Crossing Borders 

The Bencher—July/August 2017

By John P. Ratnaswamy, Esquire

When a lawyer crosses an international border, a client’s confidential information stored on the lawyer’s electronic device may be at risk of being obtained by government authorities.

This is a risk when crossing a U. S. border, although only a few devices may be subject to inquiry.

Searches of electronic devices at the U.S. border when travelers enter or leave the U.S. may include not only a physical inspection of these devices but also the review of information stored on them, such as emails, text messages and electronically-stored documents. CBP [Customs and Border Protection] policy permits U.S. customs agents to review any information that physically resides on travelers’ electronic devices, including those of U.S. citizens, with or without any reason for suspicion, to demand disclosure of social media and email account passwords, and to seize the devices pending an inspection.

Formal Opinion 2017-5: “An Attorney’s Ethical Duties Regarding U.S. Border Searches of Electronic Devices Containing Clients’ Confidential Information” (Committee on Professional Ethics of the Association of the Bar of the City of New York, July 25, 2017), p. 2 (fns. omitted).

Formal Opinion 2017-5 looks at the attorney’s potential duties at three points in time: (1) before crossing the border; (2) while crossing the border, if the authorities seek access; and (3) afterwards, if information was disclosed. In brief, based on New York law, the opinion concludes: (1) before crossing, a lawyer must take “reasonable efforts” to avoid disclosing confidential information in the event a border agent seeks to search the lawyer’s electronic device; (2) the lawyer may not disclose a client’s confidential information in response to a border agent’s claim of lawful authority, unless doing so is “reasonably necessary” to comply with such a claim; and (3) if there is a disclosure, the lawyer must inform affected clients. The opinion presents numerous factors affecting what are “reasonable efforts” in any given situation, also noting that as technology evolves what is reasonable evolves. The opinion states in part: “these considerations suggest that an attorney should not carry clients’ confidential information on an electronic device across the border except where there is a professional need to do so, and especially that attorneys should not carry clients’ highly sensitive information except where the professional need is compelling.” Id., p. 6 (fn. omitted). The opinion discusses, among other possible measures: encryption, “burner” devices, deleting selected files, and using secure remote access on the other side of the border. Id., pp. 7-8.

The situation can be very difficult for a lawyer when a border agent requests a device. The opinion states that attorneys should undertake reasonable efforts to dissuade the agent from reviewing confidential information or to limit the review, noting that, under regulations, a claim of legal confidentiality or privilege is supposed to trigger additional review and authorization of the request. Id., pp. 10-11. The opinion indicates that a lawyer may not have a duty to forego reentry to the United States or to allow themselves to be taken into custody pending litigation of the request. The opinion does not discuss what to do if the agent asks for a password, noting that, per a June 20, 2017, CBP policy statement, agents do not condition U.S. citizens’ reentry on the provision of passwords. Id., p. 2, fn. 3.

The American Bar Association has expressed concerns and made recommendations on this subject to the U.S. Department of Homeland Security in a May 5, 2017, letter, and in a June 29, 2017, meeting. DHS is studying the ABA’s views.

The situation can be more risky at other borders or from the other side. At the ABA Annual meeting, on August 11, the CLE program “Prying Eyes: Think Confidential and Privileged Client Information Is Safe at the Border? Guess Again” discussed many countries’ laws and practices. A summary, focused on the US, is here: The panel noted that many other countries can pose greater risks, and that some have quite harsh laws on this subject.

This is a tough subject since many lawyers feel they are “on call” at all times. We may have to do some rethinking, although technology might do a lot to help us

John P. Ratnaswamy, Esquire, is a partner in the Chicago law firm of Rooney Rippie & Ratnaswamy LLP. He also serves as an Adjunct Professor of Legal Ethics at the Northwestern University School of Law. He is a former member of the American Bar Association’s Standing Committee on Ethics and Professional Responsibility and the Hearing Board of the Illinois Attorney Registration & Disciplinary Commission. This column should not be understood to represent the views of any of those entities or John’s or the firm’s current or former clients.

© 2017 JOHN P. RATNASWAMY, ESQ. This article was originally published in the November/December 2017 issue of The Bencher, a bi-monthly publication of the American Inns of Court. This article, in full or in part, may not be copied, reprinted, distributed, or stored electronically in any form without the written consent of the American Inns of Court.