Posted by: Wade Davies on Mar 1, 2021

Journal Issue Date: March/April 2021

Journal Name: Vol. 56 No. 2

Someday, we might get to travel again. If so, most lawyers will still be wed to our electronic devices.

A lawsuit recently filed by an immigration lawyer and covered in the ABA Journal made me wonder whether it is possible to travel internationally while fulfilling our ethical responsibilities to clients to preserve confidential information without falling under suspicion of obstruction of justice.

Attorney Adam Malik has sued the U.S. Department of Homeland Security after its agents detained him and seized his iPhone at the border.1 He alleges that an agent also told him that he was chosen “at random” for heightened screening. If that is true, it seems highly coincidental given that Mr. Malik has active cases against the agency (and was himself a former Department of Homeland Security agent). The lawsuit alleges that agents tried to ask him questions about specific clients. The agency stated that it intended to break the password and subject his phone to enhanced forensic inspection.

Regardless of how Mr. Malik’s case comes out, it reminds us that crossing U.S. borders is not simple for lawyers.

The Government May Examine and Copy Electronics  at the Border

Mr. Malik’s case presents a dramatic example, but there is no question that it is the position of the United States government that federal agents may examine electronic devices of anyone crossing the border, and they may do so without a warrant and without having to show any objective reason for their suspicion.

U.S. Customs and Border Patrol (CBP) has a Directive that distinguishes between basic and advanced searches. A basic search involves the agent examining the contents of the phone itself. An advanced search involves extraction of the contents for forensic examination. An advanced examination requires “reasonable suspicion” or a “national security concern.”2

According to the Department of Homeland’s Security’s “Privacy Impact Assessment” for its digital forensics program, it may “extract or later identify and retain” information from an electronic device including:

  • Contacts
  • Call Logs/Details
  • IP Addresses used by the device
  • Calendar Events
  • GPS Locations used by the device
  • Emails
  • Social Media Information
  • Cell Site Information
  • Phone Numbers
  • Videos and Pictures
  • Account Information (User Names and Aliases)
  • Text/chat messages
  • Financial Accounts and
  • Transactions
  • Location History
  • Browser bookmarks
  • Notes
  • Network Information
  • Tasks List.3

If you have ever seen a cell phone extraction in discovery, you know that forensic software can create a timeline using the above information that sets out almost everything the user did by correlating texts, email, calls, location, social media (and don’t forget other smart devices now collect health information)

The purpose of this column is not to debate whether that authority should exist. As a practical matter, the authority does exist, and those seizures are carried out thousands of times per year. There is, however, a circuit split regarding whether the more invasive forensic searches can be done without suspicion.4

‘Privilege Review’

Apparently in response to an American Bar Association request in 2017, the search directives for agencies within the Department of Homeland Security have been updated to include what purports to be a privilege review process.5 But that review puts the burden squarely on the attorney to identify privileged material. The CBP policy provides that when a subject of the seizure objects on the ground of privilege, “[t]he Officer shall seek clarification, if practicable in writing, from the individual asserting this privilege as to specific files, file types, folders, categories of files, attorney or client names, email addresses, phone numbers, or other particulars that may assist CBP in identifying privileged information.”6 Would you be able to identify in writing the files on your phone or your laptop that are arguably privileged? I don’t think so. The policy also does not acknowledge that lawyers have a duty to preserve confidential information far beyond what the attorney-client privilege covers.

The policy provides that claims of privilege will be handled through CBP/ICE counsel and U.S. Attorney’s offices using a “Filter Team” approach. In other words, the government will examine the allegedly privileged information to determine whether it should be protected. At least one United States Court of Appeals has pointed out serious issues with a “filter team” approach.7

Tennessee Rules of Professional Conduct

Tennessee lawyers have a duty to use reasonable care to assure that client confidentiality is protected and client property is safeguarded.8 Additionally, a lawyer has a duty to maintain reasonable technological competence.9 This would include an understanding of what confidential information is accessible on your electronic devices. An attorney with managerial authority must also see to it that associates and employees protect confidences on their electronic devices.10

Are there Best Practices for Lawyers Crossing the Border?

There has been a good deal written about what lawyers should do to protect client confidences when crossing the border.11 So what is the best way to fulfil your duty? One way to handle the issue is just to cross the border and object if the agents seize your phone. The New York City Bar has suggested that this approach satisfies an attorney’s ethical obligations as long as the attorney makes reasonable efforts to assert the privilege upon being requested to turn over the device.12

While I am sure that no one would be disciplined by the Tennessee Board of Professional Responsibility after taking this approach, given the difficulties I see in effectively asserting the privilege, the fact the policy only applies to privileged information and not all confidences, and considering the dangers of “filter team” review, I’m not sure that is enough. I do like the New York City Bar’s suggestion of carrying a copy of the Directive with you in order to point to the policy on privilege.

Most of the articles suggest first to not take unnecessary devices. But even if you leave your laptop at home, it isn’t realistic for most of us to travel without a smart phone. An ABA column suggests the use of a “burner phone.” Would that solve the problem, though, since attorneys are probably going to access client information before coming back across the border?

Could Safeguarding Confidences Be Interpreted as Illegal?

The Directive does not allow agents to use the devices to access material stored in the cloud. Many of the articles and the New York City Bar opinion suggest deleting certain files. One approach would be to store all your files in the cloud and reformat your phone before crossing the border. That might fulfil your ethical duties.13

But would you be obstructing justice? Title 18 U.S.C. Section 1519 is sometimes referred to as anticipatory obstruction of justice because it has been interpreted to not require there to be an investigation underway. The statute criminalizes destroying, concealing, covering up, etc., any record or document with the intent to impede, obstruct or influence an investigation or proper administration of any matter within the jurisdiction of any agency. There doesn’t have to be an actual investigation — destroying the documents only has to be “in contemplation” of such a matter.14 Could wiping your phone in contemplation of a border agent seizing it potentially be interpreted to violate the statute? While my personal view is that attempting to fulfil your ethical obligation should preclude a finding of criminal intent, people whose opinions count more than mine might well disagree.

Conclusion

This is the part of the column where I usually claim to know the answer to the question I’ve raised. I’m sorry but I’m not sure about this one. But if you are going to travel across the border, please have a plan in place for what to carry and how to best preserve client confidences in the event your electronics are examined or seized. If you are a member of a firm, make sure all your employees who have access to files do the same. 

WADE DAVIES is the managing partner at Ritchie, Dillard, Davies & Johnson PC in Knoxville. He is a 1993 graduate of the University of Tennessee College of Law. The majority of his practice has always been devoted to criminal defense. Davies is a member of the Tennessee Bar Journal Editorial Board.

 


NOTES

1. Malik v. U.S. Dept. of Homeland Security, et al., Case 4:21-cv-00088-P (NDTX, filed 1/25/2021); Weiss, “Immigration lawyer sues over seizure of his cellphone at airport,” https://www.abajournal.com/news/article/texas-immigration-lawyer-sues-over-seizure-of-hiscellphone-at-airport.
2. “Border Searches of Electronic Devices,” CBP Directive No. 3340-049A, date Jan. 4, 2018, review date January 2021, available at https://www.cbp.gov/sites/default/files/assets/documents/2018-Jan/CBP-Directive-3340-049A-Border-Search-of-Electronic-Media-
Compliant.pdf.
3. “Privacy Impact Assessment for the U.S. Border Patrol Digital Forensics Programs,” Department of Homeland Security Reference No. DHS/CBP/PIA-053(a), dated July 30, 2020, available at https://www.dhs.gov/publication/border-searches-electronic-devices.
4. Gina R. Bohannan, “Cell Phones and the Border Search Exception: Circuits Split Over the Line Between Sovereignty and Privacy,” 78 Md. L. Rev. 563, 578 (2019).
5. Letter of Linda Klein, ABA President, to General John F. Kelly, Secretary of Homeland Security, May 5, 2017, available at https://www.americanbar.org/content/dam/aba/images/government_affairs_office/attyclientprivissue(bordersearchesofattorneydevices,abalettertodhs,finalversion,may5,2017).pdf; Weiss, “Traveling out of the country: Lawyers should consider using ‘burner’ devices,” https://www.abajournal.com/news/article/traveling_out_of_the_country_lawyers_should_consider
_using_burner_devices.
6. CBP Directive, section 5.2.1.1
7. United States v. Under Seal (In re Search Warrant Issued June 13, 2019), 942 F.3d 159 (4th Cir. 2019).
8. See, Tenn. Sup. Ct. R. 8, RPC 1.6(a) and 1.9(c).
9. See Tennessee Board of Professional Responsibility, Formal Ethics Opinion 2015-F-159, “Storing Client Information in the Cloud.”
10. Tenn. Sup. Ct. R. 8, RPC 5.1, 5.3.
11. E.g., Keith Fisher, “U.S. Border Searches of Electronic Devices: Recent Developments and Lawyers’ Ethical Responsibilities,” Business Law Today, March 13, 2018, https://businesslawtoday.org/2018/03/u-s-border-searches-of-electronic-devices-recentdevelopments-and-lawyers-ethical-responsibilities; Keith Fisher, “Update on Border Searches of Electronic Devices,” ABA Business Law Today, March 26, 2020, https://businesslawtoday.org/2020/03/update-border-searches-electronic-devices/; Candace M. Groth, “Crossing the Border: Tips for Attorneys,” Bench & Bar of Minnesota, August 2, 2019, https://www.mnbar.org/archive/msba-news/2019/08/02/crossing-the-border-tips-forattorneys; Weiss, “Traveling out of the country: Lawyers should consider using ‘burner’ devices,” https://www.abajournal.com/news/article/traveling_out_of_the_
country_lawyers_should_consider_using_burner_devices.
12. New York City Bar, Formal Ethics Opinion 2017-5, https://www.nycbar.org/member-andcareer-services/committees/reports-listing/reports/detail/formal-opinion-2017-5-an-attorneysethical-duties-regarding-us-border-searches-of-electronic-devices-containing-clientsconfidential-information.
13. This would depend on the degree of online security in the host country.
14. United States v. Kernell, 667 F.3d 746, 753 (6th Cir. 2012)(rejecting constitutional challenge).