Safeguarding confidential information, border searches, and your devices

In February, I will have the opportunity to be part of a panel discussion in Vancouver, Canada at the mid-year meeting of the Association of Professional Responsibility Lawyers focused on privacy and client confidentiality issues.

We will discuss quite a few interesting topics, including something that likely isn’t on the radar of as many U.S. lawyers as it should be — the EU’s General Data Protection Regulation which will become effective on May 25, 2018.  I plan to find some time on another day to write a bit more about that, but for today I just want to offer up a short-ish update on something talked about here before (and that we will also discuss in Vancouver) – concerns for lawyers when crossing the border back into the United States if Customs and Border Patrol demand access to electronic devices.

With a thankful tip of the hat to Wendy Chang with Hinshaw & Culbertson who alerted me to its existence, I can possibly alert you to the fact that CBP put out a new Directive on the topic of border searches of electronic devices on January 4, 2018.  You can go read the full document here.

The piece of it I want to spend just a moment or two elaborating on is the new guidance it provides in Section 5.2 “Review and Handling of Privileged or Other Sensitive Material.”

Before doing so though it makes sense to lay out for you what CBP’s prior directive on this topic indicated – which was dated August 20, 2009 and can be found here.  Section 5.2.1 of that directive provided as follows:

Officers may encounter materials that appear to be legal in nature, or an individual may assert that certain information is protected by attorney-client or attorney work product privilege.  Legal materials are not necessarily exempt from a border search, but they may be subject to the following special handling procedures:  If an Officer suspects that the content of such a material may constitute evidence of a crime or otherwise pertain to a determination within the jurisdiction of CBP, the Officer must seek advice from the CBP Associate/Assistant Chief Counsel before conducting a search of the material, and this consultation shall be noted in appropriate CBP systems of records.  CBP counsel will coordinate with the U.S. Attorney’s Office as appropriate.

Now, assuming that meant what it implied, that seems to paint the guidance as being in the nature of:  if an attorney tells you that something you want to look at is a problem because it is privileged information, then you don’t proceed further with trying to look at it unless you suspect that it might be evidence of a crime or otherwise something that impacts CBP’s jurisdiction (i.e. you really think that maybe the person shouldn’t be let into the country unless you can read what that is).  And, if so, you first have to start talking with a lawyer for the CBP about whether to do so.

Now compare that to the much more extensive language on this issue in the new directive.   (Spoiler alert:  it appears to me to be more extensive but less friendly to traveling lawyers.)

5.2.1  Officers encountering information they identify as, or that is asserted to be, protected by the attorney-client privilege or attorney work product doctrine shall adhere to the following procedures.

5.2.1.1  The Officer shall seek clarification, if practicable in writing, from the individual asserting this privilege as to specific files, file types, folders, categories of files, attorney or client names, email addresses, phone numbers, or other particulars that may assist CBP in identifying privileged information.

5.2.1.2  Prior to any border search of files or other materials over which a privilege has been asserted, the Officer will contact the CBP Associate/Assistant Chief Counsel office.  In coordination with the CBP Associate/Assistant Chief Counsel office, which will coordinate with the U.S. Attorney’s Office as needed, Officers will ensure the segregation of any privileged material from other information examined during a border search to ensure that any privileged material is handled appropriately while also ensuring that CBP accomplishes its critical border security mission.  This segregation process will occur through the establishment and employment of a Filter Team composed of legal and operational representatives, or through another appropriate measure with written concurrence of the CBP Associate/Assistant Chief Counsel office.

5.2.1.3  At the completion of the CBP review, unless any materials are identified that indicate an imminent threat to homeland security, copies of materials maintained by CBP and determined to be privileged will be destroyed, except for any copy maintained in coordination with the CBP Associate/Assistant Chief Counsel office solely for purposes of complying with a litigation hold or other requirement of law.

So, it does seem to me that this more extensive guidance is likely good for protecting privileged materials from improper use if actually reviewed and held and does seem to be clearer guidance about how CBP could go about, for example, reviewing some information on an electronic device but segregating items asserted to be privileged or work-product.  But it also seems to me that this guidance does not move the needle in a helpful direction for lawyers who want to attempt to protect review of their client’s information at all by asserting privilege as it both (1) imposes a more onerous process on the lawyer to do so (including the potential for demanding something in writing akin to a privilege log) and (2) appears to drop what was at least the implication of the prior directive that the assertion alone is likely enough to move the burden over to CBP to justify trying to do something further.

Which also makes me think that any attorney put in this situation is, at the very least, not going to be making any connecting flight if they seek to protect client materials from review.

Of course, neither the older directive nor this directive even mentions things that attorneys have to treat as confidential under their ethical obligations even though not privileged, which remains unfortunate.  But I am interested in hearing from anyone wanting to weigh in about whether you think I am misreading this guidance and that this directive is better for lawyers than the 2009 directive.