Business travelers will soon need to carry the name of their corporate lawyer in addition to their passport when returning home to the United States, and they may need to bring with them a different business laptop as well. This is because U.S. Customs can search and confiscate your laptop without any prior cause, according to policies that have been posted online since a Ninth U.S. Circuit Court ruling in April.
Alice Stitelman, a consultant who writes about e-mail usage and legal matters, says this is just one example of "what you don't know about legal computer issues [that] can hurt you. Many business users mistakenly believe that their data is private -- whether it is on their laptop, cell phone, or mobile device. In fact, they should have no expectation of privacy. Users have much less control over who reads their data than they may realize."
There are other examples of new regulations and policies that will have a profound impact on business technology policy in the coming years. As legal battles over content filtering, Net neutrality, tracking Web history, and laptop searches ensue, corporate IT managers will need to rethink their strategies on how they implement cloud computing, formulate their e-discovery and records retention policies, and safeguard business data carried by traveling executives using various mobile devices.
Confiscated laptops: Time to revise data access strategies for execs
The Department of Homeland Security has reaffirmed its policy that lets it search, copy, or even impound your employees' laptops when they return to the United States. This is completely at the security screeners' discretion, and applies to anyone entering the country -- citizens and noncitizens alike. Security consultant Jeff Bardin, writing on the CSO Online blog, calls it a "virtual strip search" and cautions somewhat facetiously, "I'd best not forget to take the microdot off the woolly boogers that collect in my pockets."
But all kidding aside, this policy is very much a reality and not just for the tin-hat paranoids. "It definitely has been happening more and more recently, and we have gotten lots of complaints," says Danny O'Brien, the international outreach coordinator for the Electronic Frontier Foundation, an advocacy group.
"A CEO I know was detained and his computer's hard drive was copied and returned," says David Burg, a principal at PricewaterhouseCoopers' advisory and forensics practice. As a result, his client's company has changed its practice, so "employees aren't allowed to travel outside their home countries with their standard-issue laptops," he says. Instead, they are issued bare-bones laptops that have very little corporate data and use VPNs to communicate securely back to their offices.
Other countries are also randomly inspecting laptops: "Canada has been looking for child pornography on laptops entering their country," says John Pescatore, a Gartner security analyst and a former security engineer for the U.S. Secret Service. "It is hard for anyone to argue against that." And as more countries claim the right to copy or confiscate laptops -- or, worse, to install monitoring software -- soon this idea of having a "travel laptop" will become more common practice so that sensitive corporate data is left behind.
"Given that the majority of corporate PCs are laptops now, your data is now more vulnerable," says the EFF's O'Brien.