US border officers don't always delete collected traveler data

They also aren't properly documenting all their device searches.

Privacy advocates aren't just concerned about warrantless device searches at the border because of the potential for deliberate abuse -- it's that the officials might be reckless. And unfortunately, there's evidence this is the case in the US. Homeland Security's Office of the Inspector General has released audit findings showing that Customs and Border Protection officers didn't properly follow data handling procedures in numerous instances, increasing the chances for data leaks and hurting accountability.

Most notably, border officers conducting advanced searches (that is, where they transfer data for analysis) didn't always delete traveler information after they'd moved it to CBP servers. There were USB thumb drives with old search data at three out of five ports of entry studied, the Inspector General's Office said. There also didn't appear to be a written policy for scrubbing data despite trainers telling officers to delete everything.

The study also showed that agents didn't always disable networking on devices to ensure they were only accessing local data. Moreover, out of 194 electronic media search reports auditors studied, 67 percent (130) had one or more problems. Officers would write vague or inaccurate descriptions, for instance. The CBP division governing field officers also didn't renew search tool licenses on time, and didn't have a way to measure the effectiveness of its advanced search pilot program.

The Inspector General's Office unsurprisingly recommended fixes for all these issues, and CBP estimated that it would have solutions (including tighter monitoring and performance tracking) by June 30th, 2019 in most cases. Overseers said they wouldn't be happy until there was evidence CBP had mended its ways, but the plan to change is a start -- if also long overdue when device searches are on the rise.