from 
the importation of illegal or dangerous items. The Supreme 
Court has also recognized that persons who cross the border 
have a low expectation of privacy, in part because even if the 
United States adopted a relaxed border search policy, travelers 
would still be subjected to search by the countries that they 
would be traveling to or from.
    The Supreme Court has required reasonable suspicion only 
when an invasive search of the human body is contemplated. The 
rationale for this higher standard is concern for the dignity 
of the person, not just privacy. I have uncovered no appellate 
court decision that has extended this same protection to laptop 
computers.
    Without doubt, anyone whose property has been searched, 
whether it is a laptop or a briefcase, will feel that his or 
her privacy has been violated. However, the Constitution 
recognizes that some governmental invasions of privacy are 
permissible. After all, the Fourth Amendment does not prohibit 
searches, only unreasonable ones.
    There is also no doubt that many people do keep very 
personal information on their laptop computers, but the same 
can be said for travelers who keep their checkbooks, 
medications, photographs, political literature, love letters, 
or personal diaries in their briefcases or luggage. No one 
likes the idea of the Government seeing these things, yet 
absent a drastic change in the law, each of these tangible, 
non-electronic items can be seen and examined by customs 
without reasonable suspicion.
    So the question boils down to this: Is there something 
different about laptop computers that warrants disparate 
treatment from briefcases, suit pockets, and purses? Some would 
argue that there is, because laptops are readily capable of 
storing large amounts of information and that in some cases 
even deleted items can be un-deleted and read. However, the 
Fourth Circuit in United States v. Ickes pointed out that in-
depth searches are likely to be few and far between because of 
the lack of resources and time. In fact, the case law on this 
subject demonstrates that the typical laptop search is quite 
cursory, with travelers simply being asked to quickly open and 
power on their computers for a quick visual inspection. Full-
scale searches and the un-deleting of files are reserved for 
situations in which the initial observation has aroused an 
agent's reasonable suspicion.
    There are significant societal interests at stake here. 
Each of the cases I have found, as Professor Sales mentioned, 
have involved defendants attempting to bring child pornography 
into the country. Congress itself has recognized the importance 
of catching and punishing this criminal behavior by providing 
steep penalties for the importation, distribution, and 
possession of child pornography. Moreover, as the Fourth 
Circuit recognized in Ickes, without a robust, random border 
search policy, terrorist or other international criminals could 
use laptops as a means to smuggle messages and plans into the 
country for distribution to cells and allies. Such a means of 
communication might prove more attractive than traditional 
phone or Internet communications because of the possibility of 
surveillance.
    It would seem prudent, however, for the administration to 
require these searches to be conducted by trained personnel, 
under supervision, and away from public view, and to disclose 
records of searches which they acknowledge in a Supreme Court 
case that they keep to not only the DHS Inspector General but 
also to this body in closed session to ensure that searches are 
not being conducted in a racially discriminatory manner or for 
other improper reasons.
    Finally, nothing in the Constitution, at least in my view, 
would permit the Government to seize a laptop or copy or 
otherwise retain its contents without some suspicion that it 
contained evidence of a crime. Such a seizure would be a 
violation, in my view, not just of the right to privacy but 
also of the owner's property interest in the computer.
    Mr. Chairman, I would be glad to answer any questions that 
you have.
    [The prepared statement of Mr. Cunningham appears as a 
submission for the record.]
    Chairman Feingold. Thank you, Mr. Cunningham.
    We will now turn to Farhana Khera. Ms. Khera is the 
President and Executive Director of Muslim Advocates in San 
Francisco, California. Muslim Advocates is a national legal 
advocacy and educational organization dedicated to promoting 
freedom, justice, and equality for all, regardless of faith, 
and serving as a legal resource to promote the full and 
meaningful participation of Muslims in American civil life. 
Prior to her work with Muslim Advocates, I was lucky enough to 
have Ms. Khera on my Constitution Subcommittee staff here in 
the Senate. Ms. Khera and I worked together for 6 years, and I 
am indebted to her for her work and advocacy on issues ranging 
from the PATRIOT Act to racial profiling to women's rights. The 
record should reflect that she is a wonderful person and was a 
wonderful staff member. I am pleased to have her back in the 
Senate, if only for the morning.
    Ms. Khera, you may proceed.

    STATEMENT OF FARHANA Y. KHERA, PRESIDENT AND EXECUTIVE 
     DIRECTOR, MUSLIM ADVOCATES, SAN FRANCISCO, CALIFORNIA

    Ms. Khera. Thank you very much, Mr. Chairman, especially 
for those very kind, kind words. I do not think I would have 
imagined myself being on this side of the dais during those 6 
years.
    Mr. Chairman, Senator Brownback, good morning. On behalf of 
Muslim Advocates, I am pleased to share with you the 
experiences of Muslim, Arab, and South Asian Americans 
returning home from international travel.
    The Department of Homeland Security and Customs and Border 
Patrol have an important duty to protect our borders. The 
American people, including Muslim Americans, rightfully expect 
these agencies to protect us from those who would seek to enter 
to do us harm. But at the same time, we expect our Nation's 
border policy to be sound. It should be rational, fair, and 
effective.
    Complaints from Americans traveling overseas received by 
Muslim Advocates and other civil rights groups, however, 
suggest otherwise. These Americans report that at airports and 
border crossings, after they have verified their identity and 
described the purpose of their travel, they have been subjected 
to more intensive scrutiny, all without any reasonable 
suspicion that they are engaging in criminal activity. These 
experiences involve not only searches and seizures of laptops, 
cell phones, and digital cameras, but perhaps even more 
troubling, questions about First Amendment-protected matters.
    Mr. Chairman, my written testimony sets forth a number of 
these complaints, but this morning I would like to share with 
you two of them.
    The first is that of an executive vice president of a major 
high-tech firm in the greater Seattle area. He is a husband, 
father of three, and a business leader who has helped drive 
innovation in our country. He has also been a community leader, 
having established a mosque and spearheaded interfaith 
activities with Christian and Jewish communities. He has 
testified before Congress on IT issues, was recognized by the 
Interfaith Alliance, and is proud to call America home.
    He travels frequently due to the demands of working for a 
global company. Since early 2007, on at least eight occasions, 
he has been subjected to invasive and intensive questioning, 
searches, and seizures upon his return home from travel to 
various countries, including Japan, Canada, Turkey, the U.K., 
and Europe.
    CBP agents have interrogated him about the names, birth 
dates, and addresses of family members living abroad and in the 
U.S., which mosque he attends, and his activities on behalf of 
a lawful Muslim charitable organization he helped establish 
near his home. CBP agents have also searched his cell phone, 
made copies of various documents on several occasions, and 
extensively searched his belongings, as well as those of family 
members traveling with him.
    Mr. Chairman, the second story is that of a young corporate 
lawyer, a graduate of Georgetown University Law Center and 
currently practicing with a prominent law firm on the west 
coast. She in many ways embodies the American dream. The child 
of immigrants from Pakistan, she grew up in the northern 
central valley of California. She worked hard, went to top 
schools, and has established herself with a stable career, 
making her family proud. This spring, she took a trip to 
Pakistan to visit her relatives. On her return, which was a 20-
plus-hour trip via East Asia to San Francisco, she was 
exhausted from the long travel and frustrated after learning 
that the airline had lost one of her bags. After she presented 
her passport and verified her identity, she, nevertheless, was 
pulled aside and her remaining bags were searched. The CBP 
agent took her digital camera, viewed its images, and asked her 
to identify the people photographed. Her camera included photos 
of her mother during her travel overseas, as well as photos 
taken of her family and friends while she was in the U.S. The 
CBP agent also saw a book in her bag on one of the Presidential 
candidates and then proceeded to ask her her views of the 
candidates in this year's race.
    We have reason to believe that these stories are not 
isolated but, rather, suggest a troubling pattern of targeting 
Americans who are Muslim or of Arab or South Asian descent. If 
so, it would be wrong and a violation of the equal protection 
guarantees of our Constitution.
    These experiences also suggest that CBP's power at the 
border is overly broad and its practice and policies 
ineffective. I think we can all agree that neither the 
corporate vice president nor the young lawyer pose a threat to 
our security nor engaged in wrongdoing.
    So why were these Americans stopped? How is CBP power being 
used? These and other questions must be answered. DHS and CBP 
have a critical responsibility to protect our Nation's borders. 
At the same time, these agencies, which have been granted 
enormous power by the American people, have an obligation to 
wield that power consistent with the rights and protections 
guaranteed by the Constitution to all Americans, regardless of 
faith, ethnicity, or race. And Congress must ensure that they 
do so.
    I refer the Subcommittee to my written testimony for 
specific recommendations for steps Congress can take.
    Mr. Chairman, thank you for the opportunity to present the 
views of Muslim Advocates and for holding this hearing. I look 
forward to your questions.
    [The prepared statement of Ms. Khera appears as a 
submission for the record.]
    Chairman Feingold. Thanks so much, Ms. Khera.
    Next up is James Carafano. Mr. Carafano is the Assistant 
Director of the Kathryn and Shelby Cullom Davis Institute for 
International Studies, and Senior Research Fellow at the 
Douglas and Sarah Allison Center for Foreign Policy Studies, 
both at the Heritage Foundation. He is an expert in defense 
affairs, military operations and strategy, and homeland 
security. Mr. Carafano is a graduate of West Point, and he also 
holds a master's degree and doctorate from Georgetown 
University and a master's degree in strategy from the U.S. Army 
War College.
    Mr. Carafano, thank you for being here today to share your 
testimony. You may proceed.

 STATEMENT OF JAMES JAY CARAFANO, ASSISTANT DIRECTOR, KATHRYN 
 AND SHELBY CULLOM DAVIS INSTITUTE FOR INTERNATIONAL STUDIES, 
 AND SENIOR RESEARCH FELLOW, DOUGLAS AND SARAH ALLISON CENTER 
     FOR FOREIGN POLICY STUDIES, THE HERITAGE FOUNDATION, 
                        WASHINGTON, D.C.

    Mr. Carafano. Thank you, Mr. Chairman. I want to offer five 
principles for congressional action. These are based on my 
years of research and experience looking at border security 
issues.
    Just an observation as a preamble. The mission of Homeland 
Security and, indeed, the mission of Government is to enable 
Americans to live their lives in freedom, safety, and 
prosperity and to implement policies that serve all three of 
those goals equally well. That is nowhere more important than 
the issues of border security.
    One of my great frustrations is that we myopically often 
talk about border security and just focus on the border when, 
in reality, the way you make a border secure is addressing any 
criminal or malicious or terrorist activities. It is really 
thinking about the spectrum of terrorist travel or malicious 
activity from its origin to its point of destination in the 
United States, and not myopically focused just at the border. 
However, border security is important, and nowhere is it more 
important than at our ports of entry and exit. We have enormous 
data on known terrorist travel, including the 9/11 Commission 
report. Overwhelmingly what we know is known terrorists travel 
mostly through established points of entry and exit. And we 
know that a wide variety of criminal and malicious activity 
also enter and exit our legal points of entry and exit. So 
getting it right at the ports of entry and exit is nowhere more 
important.
    I think there are number of vital issues here for the 
Congress to address. Actually, the legal issues would not be 
highest on my list. Much more important, I think, are 
infrastructure issues and creating a border infrastructure that 
we need both to do inspections expeditiously and effectively 
and to reduce transaction times in our border which are 
increasing and are increasing the cost of doing business in the 
United States.
    Border searches are a vital part of the port of entry and 
exit. I do not think that is questions. We all know the most 
famous case of all, which was the millennium bomber, where a 
border officer asking some very, very innocent questions--
including ``Where are you going? '' and ``Where are you 
staying? ''--was able to identify a high-risk traveler, and an 
inspection later showed that he was carrying explosives and was 
planning to blow up a target in Los Angeles. So getting it 
right is incredibly important.
    For me, the efficacy of border searches will lie less in 
the issues of narrow legal opinions and much more on the issues 
of focusing on the critical technology and human capital 
programs that the Department has to implement so it can do 
these border searches in an effective and reasonable and secure 
manner. So I would offer five guidelines for the Congress as it 
thinks through where it is headed on this.
    First and most importantly, from a security standpoint, it 
would be a grave mistake and an error to create any technology 
as a sanctuary, where someone had a sanctuary in terms of 
bringing materials into the United States, and anything that 
impeded the ability to conduct reasonable and routine searches 
of any technology or emerging technology would be an enormous 
mistake.
    Second, the border agents need to retain broad authority in 
how they implement their powers. They have limited time and 
limited information to make their inspections. Obviously, human 
capital programs and added technology will improve their 
efficiency. But at the end of the day, we do rely on the men 
and women standing at the border to get it right, and we have 
to give them the broad authority that they need to do their 
job.
    And, third--and this I think is important; I do not think 
anybody on the panel has mentioned it--we need to really make 
sure that we do not force the Department to disclose a level of 
information that would allow malicious actors, whether they are 
criminals or terrorists, to identify specific patterns of 
inspection and behavior that would allow them to figure out how 
to bypass security inspections at the border. So we do, from an 
operational security standpoint, have to be careful about how 
much information we publicly disclose, although I think the 
issue of transparency is vitally important. We should disclose 
as much as possible, and certainly Congress should be informed 
on these critical issues.
    Fourth, any process of inspecting at the border has to be 
risk-based. Any inspections that are merely based on whim or 
any kind of racial profiling are wrong not just from a legal 
standpoint, but they are even more wrong from an efficiency 
standpoint. You have scarce time and scarce resources at the 
border. Wasting them on people who are not high-risk travelers 
is simply unconscionable behavior. And all inspections, all 
reasonable searches, should be based on risk-based assessments.
    My last point is that there should be, obviously, a 
requirement that as DHS deals with any kind of data they 
inspect at the border, that they deal with it in a responsible 
and professional manner.
    Thank you, Mr. Chairman.
    [The prepared statement of Mr. Carafano appears as a 
submission for the record.]
    Chairman Feingold. Thank you, Mr. Carafano.
    And, finally, we turn to Professor Peter Swire. Professor 
Swire is a professor at the Moritz College of Law at the Ohio 
State University and a Senior Fellow at the Center for American 
Progress Action Fund. He is an expert in the fields of privacy 
law and computer security. From 1999 to 2001, he served as 
Chief Counsel for Privacy in the U.S. Office of Management and 
Budget. In that role, he was responsible for coordinating 
administration policy on public and private sector uses of 
personal information.
    Professor Swire, thank you for coming, and you may proceed.

STATEMENT OF PETER P. SWIRE, PROFESSOR, MORITZ COLLEGE OF LAW, 
   THE OHIO STATE UNIVERSITY, AND SENIOR FELLOW, CENTER FOR 
              AMERICAN PROGRESS, WASHINGTON, D.C.

    Mr. Swire. Thank you, Mr. Chairman.
    There is no dispute today that with the right factual 
basis, the Government can search laptops. The focus of the 
hearing is when they do not have that kind of suspicion and 
basis, what should the policy and the law be, and that is what 
we will focus on.
    I agree with many of the concerns already expressed today 
by you, Mr. Chairman, and by other witnesses. The focus of my 
testimony is on comparisons to the encryption policy battles we 
had in the 1990s and that I worked on when I was in the White 
House. At that point, we treated things very differently in 
encryption when across the border, and we tried to use the 
border for a while as Government policy as an excuse to search 
computing in very intrusive ways. That policy was eventually 
rolled back, and I am going to list eight comparisons today 
between the encryption battles then and laptop border searches 
today.
    The first one is that traditional legal arguments apply 
badly to new facts about computing. In the encryption policy 
area, there is a legal tradition that wiretap orders were going 
to be effective, and so the Government wanted wiretap orders to 
be effective even when there was encryption, so we needed to 
get all the encryption keys.
    Today, the Government in the laptop area is saying it is 
the same old border searches we have always seen for 200 years; 
there is nothing to see here and move on. But I think there is 
something to see here, and that is why we have the hearing 
today. A laptop contains all of the books printed in human 
history up until sometime into the late 20th century, and the 
idea that we are just going to trust the Government with this 
amazing ability to copy all this data I think is a concern and 
something different.
    The second comparison is that the Government forces 
disclosure of encryption keys. For people who do not spend 
their time focusing on encryption, which is most normal people, 
I will give a quote from the founder of EFF, who said, ``You 
can have my encryption algorithm, I thought to myself, when you 
pry my cold dead fingers from its private key.'' Getting 
people's encryption keys at the border is a big deal. It led to 
a big fuss once before.
    Number three is that these kinds of searches are a severe 
violation of computer security best practices. My testimony 
explains this in some detail, but the basic rule in computer 
security is do not let strangers into your computer. You can 
get infected. You can have malware put on it. You can never 
entrust that platform again. It violates best industry 
practice. It violates all the training we are doing in our 
security infrastructure if we have routine searches of business 
computers. It should not happen.
    Fourth, the U.S. policy can create bad precedents that 
totalitarian and other regimes can follow. I invite you here to 
think about if China or other countries going forward make 
their customs something like this: step one, go through 
customs; step two, make a copy of your hard drive; step three, 
we will see you next time. And if that applies to Senators and 
their staffs when they go on foreign missions, you are not 
going to want to have that as policy. If the U.S. does border 
searches all the time and it becomes increasingly easy with 
technology to make these copies, then we have gotten on the 
wrong side of the issue. It is hard for us to complain when 
other countries intrude into our privacy.
    The fifth comparison is severe harm to personal privacy, 
free speech, and business secrets. Other witnesses and my 
written testimony talk about these invasions of privacy, the 
problems for free speech and the rest.
    A sixth comparison with the encryption battles of the 1990s 
is the disadvantages to the U.S. economy. That was a major 
strike against the encryption policy because we were helping 
foreign competitors. When it comes to foreign conferences that 
will not want to come to the United States, when it comes to 
the idea of whether the U.S. is open for tourists and for 
business to visit without feeling deeply intruded, I think we 
have to think about the effect on the U.S. economy of intrusive 
searches at the border.
    A seventh comparison to the encryption battles is the 
political coalition that developed of civil liberties groups 
and business. We see that today. It is a similar line-up to 
what we had 10 years ago where we have EFF, we have the Muslim 
Advocates, we have business groups complaining here. And for 
someone such as I who spent a lot of time with the tech 
community, I think this issue may be a much hotter thing than 
people have realized. It may mobilize the reserve army of 
outraged techies. And if that happens, we are going to see a 
lot of yelling and screaming and a lot of concerns from 
corporate and other security experts. This is, again, I think a 
big deal.
    The eighth and final comparison I would make between 
encryption in the 1990s is the technical futility of current 
U.S. policy. In crypto, we eventually saw that there were work-
arounds to the U.S. policy. Those work-arounds already exist 
and are easily found on the Internet today. I cite in my 
testimony articles on the Internet that tell you how to keep 
your data secret from customs when you go through the border. 
Any moderately smart terrorist can find these articles if they 
just read the hearing transcript for today, for instance, and 
they will be able to get through the border. And also if they 
are willing to lie, they can get standard software today where 
they can double encrypt their laptops so the customs people 
cannot find it.
    So for these eight comparisons, we see that it is bad 
policy and ultimately futile to have this. It invades computer 
security and privacy and free speech and business secrets and 
sends the wrong signal to the rest of the world, and I think we 
should change the policy.
    Thank you, Mr. Chairman.
    [The prepared statement of Mr. Swire appears as a 
submission for the record.]
    Chairman Feingold. Thank you so much, Professor, and thanks 
to all of you for your excellent testimony.
    I will start a round of questioning. Senator Brownback had 
to go to something else, but he is going to try to come back to 
ask questions as well. So I am going to start going through my 
questions, but obviously, if and when he comes back, we will 
turn to him and any other Senator who wants to ask questions.
    Before we go to the questions, though, there have been some 
very informative news reports on this subject recently, 
including a February 7, 2008, article in the Washington Post 
and an article posted yesterday on the U.S. News & World Report 
website. Without objection, these will be made part of the 
record.
    Also, Senator Leahy, the Chairman of the full Committee, 
has a statement he would like to put in the record, so without 
objection, I will do that as well.
    I will start the first 7-minute round. Professor Swire, 
some of the witnesses here have testified that we must allow 
suspicionless searches of U.S. citizens' laptops at the border 
because laptops can contain evidence of serious crime or even 
terrorism. Obviously, I do not dispute that laptops can contain 
such information. But, of course, that very same evidence can 
exist on laptops located inside U.S. citizens' homes. And yet 
even if there were no constitutional barrier whatsoever to 
police officers walking into your house to conduct 
suspicionless laptop searches, I think we would all agree that 
such searches should not be permitted.
    As a policy matter, do you believe the liberty, privacy, 
and economic interests at stake in these border searches 
outweigh any security benefit to be gained by conducting them?
    Mr. Swire. Yes, I do, Senator. Thank you. I think when 
people cross the border these days using the Internet, they can 
use strong encryption. We have that written into law now. When 
people are at home, they can use strong protections against 
these kinds of invasion. The idea that you are at the border 
and you have to reveal your passwords and encryption keys is 
something that is quite remarkable. It is very intrusive. It is 
bad for privacy and security. And we do not--a couple of the 
witnesses in their written testimony talked about the principle 
of technology neutrality, that we should not treat laptops 
different from other things. Technology neutrality is we can 
cross the border today using strong encryption, using the 
Internet. And I think technology neutrality says that same 
computing should cross the border in laptops. So we as a matter 
of policy should have much stricter limits than we do currently 
in this area.
    Chairman Feingold. Ms. Gurley, one argument in support of 
allowing suspicionless laptop searches is that customs agents 
have always been free to search the contents of briefcases, 
which also carry confidential business information such as 
trade secrets or attorney-client communications. But there is a 
big difference between rifling through documents in a briefcase 
to look for weapons or contraband and picking up the documents 
and reading them. I would imagine that if customs agents had 
been reading business documents, we would have heard about a 
long ago.
    Is that right? Or has it always been a normal part of 
business travel for customs agents to read and even copy the 
documents in travelers' briefcases?
    Ms. Gurley. It is our understanding that customs would look 
for contraband, and they would only copy the information that 
had a nexus with the contraband or the actual potential crime. 
The difference here is that they basically copy everything, so 
the vast amounts of information that are being copied are 
beyond the actual potential crime. So it is not just 
contraband. It is anything, including the fact that if you were 
a businessperson and you were carrying documents across the 
border, those were physical documents. If I am carrying as a 
businessperson my computer over, I also have erased documents. 
They can get to that as well. If I have one or two, I drafted 
something, I have deleted it, customs can, in fact, copy that 
as well and find it. In the olden days, if I did not bring it, 
they could not find it.
    But the big issue for the business travel community is 
let's say you are not a pornographer, let's say you are not a 
terrorist. Let's say you are not engaged in any criminal 
activity. You are a businessperson. You are people like us 
doing their regular business, and your information is seized. 
The data is downloaded. And it turns out there is nothing going 
on. Why can't the U.S. Government tell us how long they are 
going to retain the information? Are they going to destroy the 
information? What are the doing with that information? That 
lack of information causes incredible anxiety to the business 
community, and putting all the constitutional law issues aside, 
which are critical, the issue is we should have a transparent 
Government. We find that there is no criminal activity. Why can 
that information not be returned?
    Chairman Feingold. Let me just pursue the briefcase 
question so I can get a sense of what the current practices 
are. Were you suggesting that the only thing that would trigger 
the reading or copying of a document would be the presence of 
contraband? Or let's say somebody was stupid enough to write 
down in a letter that they would like to buy some drugs. Would 
customs agents read that letter, apart from the contraband 
being in there, and make a copy?
    Ms. Gurley. I would assume they would make a copy of that, 
and that makes eminent sense. If you find a letter saying I am 
a drug dealer--
    Chairman Feingold. Apart from there being contraband 
present within the briefcase.
    Ms. Gurley. Right. But now they would go through every 
piece of information, including your love letters, including 
your bank--so there is a big difference in how information is 
disseminated and brought across borders now than even 15, 20 
years ago.
    Chairman Feingold. Fair enough. An excellent answer.
    Mr. Tien, I have a related question for you. A few of 
today's witnesses have claimed that under existing case law, 
specifically United States v. Ramsey, customs agents are 
allowed, without any reasonable suspicion, to read the contents 
of paper documents that U.S. citizens carry or send across the 
border. But as you know, the Supreme Court in Ramsey held only 
that customs agents could open international mail--in that 
case, to see if it contained heroin. Indeed, the primary reason 
the Court rejected the defendant's First Amendment challenge is 
that a Federal statute prohibited customs agents from reading 
international mail without a warrant.
    Are you aware of any case in which the Supreme Court has 
held that customs agents can read the contents of travelers' 
personal documents without any reasonable suspicion?
    Mr. Tien. Well, Senator, you are absolutely right about the 
way that Ramsey does that, and I am not aware of any cases that 
have specifically authorized that kind of reading. This is one 
of those situations where the Supreme Court case very, very 
clearly says we do not need to decide this First Amendment 
issue because we already have congressional and regulatory 
protections for the privacy of people's mail. The current law 
may be slightly different, and one of the things that I wanted 
to point out, especially in conjunction with Ms. Gurley's 
testimony about transparency, is that when we have asked CBP 
for documents about how they handle the looking at or the 
photocopying of documents, we get back from CBP redacted, 
blacked-out sections about their policies and practices with 
respect to documents. So it is very unclear.
    Chairman Feingold. Thank you, sir.
    Ms. Khera, the conduct you have described on the part of 
customs agents is quite shocking. I think most people here 
would agree that customs agents should not be asking travelers 
why they converted to Islam, for example. I suspect if a DHS 
official were here, he or she would say that DHS does not 
condone these questions, that these are isolated cases of 
customs agents behaving badly. But, of course, the only way to 
ensure a certain level of conduct is to require it, and to 
punish any violations of that requirement.
    To your knowledge, are there any DHS regulations or any 
Federal laws that specifically prohibit customs agents from 
engaging in the kind of questioning identified in your 
testimony?
    Ms. Khera. Mr. Chairman, we are not aware of any specific 
regulations that govern CBP in this area. We believe that CBP 
is instead relying on age-old statutes as well as we have 
reason to believe that they are relying on internal policy 
guidance. But the problem is that that internal policy guidance 
is not public. My colleagues, the Electronic Frontier 
Foundation and the Asian Law Caucus, have actually sought to 
get copies of policy guidance, directives, potential training 
materials that are given to CBP agents. And CBP has not been 
forthcoming about that material. I think as we have been 
discuss this morning, in order to for Congress and the American 
people to understand how the power, the immense broad power of 
CBP is being used at the border, we do need that information, 
and I think Congress should be rightfully seeking that 
information.
    Chairman Feingold. Thank you.
    As promised, Senator Brownback has returned to do a round 
of questions, and I also want to welcome Senator Durbin, who 
has joined us.
    Senator Brownback. Thanks, Mr. Chairman. I want to 
apologize to the panel and to the Chairman. I had another 
hearing that I was Ranking Member on. They did not both consult 
me on the time of this. I do not know why I do not get a little 
more respect around here. Maybe I should take that as a notice.
    I want to ask, if I could, it seems like in both the 
Chairman's and my opening statements, we agreed kind of on the 
premise, and then we both have questions then on the 
practicality and the implementation of this, is what the Fourth 
Amendment applies to as far as at the border, the rights of the 
country to be able to protect itself, and seeking information, 
and then this area that the court has tried to figure out is 
where does the search become so invasive that it is subject to 
a higher-level standard of review. That is the rub point here.
    Professor Sales, I wish I could have caught the rest of 
your testimony. I apologize. But I appreciated your trying to 
weave through that. How is it that you look at the issue of a 
search of a laptop at the border? Is that something that needs 
to have a heightened level of review or not, as you would look 
and reading the Fourth Amendment decisions that have come down? 
I take it from what your testimony was that the majority of 
courts are saying it does not require that.
    Mr. Sales. Yes, Senator, that is right. My sense is that 
courts have held--and the Supreme Court, if presented with the 
question, would hold--that reasonable suspicion is not required 
to justify a laptop search at the border. There is no question, 
Senator, that laptops are different from a suitcase. A laptop 
is a container, like a suitcase is, but a laptop is capable of 
containing vast amounts of data. An 80-gigabyte hard drive can 
store, I think, the equivalent of tens of millions of printed 
pages. So laptops are different.
    The question, however, is whether laptops are different in 
a constitutionally significant respect, and I think the answer 
to that question is probably no. I think Customs already has 
broad authority under the Supreme Court's border search 
precedents to search property, even property that contains 
extremely sensitive information. I would actually commend to 
you a Texas district court decision that was released just last 
week. This opinion discusses the sorts of property that are 
subject to border searches, suspicionless border searches: 
people's wallets, purses, locked glove boxes, locked containers 
or luggage, State and Federal identification cards, Social 
Security cards, medicines and medical records, names and 
addresses of family and associates, day planners with 
itineraries and travel documents, credit cards, checkbooks, 
registries. The list that the court provided goes on and on.
    Senator Brownback. When I have been on the border, I have 
seen x-ray machines that sat there apparently for some routine 
searches of big trucks in some settings like that. Those are 
used even as, I guess, an invasive type of device.
    But I have to say as well, too, you know, I do not like the 
idea of coming across with my BlackBerry and somebody saying, 
OK, I want to look through your whole BlackBerry, because I 
have got a lot of things in it. I do not know what all is on 
there in some cases, and I do not want people looking at that 
randomly. Do I waive that right in coming across the border?
    Mr. Sales. Well, Senator, understandably, people treat the 
personal data that they store on their electronic devices with 
great sensitivity, and they regard it as very important. But 
the Supreme Court has held that the expectation of privacy at 
the border is different than the expectation of privacy within 
the country. So while we would rightly condemn suspicionless or 
especially warrantless searches of your BlackBerry or your 
laptop on the streets of Washington, D.C., the analysis has to 
change a little bit at the border. And the Supreme Court has 
held that the criterion of reasonableness at the border is the 
fact that it is the border. In other words, a border search is 
reasonable under the terms of the Fourth Amendment because of 
the simple fact that it occurs at the border.
    Senator Brownback. Mr. Tien, I do not know if you note in 
your testimony--somebody did--that you can search--if you have 
got a bunch of photographs with you and you are coming through 
the border, the border agents can search and look through those 
photographs. Is that correct? And that is deemed routine. Is 
that correct?
    Mr. Tien. Under current law, yes.
    Senator Brownback. But if we have a digital camera, I take 
it from what you are putting forward, you are saying, Well, I 
do not think that is reasonable to do a digital camera.
    What is the difference between looking at those two at the 
border?
    Mr. Tien. What we have been talking about is a general 
category of electronic devices that range from a laptop and 
your BlackBerry to a digital camera. And our feeling is that 
for all of these, you have a number of differences between the 
sort of non-electronic version and the electronic version, and 
probably the most important--
    Senator Brownback. Which is? What is the difference?
    Mr. Tien. There is a quantity difference. There is a 
quality difference. And I think sort of to extend the point 
that Professor Sales made, there is a scope of search 
difference. The quantity difference is simply that you can have 
way, way more information: an 80-gigabyte drive is just an 
unbelievable amount of information.
    Senator Brownback. I am getting short on time here. I just 
have some question about whether quantity raises your level of 
expectation of privacy at the border and your other--but let me 
also pursue this with you if I could. If we were to as a 
Congress say we want to tighten up this authority for what the 
border search could do, wouldn't we be conveying to people that 
travel overseas for illegal activities, wouldn't we be 
conveying to them just put it in an electronic form and you are 
more likely to be able to get through than if you had something 
in a physical form of a physical picture? Isn't that the tactic 
then that people that would seek to break these laws and do 
these crimes take?
    Mr. Tien. I do not really think that is a major problem 
when you consider a couple of things.
    First, existing law protects international mail. That is 
actually the law that the Supreme Court pointed to in United 
States v. Ramsey, where they noted that you need reasonable 
suspicion under statute to open up an envelope and would need a 
warrant based on probable cause in order to read the 
correspondence in the envelope. That is why the Supreme Court 
in U.S. v. Ramsey did not touch the First Amendment issue. So 
we have already got laws on the books, for instance, that 
establish privacy for correspondence.
    Second, when we do this electronically, we have the 
protections under the Wiretap Act that control whether or not 
those kinds of communications can be searched.
    So I do not really see that--from a transparency 
perspective that we are really telling folks anything more 
about the privacy interests or about the possibility of evading 
detection through protecting laptops and BlackBerries and 
iPhones any differently.
    I also wanted to respond to one of your earlier points, 
Senator, about quantity. I was not saying that quantity is the 
only reason to differentiate digital devices. There is also the 
fact that the nature and the question of information on those 
devices is, it seems to me, much more personal because of the 
nature of the way that these devices have really embedded 
themselves into both our personal lives and our work lives. And 
what that ends up meaning is that your devices are like 
carrying a giant autobiography of the person in a way that is 
very different from most physical conveyances, and that creates 
what I call a scope of search problem.
    The purpose of or the function of a legal standard like 
reasonable suspicion or probable cause is not merely to 
establish the threshold reason for being able to perform a 
search. It also establishes the standard for the scope. How far 
can the search go? If you have probable cause to search 
something, then that also entails how much of something you can 
search. Because once you go past the amount that the suspicion 
or the cause, then you have gone too far. The Fourth Amendment 
was intended to prevent general searches and general warrants, 
things without particularity. And so the idea of having--
    Senator Brownback. I think I got the point here from you. I 
just do really question if we are not conveying a signal to 
people then that here is the way you get these in and you have 
a heightened protection at the border rather than another. And 
I still, though, have real trouble with the idea of people do 
bring these devices, I use them and bring them across the 
border because I hope to be able to use them when I am 
traveling. So I do think we have a real question to wrestle 
with.
    Thanks, Chairman.
    Chairman Feingold. First let me compliment the Ranking 
Member for the balance and quality of his questions, and I just 
want to review the question that was asked of Professor Sales.
    Senator Brownback specifically said he did not like the 
idea of his BlackBerry being unloaded at the border, and he 
asked specifically if he waived his right to do that. You gave 
a scholarly answer, and I heard every word of it. But the 
answer can only be, based on your words, yes, Senator Brownback 
has waived his rights.
    Mr. Sales. Senator, I would not take credit for that 
myself. I would say those are the Supreme Court's words.
    Chairman Feingold. Fine, but I just want everyone to know 
that is the whole core of why we are having this hearing. 
Senator Brownback's rights to privacy of his BlackBerry are 
waived completely at the border, according to your 
interpretation of the Supreme Court. And I think that is 
something we have to examine.
    Mr. Sales. If I could, Senator?
    Chairman Feingold. Yes, sir.
    Mr. Sales. Thank you, Mr. Chairman. There is no question 
that when crossing the border, a U.S. citizen retains his 
Fourth Amendment right against unreasonable searches and 
seizures. The Fourth Amendment applies at the border. The 
border is not a Fourth Amendment-free zone.
    The question then becomes what kind of search counts as 
reasonable, and the Supreme Court has held for a number of 
decades that a routine border search can take place with no 
reasonable suspicion whatsoever.
    So the answer to your question, I believe, is the Supreme 
Court has said ``yes, but.''
    Chairman Feingold. Yes, but the ``but'' does not you any 
good because it is a ``routine'' search so everything is open. 
Now I am going to turn to Senator Durbin for his round.
    Senator Durbin. Thank you, Mr. Chairman, for this hearing.
    About 10 years ago, the NBC television station in Chicago 
received a complaint from a woman who said she was traveling 
routinely through Chicago O'Hare, was stopped and strip 
searched, and she thought it was outrageous. She was African-
American. The story ran on the air, and as a result of that 
story, a number of other African-American women who had gone 
through the same experience called the station. The woman who 
handled the story decided to make a plea that all of the 
African-American women who had been strip searched at Chicago 
O'Hare should contact the station, and it ended up with I think 
close to 20 when it was over.
    It turned out that the U.S. Customs Service had established 
a practice at Chicago O'Hare that if you were an African-
American coming from certain countries in the Caribbean, that 
they were going to stop more of them, detain them, and search 
them. Clearly, this was a case of profiling, and the complaint 
was made and an investigation initiated. The GAO investigation 
that I requested found there was a clear pattern of profiling 
against African-American women. You can understand the personal 
outrage of these women who were traveling, under innocent 
circumstances, who were being singled out.
    As a result, Ray Kelly, who was then head of the Customs 
Service, announced that that would end, and I commended him for 
doing the right thing.
    Now I am hearing complaints from particularly my Pakistani-
American friends, but others, Arab, Muslim friends, that they 
are being singled out, and some of them with great 
embarrassment, men and women, are being stopped not for a strip 
search but for lengthy interrogation and for searching of their 
belongings. Many of them are reputable business people who have 
been established in the Chicago community for 10, 20 years, who 
have businesses with many employees. And travel has become an 
opportunity for harassment. And I understand the line of this 
questioning when it relates to laptops, but I also want to go 
to the larger issue of profiling and elicit some comments from 
you relative to that.
    Ms. Khera, does the DHS policy allow for Arab and Muslim 
Americans to be singled out for scrutiny on the basis of their 
national origin or religion?
    Ms. Khera. Senator Durbin, you raise an excellent question 
and let me also first say--just thank you for your leadership 
on this issue. I know back 10 years ago when these issues arose 
involving the U.S. Customs Service, you led the fight here in 
Congress in trying to hold the U.S. Customs Service, the 
predecessor to the CBP, accountable at that time. So thank you 
for your continued interest in these issues.
    We believe that the current DHS guidance on this issue is 
not sufficient, that it does allow basically an escape hatch at 
the borders for DHS to use race, ethnicity. And what we heard 
this morning--in fact, I am very pleased to hear--is that there 
seems to be unanimity on this panel that singling Americans out 
based on their faith, ethnicity, is wrong and it is 
impermissible.
    I think two things. One is I think it behooves Congress to 
make it clear that that is the case, because clearly lessons 
were not learned from the experience of 10 years ago, and I 
think we do need some very direct authority on this. And I know 
Senator Feingold has a bill on this issue, the End Racial 
Profiling Act. You have been also a strong supporter of that, 
and I think it behooves Congress to move on that legislation.
    I think the second issue that this raises is even if in 
policy folks can agree that people should not be targeted, what 
is happening in practice, and are CBP agents receiving the kind 
of training they need and the proper guidance to ensure that 
they are not targeting people and not asking inappropriate 
questions.
    And, finally, I would encourage Congress to conduct 
oversight, to be demanding of CBP the policy and guidance that 
is being given to these agents, as well as having CBP provide 
Congress with information about the basis for why people are 
being subjected to secondary inspection, the kinds of questions 
that are being asked, and items that are seized, and if 
information is being seized, how it is being used, how is it 
being stored and shared.
    Senator Durbin. In this age of concern about security and 
terrorism, is it possible or even realistic to say that when it 
comes to these border situations, our Government cannot use 
race, religion, or ethnic background as the basis for searches 
or questioning?
    Ms. Khera. I think it is absolutely necessary for our 
Government to be clear that we are not targeting people based 
on those factors. I think those factors can be used in 
combination with other factors indicating some kind of criminal 
activity. So if there is, for example, a specific description 
of a suspect, a criminal suspect, or a specific terrorist who 
might be crossing the border, those factors can then be used. 
But as a general matter, it is not smart border policy. It is 
not fair as a matter of the Constitution, and it is not 
effective, because with the limited scarce resources, as even 
my colleague Mr. Carafano pointed out, CBP has scarce 
resources, and we need to be sure that CBP agents are using 
those scarce resources in an effective way and not targeting 
the family man who is returning home from a business trip to 
Japan with very invasive, intensive scrutiny. Because for every 
minute that is spent on targeting him, it is 1 minute less that 
CBP could be focusing on actual wrongdoers.
    Senator Durbin. Almost 4 years ago to the day, I asked 
then-DHS Secretary Tom Ridge in this Committee room about the 
special registration program, and he said at the time that he 
was going to modify or eliminate the program. Well, that has 
not happened in the 4 years since.
    I would just ask this kind of general question to all the 
witnesses. Mr. Carafano, you testified that, ``In order to be 
successful, CBP must avoid predictable patterns of behavior.'' 
This is the fundamental problem I see with profiling based on 
race, national origin, and religion. It is predictable, and 
terrorists and others seeking to do us harm can evade the 
profile once they learn about it.
    So is there anyone here who disagrees with the premise that 
profiling on the basis of race, national origin, or religion 
may actually be counterproductive? Is there anyone who 
disagrees with that concept? Remarkable unanimity. I appreciate 
that very much.
    Chairman Feingold. Let the record reflect that no one 
disagreed.
    Senator Durbin. I would like to ask; is profiling worse at 
some airports in America than others? Testimony received today 
mentioned several instances in the San Francisco airport, and I 
wondered, obviously, if there had been any incidents at O'Hare 
or other airports.
    Ms. Khera. Senator, the complaints that we have received 
and other civil rights organizations have received have come 
from a number of different airports and land crossings. That 
includes San Francisco, Seattle, Newark, Houston, Boston, as 
well as land crossing in Detroit and the Washington State-
Canadian border. So it has been a variety of different 
locations.
    Senator Durbin. So it is not one particular airport. It is 
many.
    Ms. Khera. Yes.
    Senator Durbin. Thank you very much, Mr. Chairman. I 
appreciate it.
    Chairman Feingold. Thank you, Senator Durbin. I will begin 
another round.
    Professor Swire, DHS's written testimony asserts that CBP 
border searches have helped to identify terrorists attempting 
to enter the United States. The testimony does not mention 
whether or not these laptop searches could have proceeded even 
if a reasonable suspicion standard were in place. In the few 
specific examples that are mentioned, it seems abundantly clear 
that reasonable suspicion was present, and so a reasonable 
suspicion requirement would have not interfered with 
apprehending these individuals.
    The same is true of Zacarias Moussaoui, whom Professor 
Sales mentioned in his testimony. In Moussaoui's case, an FBI 
agent determined that there was a 50-percent probability his 
computer contained evidence of criminal activity. Although this 
was considered insufficient for probable cause, it surely was 
enough for reasonable suspicion.
    Do you think requiring a reasonable suspicion threshold for 
electronic searches will result in terrorists slipping through 
our fingers?
    Mr. Swire. Mr. Chairman, I think the reasonable suspicion 
threshold is a sensible and traditional legal way to go here. 
Maybe I can just briefly make a response to Senator Brownback, 
who asked earlier whether there is any distinction we can make 
between digital cameras and digital laptops and the rest.
    I think there is an important distinction that was not 
highlighted yet, which is that with digital things you do not 
just get a border search; you get a permanent search, that 
there is a record kept and a searchable data base created. And 
that does not happen with a suitcase, but it happens with these 
digital things. So the permanent search and the ability then to 
move it around the information--sharing environment makes all 
of these searches very different from traditional other 
searches. It is an additional clear legal reason to have a 
suspicion before these searches happen.
    Chairman Feingold. Did you want to respond to the part of 
my question about reasonable suspicion?
    Mr. Swire. Reasonable suspicion. So I think in answer to 
your question, my reading of the cases is that the examples 
pulled out about terrorism involve reasonable suspicion. And I 
have not quibbled with and I believe in your opening statement 
you made mention that reasonable suspicion is an acceptable 
basis for searches at the border. It is random or suspicionless 
searches that the business travelers and the rest of us have 
very severe concerns about, and it is the one--suspicionless 
searches are the ones that pose the biggest computer security 
and general infrastructure risks.
    Chairman Feingold. On that point, Ms. Khera, we have heard 
testimony from Ms. Gurley about the practical harms of 
subjecting business travelers to laptop searches, including the 
increased cost to companies and loss of competitive edge for 
our country. What is the harm that we suffer as a nation when 
Americans are singled out for intrusive searches and 
questioning because they are Muslim or because they are of Arab 
or South Asian descent?
    Ms. Khera. Mr. Chairman, first let me make it clear that I 
think all Americans, including Muslim-Americans, certainly are 
willing to put up with some inconvenience to ensure that our 
country is safe and secure. And I think what we are talking 
about is not just mere interference but some activities 
questioning searches that actually go beyond and really in some 
cases result in hours of being detained and being interrogated, 
and we have at least one case where the actual property, the 
cell phone was actually returned in a damaged and inoperable 
condition. So there is some very specific harm to individuals. 
And I would say in terms of more broadly speaking, in terms of 
your question about the harm to our country, I think 
fundamentally this is an issue of is this an effective--are 
these effective tactics? And is the broad power of the CBP 
being used to actually focus on the bad guys? Or are they 
really, you know, following the leads, following the actual 
evidence, facts indicating criminal activity? Because, again, 
we have scarce resources, and in order to be safe and secure, 
we need our resources being used in a targeted way going after 
the bad guys.
    Chairman Feingold. Thank you.
    Professor Swire, if we assume, just for the sake of 
argument, that the Government has always had the right to read 
any document that citizens carry with them across the border, 
travelers in the past could avoid that situation by choosing 
not to take sensitive documents with them on their travels. 
Now, is that a practical option for most traveling Americans--
to just leave their laptops at home or delete any private 
information before traveling?
    Mr. Swire. It does not seem a very good option, and they 
impose costs on travelers if they have to get a second laptop 
or get a second BlackBerry or whatever.
    Something that Dr. Carafano said earlier is that the border 
people will be limited by resources so they will not copy very 
much, they will not do this very much. But the cost to copying 
and storing data is going down to close to zero. We have 
technology to just make it a routine thing to copy at the 
border, and part of the reason to have this hearing now is 
before we get to that point, we should have procedures in 
place.
    Chairman Feingold. Ms. Gurley, Mr. Cunningham testified 
that American citizens have no reasonable expectation of 
privacy in the contents of their laptops at the border because 
the country from which they have traveled may have searched the 
laptops as well. He states, ``I submit that many countries 
conduct much more aggressive searches than the United States.''
    Is that consistent with what the members of your 
organization have experienced in their business travel? Do 
other countries examine the contents of laptops without 
individualized suspicion?
    Ms. Gurley. I believe that Canada has similar regulations 
to us, but I assume that countries like Uzbekistan, North 
Korea, and other countries search your laptops, but I do not 
think that should be our benchmark.
    Chairman Feingold. Thank you.
    Senator Brownback?
    Senator Brownback. Thank you, Mr. Chairman.
    Dr. Carafano, you said in your written testimony that there 
are numerous instances where we have gathered crucial 
information from terrorists' laptops. Could you give us a 
couple of examples of where that has happened?
    Mr. Carafano. Absolutely, Senator. I would just like, if I 
may for the record, Professor Swire said that I was talking 
about costs on the border. I was primarily referring to costs 
of individuals and the time of the individual agents at the 
border. I was not talking about the cost of, you know, taking 
and storing data.
    Senator Brownback. With costs at the border for as far as 
that there is the time of inspection of the people?
    Mr. Carafano. That is absolutely the most critical element 
because there are two costs there. There is, one, the cost of 
the agent. You are taking--you are occupying the time of that 
agent and secondary inspection, focusing him on an individual. 
So that is the most--that agent is the most important in the 
line of defense at the border of making the determination of 
whether this person is a high-risk traveler, how much time 
should be spent with them, you know, how much of a risk do they 
actually--how much questions you need to ask, how much do you 
need to determine probable cause, because maybe you need to 
make a more intrusive inspection. So that is an incredibly 
valuable asset, and that is the real time we are concerned 
about.
    And the second--
    Senator Brownback. Just on that, how many border crossings 
a year happen into the United States by U.S. citizens?
    Mr. Carafano. Millions.
    Senator Brownback. Does anybody know the actual number?
    Mr. Carafano. Tens of millions.
    Senator Brownback. I thought I had seen at one point in 
time that we had legal crossings a year into this country of 
over 200 million. Legal crossing into the country per year.
    Mr. Carafano. That may be if you want to count citizens or 
the number of times they actually cross the border. Some people 
in San Diego, for example, cross the border several times a 
day, and every one of those counts as a crossing.
    Senator Brownback. I guess my point of that--and I do not 
know how many border agents we have that do that actual 
inspection. Does anybody know that actual number?
    Mr. Carafano. Well, it depends. For example, at L.A. Long 
Beach, there are about 1,500 CBP agents at the port of L.A. 
Long Beach, give or take, doing not just border inspections, 
not just inspecting people, but cargo and everything else.
    Senator Brownback. It has been my experience that a lot of 
people cross these borders every day, and so what you are 
talking about is just a practical effect of agents looking, and 
that is your primary line of defense right there, is pretty 
limited about the amount of time that they have per person and 
decisionmaking that they have.
    Mr. Carafano. That is correct, Senator. And the other great 
concern we have is the travelers themselves. The more time they 
spend at the border, the higher the transaction costs of 
crossing that border for them and their company and the people 
that they serve. So you want to reduce those down to the 
minimum you possibly can, but you want to make sure that your 
security concerns are absolutely looked after. And so that is 
why you want to focus those assets on the high-risk travelers. 
And you are going to use a range of resources to do that from 
intelligence gathering to sharing of information. And that is 
why these initial searches are an important part of that whole 
thing.
    I do think it is important that we make a distinction 
between an intrusive search, which does require probable cause, 
and what you would call a suspicionless search or inspection. 
You know, generally, even suspicionless searches and 
inspections are bad because they increase transaction costs. 
But that is not always the case. There is one category of 
suspicionless search or inspection that makes perfect sense, 
and that is a random inspection because, remember, what you are 
trying to do is just not speed travelers through, you are 
trying to identify bad guys. And part of catching the bad guy 
is making sure that they cannot identify the patterns of 
inspection that you are using. So randomness is an important 
component of that.
    For example, we have a Container Security Initiative. We 
inspect a percentage of high-risk cargo coming into the United 
States. But occasionally we will just pull off a container and 
just x-ray it for no other reason, just to try to make it more 
difficult for people to identify the pattern of characteristics 
that we are looking for to identify high-risk behaviors.
    So, again, to make that inspector at the border the most 
efficient and effective possible, we do have to be concerned 
about two things. One is we cannot make his trade craft so 
transparent that the terrorist or criminal can say, Oh, I will 
just do this and I will walk through. And the other thing is we 
have to give him the discretionary authority that he needs so 
he can focus his resources on the high-risk travelers. Again, 
the way we do that is to maximize the human capital investment 
we make in them so they are not doing racial profiling, 
maximize the technology they have available so they can get the 
information they need to identify high-risk travelers. But 
equally important is to provide them the flexibility they need 
in doing searches that are not intrusive, to be able to 
identify who are the people they should focus on.
    Senator Brownback. Give me a couple of examples of what we 
have caught on terrorists' laptops.
    Mr. Carafano. I think that is a great question because I 
think it is unquestionable that technology can be a formidable 
weapon. I mean, the most startling examples, of course, are not 
actually border-crossing incidents, but, for example, when we 
went into Pakistan and uncovered computers which had enormous 
data on al Qaeda operations. The computers and records that 
have been looked at, for example, in regards to A.Q. Khan and 
forensically what we have been able to determine about the 
terrorist network that they use for the movement of people and 
material is huge. So the fact that a technology like a computer 
can be a weapon and can contain an enormous amount of material 
that indicates malicious and criminal activity, I do not think 
that is disputable.
    Senator Brownback. Thank you, Mr. Chairman.
    Chairman Feingold. Just a couple more questions from me.
    Mr. Tien, as you know, the Constitution prohibits searching 
an American citizen's laptop within the borders of this country 
without probable cause and a warrant. If no limits are placed 
on customs officials' ability to search laptops at the border, 
what is to stop law enforcement agencies from staging an end 
run around the constitutional requirement of a warrant by 
requesting that customs officials perform the search the next 
time that individual attempts to travel overseas?
    Mr. Tien. I am afraid that there is not any current limit 
on that, and we have actually seen cases in which it appears 
that individuals are searched when they come back from 
international travel because there is some sort of vague red 
flag alert in the data base that says ``put this person into 
secondary screening and then search.'' The cases are not always 
clear on the actual reason why that flag was in there. It is 
just, ``pull this guy over.''
    So we are very concerned that this problem of suspicionless 
searches does not require that everyone be searched. It can 
simply be that the Government is abusing its authority to pick 
out people based on factors that would not support probable 
cause in the United States.
    Chairman Feingold. Thank you.
    Professor Swire, I was struck by your comparison to the 
encryption wars of the 1990s, which I found quite apt. One 
particularly compelling point you made was the ultimate 
futility of anti-encryption rules in achieving the intended 
goal of preventing the use of strong encryption. You drew a 
comparison to laptop searches, stating that ``moderately smart 
criminals and terrorists'' would be able to avoid having 
electronic information captured through border searches.
    Can you elaborate on why you do not think laptop searches 
will be particularly helpful in apprehending competent 
criminals and terrorists?
    Mr. Swire. Thank you, Mr. Chairman. If we assume moderate 
intelligence and the ability to do searches on the Internet for 
today's hearing transcript, the first thing that you do if you 
are trying to avoid the border is you do not carry things in 
your laptop. You can load your files in heavily encrypted form 
up to a server, and then when you get to the far side, you 
download it from the server, and there is never anything in 
your laptop when you cross the border.
    The second trick is using TrueCrypt or other software that 
is easily available today in the public market, widely used. 
And what you do then is you take your laptop, and when the 
agent says, ``Open it up and give us your password,'' you open 
it up, but there is a second layer of encryption so the 
directory does not show the hidden part of your hard drive that 
has the other things hidden in there.
    That does require you to lie to the Border Patrol officer, 
so the Border Patrol officer says, ``You can see everything 
here? '' And you say, ``Oh, yes, sir, it does.'' But at a 
technological level, the Border Patrol agent has gotten in 
partway to your computer but cannot get the rest of the way in. 
So that is two ways through that are widely known today.
    Chairman Feingold. Senator Brownback, did you want to 
followup?
    [No response.]
    Chairman Feingold. First let me thank Senator Brownback for 
his very--
    Ms. Khera. Mr. Chairman, do you mind if I--
    Chairman Feingold. Very briefly, please.
    Ms. Khera. Just a brief comment, because in Dr. Carafano's 
last statement, he was mentioned Pakistan and laptops that have 
been found in possession of al Qaeda with various material. And 
I think it is just worth clarifying that the community has been 
concerned that the DHS is using the factor of which country 
people have traveled to as a potential basis for singling out 
people, and I just wanted to clarify that the kinds of stories 
we hear around the Muslim community do not seem tailored to the 
issue of trying to determine whether there is somebody who has 
been mingling with al Qaeda in Pakistan and potentially 
carrying laptops. You hear questions about the political views, 
Presidential candidates, how often they pray, their 
associations with people in the United States, and it seems to 
be tied not to criminal activity but instead some part of some 
broader intelligence-gathering exercise. So I just wanted to 
clarify.
    Chairman Feingold. Fair enough, and as luck would have it, 
or I guess the world we live in, I am trying to get to a 
Foreign Relations hearing on Pakistan right now. So I want to 
thank all the witnesses for their testimony. I think it is 
extremely important to start giving close examination to this 
issue because we are to some degree in uncharted legal 
territory. I appreciate Senator Brownback's active and valuable 
participation in the hearing.
    As I mentioned at the beginning of the hearing, neither the 
Framers of the Fourth Amendment nor the Supreme Court when it 
crafted a broad border search exception could have conceived of 
a world in which Americans crossed over the border dozens of 
times each year, carrying with them virtually all of their 
personal information. It is time for the law to catch up with 
reality. This hearing has shed some light on what that reality 
is and how ordinary law-abiding Americans are affected when the 
Government claims an unlimited right to search their laptops.
    There is room for common sense here. I suspect everyone in 
this room who is learning about these searches for the first 
time had a visceral reaction to the idea of the Government 
reading through the contents of their laptops, browsing their 
e-mails, and looking to see what websites they have visited. 
That reaction, I am guessing, was very different from the 
reaction they would have if asked to open their suitcase. In my 
opinion, these different reactions demonstrate the need for 
different policies.
    I also think this issue has to be placed in the larger 
context of this administration's ongoing assault on Americans' 
privacy. There was a statement in Mr. Cunningham's written 
testimony that I found breathtaking. He said, ``Given the 
possibility of surveillance of phones and the Internet, `old-
fashioned' smuggling across the border, by storing files on a 
laptop, might prove a safer and more attractive alternative for 
[terrorist] communication provided the persons doing so could 
be assured that the computer would not be subject to the 
possibility of random and suspicionless search.'' The 
implication is that the way to stop terrorists is to ensure 
total Government surveillance authority over every person at 
every point, both inside our borders and out.
    That is certainly one way we can respond to the threat we 
face from terrorism. We can become a surveillance state. But I 
remain convinced that a better approach is to remain true to 
our core values as a Nation. I do not think that suspicionless 
searches of Americans' laptops at the border or anywhere else 
are consistent with those values, nor do I think they are an 
effective means of fighting terrorism.
    Many of the witnesses today had ideas for solutions that 
would bring border searches back in line with our values and 
our constitutional principles. I will be taking a close look at 
these ideas in the weeks ahead. Because of the upcoming holiday 
recess, the hearing record will remain open for 2 weeks for 
additional materials and written questions for the witnesses to 
be submitted.
    As usual--
    Senator Brownback. Mr. Chairman, I want to make a closing 
comment.
    Chairman Feingold. OK. Why don't you go ahead and then I 
will finish.
    Senator Brownback. Mr. Chairman, I was not going to make a 
closing comment, but with yours, I think it is appropriate as 
well to also draw some balance on this. I think this is a good 
topic for us to discuss. It is an important one. I think you 
also get a little stretching on the administration's--they are 
just trying to search everybody. I think you have got a very 
practical concern here that we are trying to protect, the 
people are trying to protect the country, and that you have got 
hundreds of millions of crossings a year. You have people 
attempting to come into the country or from the country to do 
us harm, and you have got a real security need that is here. I 
think you have a court that has responded to this, that it has 
addressed some of the issues right at the border and your 
standards of review that exist at that border.
    I would hope people would look at that in a balanced sense 
and would say, OK, we do have legitimate--there are legitimate 
security needs, standards at the border have been established 
by the courts, and we need to see some practical implementation 
of that where you have hundreds of millions of people crossing 
the border. I cross the border on not an infrequent--a couple 
of times a year, and I think we can be sensible about that 
without just the hyperbole of blaming an administration that 
wants to have a surveillance state. They do not want to have a 
surveillance state. Nobody wants to have that. Nobody wants to 
stand for that. But we do want to try to keep the American 
people safe. And it is just a very practical thing that I hope 
we could work on a practical basis, protecting those 
constitutional rights, recognizing the difference that the 
Court has articulated at the border, and try to work that on 
forward.
    Thank you, Mr. Chairman.
    Chairman Feingold. Let me simply conclude by saying I wish 
that what I said about the administration was extreme. But it 
is not. This administration for years has created an 
environment, whether it be the Inspector General's reports 
about the detentions of Muslim-Americans and others right after 
9/11 or any number of other practices--you name it. They have 
created this environment where, frankly, people might believe a 
level of surveillance and activity that is even beyond reality. 
We are going to have a new administration, whether it is 
Republican or Democrat, but the historical record is clear that 
this administration has been reckless with regard to the 
privacy of the American people. And I realize we disagree on 
that, and this was not the focus of the hearing, but I believe 
that if we are going to fix all this, we need to have a 
different environment with regard to the next administration. I 
am hoping we get that.
    As usual, we will ask the witnesses to respond promptly to 
any written questions so that the record of the hearing can be 
completed. Thank you.
    This hearing is adjourned.
    [Whereupon, at 10:49 a.m., the Subcommittee was adjourned.]
    [Questions and answers and submissions for the record 
follow.]