More U.S. Border Patrol agents may have access to personal information collected from electronic devices searched at U.S. borders—even if it is immaterial to their work—due to a shift in how Customs and Border Protection manages digital forensic data across the enterprise.
A July 30 privacy impact assessment clarified the Border Patrol can conduct device searches under a CBP directive, and spelled out risks from using a software called PLX to create an agencywide system of record for all digital searches conducted at U.S. borders and ports of entry.
“By using PLX, [Border Patrol] will standardize the way it collects, retains, and uses information derived from digital forensic cases and data obtained from telecommunications providers pursuant to subpoenas or warrants,” the report reads.
PenLink, a technology company based in Lincoln, Nebraska that works with law enforcement agencies across the U.S., provides the software.
PLX doesn’t store the data from device searches, it allows agents to manage and analyze the metadata from such searches. Data is collected during border crossings using a variety of extraction tools to create a “mirror copy” of the data on the device. That data is then sent to a local network for storage. Information from the analysis of the data is transferred on a thumb drive to PLX.
The assessment highlights that a Border Patrol agent could potentially access the metadata, even if the agent has no connection with the investigation. The assessment states the agency will mitigate this by limiting access to trained forensics experts.
The privacy analysis also states concerns related to providing ..
Support the originator by clicking the read the rest link below.
