New U.S. Customs and Border Directive Further Undermines Solicitor-Client Privilege

Canada’s Law Societies and Government Must Provide Assurances and Seek Protections for Lawyers Crossing Canada/U.S. Border

Written by
Jacob Marchel (Associate)

Overview

On January 4, 2018, U.S. Customs and Border Protection (“CBP”) issued a new directive on the subject of “Border Search of Electronic Devices” (“the Directive”). The Directive sets out a new policy about the extent to which U.S. CBP agents are authorized to inspect the electronic devices (e.g. laptops, tablets, smartphones, etc.) of travellers crossing the U.S. border. The U.S. Department of Homeland Security (“DHS”) justified the measures as necessary to combat crimes like terrorism, human smuggling, and child pornography.

Although the controversial Directive potentially inconveniences any Canadian crossing the U.S. border, it creates a particularly serious problem for Canada’s lawyers, as it could have severe detrimental effects on lawyers’ ability to preserve solicitor-client privilege (a.k.a. attorney-client privilege).

While the Directive establishes special conditions for the review and handling of privileged (and other sensitive) materials, practically speaking, it does little to safeguard solicitor-client privilege to the degree necessary to uphold such an important and fundamental principle of the justice system.

Therefore, Canada’s Federation of Law Societies, and the Canadian government, should respond to the Directive and other border security policies with the guidance, assurances, and legislation required to ensure that privileged client information -- accessible on the electronic devices of lawyers crossing the U.S./Canada border -- is adequately protected from disclosure to U.S. CBP agents/Canada Border Services Agency (“CBSA) officers. Whether, and how, they will respond ultimately remains unclear.

The Directive

The Directive (CBP Directive No. 3340-049A) allows agents to demand a passcode to open a traveller’s laptop, smartphone, etc. without probable cause. Also, if agents consider it necessary (e.g. for national security purposes) they may connect a traveller’s electronic device to a hard drive and copy its contents for analysis. This more “Advanced Search” requires approval of a supervisor of a certain rank.

Additionally, if the device cannot be accessed, agents can simply fill out a form, provide a receipt to the traveller, and then detain the device for up to five days. Detentions beyond five days can occur, but a higher ranked official must approve the extended detention.

Travellers can be present during a search, but they cannot see the screen. Travellers must be notified of the purpose for a search, but there are exceptions to those rights (e.g. national security purposes). Travellers must also be informed as to how they can report their concerns about the search, searches must be documented, and regular audits must be done ensuring agents are following the rules.

Search limits

Despite granting such broad powers, the U.S. DHS Secretary Kirstjen Nielsen confirmed in a recent Senate hearing that the Directive does contain some limits. For example, while agents can search the data that is saved on your smartphone, they cannot then use that smartphone to access and download anything that might be stored remotely (e.g. files on ‘the cloud’, online accounts, etc.). During searches agents are instructed to tell travellers to shut off their signal (e.g. go to ‘airplane mode’) to ensure that remote files are not downloaded accidentally. If warranted by security concerns, the Directive also allows agents to shut off this connection themselves.

Finally, any copies of information held by U.S. CBP must be destroyed, and any seized electronic devices must be returned -- unless there is probable cause for an exception (e.g. a national security concern).

Review and handling of privileged and sensitive martials

The Directive states that lawyers can claim solicitor-client privilege and specify which particular files are ‘sensitive’ – doing so in writing if practically possible. However, claiming privilege does not necessarily prevent an agent from viewing such files. It simply means that an agent is first required to consult with CBP legal counsel, and the U.S. Attorney's Office, to determine which files should be “segregated” from the search being conducted.

Other sensitive materials, such as journalists' notes, medical records, and proprietary business/commercial information must be handled in accordance with other CBP policies and U.S. federal law (e.g. privacy and trade-secrets legislation). Notably, it appears that copies of privileged materials can still be made, but must subsequently be destroyed when found to be privileged, provided that nothing is identified in the materials indicating there is an imminent threat to homeland security. However, CBP legal counsel can hold on to such information for the purposes of complying with certain laws, including under a “litigation hold” -- a term that is not expanded upon or clearly explained in the Directive.

 

Ultimately, the Directive states that any information determined to be protected by law as privileged, or sensitive, can “only be shared with agencies or entities that have mechanisms in place to protect appropriately such information, and such information will only be shared in accordance with this Directive.”

 

Although these measures are touted as addressing the need to protect privileged materials, an overview of what the Directive could mean in practice for Canadian lawyers travelling to the U.S. indicates that some significant concerns remain unaddressed.

Risks and Liabilities for lawyers and their clients

Solicitor-client privilege is a fundamental principle of Canada’s justice system, and maintaining privilege is integral to the public's confidence in the administration of justice. The Supreme Court of Canada (“SCC”) has said that in order for it to be meaningful, solicitor-client privilege must remain as close to absolute as possible.  Nevertheless, the Directive, much like some current contentious Canadian laws and policies, has the potential to significantly and unnecessarily undermine solicitor-client privilege.

The professional and legal obligations surrounding the holding and managing of privileged materials are very serious and particular, and a border search would not typically meet the high threshold for permitting disclosure of these materials. Moreover, it is not up to a lawyer to waive the clients’ right to privilege.  When faced with a request under the Directive, a lawyer would potentially need to receive consent from all of the clients whose information is stored on an electronic device surrendered for inspection. A significant consequence of the Directive is that lawyers subject to a search of their devices may find themselves choosing between potentially violating solicitor-client privilege, being refused entry to the U.S. as a result of not consenting to a search, or having themselves or their devices detained while claims of privilege are considered at the border. None of these options are preferred, and all put the effective representation of clients in jeopardy.

Despite the protections set out in the Directive, if the information on a lawyer’s device is copied or retained, there are no absolute assurances as to how that information might be used with respect to that lawyer, or their clients. Furthermore, there is no way of knowing, at the time the device is surrendered, how the information accessed by an agent will be shared/held and for how long.

This issue is also particularly interesting at a time when Canada will soon legalize personal cannabis use, and allow private companies to cultivate and sell cannabis for recreational use. In contrast to the situation in Canada, the U.S. Attorney General, Jeff Sessions, recently rescinded Obama administration policies that adopted a non-interference policy with ‘marijuana-friendly’ state laws, causing conflicts as cultivation, possession, and sale of cannabis for recreational use is still illegal under U.S. federal laws, but decriminalized or legalized under some state laws. So, in this instance, if a Canadian lawyer representing a legal Canadian cannabis company comes into the U.S. to provide legal advice arising from the development of a business, or establishing a trade partnership, how would the CBP be expected to handle any information pertaining to that Canadian company accessible on the lawyer’s devices?  Would the CBP acknowledge privilege and destroy any information concerning this client accessed during a search under the Directive? Or, alternatively, would the lawyer and the information be detained (or the lawyer even arrested) for participating in the violation of U.S. federal law? The vague powers authorized by these types of directives create a clear point of concern that could extend to many other areas of law and business.

Another important consequence to consider is how such directives may affect a lawyer’s insurance coverage/protections. For example, if privileged business or commercial information (e.g. confidential documents about a pending-IPO) carried by a lawyer at a border is viewed by a border agent, and is subsequently somehow leaked to the public, who bears the direct financial liability? Can the affected business/party sue the border agency, a particular agent, the law firm, the individual travelling lawyer, some, all, or none? Again, these broad new powers create many concerns, and offer few (if any), assurances. So not only should lawyers be worried, but so too should their clients.

How Canadian courts, government, and lawyers have responded to these issues

The Canadian Courts

In December 2013, in the case of R. v. Vu, lawyers successfully argued before the SCC that specific prior authorization (e.g. in a warrant) is needed to search an individual’s computer and similar devices  – or else risk violating that person’s section 8 Charter right protecting them against unreasonable search and seizure. Following Vu, in the 2014 case of R. v. Fearon, the SCC once again dealt with smartphone searches. However, the issue in that case addressed searches that were ‘incidental’ to an arrest. The SCC decided that in such situations, a search can occur lawfully without a warrant as long as the search has a relevant law enforcement purpose, it is not indiscriminate, and officers take detailed notes recording what is searched and how it is searched. Ultimately, given these SCC decisions, it seems that Canadians legally crossing the border should have a reasonable expectation of privacy in respect of the information on their devices.

The Canadian Government

Although this may seem to be the logical extension of the case law, the Canadian government has consistently argued that Canadians do not have a reasonable expectation of privacy in these circumstances. Section 99(1)(a) of Canada’s Customs Act allows CBSA officers to, “at any time up to the time of release, examine any goods that have been imported and open or cause to be opened any package or container of imported goods and take samples of imported goods in reasonable amounts.” In contrast to the U.S. Directive, Canada’s Customs Act has no specific authorization to access privileged information and provides no mechanism to protect privilege. Overall, the Canadian government permits smartphones, laptops, and other electronic devices to fall under the definition of ‘goods’, and thus travellers should not expect the same degree of personal privacy at border crossings as they would in other scenarios within Canada.

If the Canadian government authorizes such policies, it seems clear that they do not expect a more protective regime on the U.S. side of the border. In August of 2017, Canada’s Privacy Commissioner, Daniel Therein, echoed this sentiment when he told a House of Commons Committee that:  “Canadians should not cross into the U.S. if they’re unwilling to have their devices searched.”

Domestically, the issues of technological advances, border security, and encroachment on civil liberties has been further magnified by two recent bills, Bill C-21, An Act to Amend the Customs Act, and Bill C-23, Preclearance Act, 2016. Both increase officers’ powers of examination, collection, interrogation, detention, and disclosure at the border. Bill C-21 requires international carriers to collect and hand over detailed biometric information on all travellers departing Canada, as well as expands the role of the CBSA with controlling the exit of goods and people from Canada. While Bill C-23 expands the powers of foreign officers operating on Canadian soil.

Canadian Lawyers

The Canadian government’s view that travellers should have limited expectations of privacy during border searches conducted by customs officers is being challenged by some Canadian lawyers. For example, in May of 2017, the President of the Law Society of British Columbia, Herman Van Ommen, voiced his concerns about Canada’s border policies in a letter written to the Canadian government. He reiterated the findings by the SCC that the protection of solicitor-client privilege “must be as close to absolute as possible.”

 

However, as of January 2018, only B.C.’s Law Society has officially questioned Canada’s border policies, and to date, no law society has explicitly addressed the concerns resulting from similar policies in the United States. As this article is written in late January, there has been no specific response to the U.S. Directive by any of Canada’s law societies.

The Canadian Bar Association has also taken a position on the the issue. They recently voiced their concerns with Bill C-23 before the Senate Security and National Defence Committee, also releasing a comprehensive report in 2017, and as far back as 2008 they published practical advice to lawyers for securing devices before crossing the border. In the decade that has passed, the specific policies requiring lawyers to consider such measures may have changed, but much of the advice given -- and lawyers’ responses -- remain relatively the same.

Before crossing the border, it is becoming increasingly common for lawyers to:

  1. travel with no physical paperwork;

  2. carry only ‘dummy’ electronics (i.e. devices with no saved files/information stored on them);

  3. use only a ‘burner’ (i.e. single use) cellphone;

  4. save all files to a cloud server before travelling and then access files with ‘dummy’ devices only upon reaching their destination; and

  5. while travelling, put their devices on ‘airplane’ mode – essentially ‘going dark’ while travelling.

The end result is that if travelling to the U.S., a Canadian lawyer may choose to seriously limit the way they work rather than risk U.S. border agents gaining access to privileged information.

Ironically, one might reasonably expect a traveller crossing the U.S. border possessing only a burner cellphone, and a wiped computer, to raise ‘red flags’ for U.S. CBP and provide a clear justification for additional searches and screening. Arguably, this policy puts lawyers in a ‘Catch 22’ situation in which doing what is necessary to minimize the risk of disclosure of their clients’ privileged information may actually disproportionately increase the risk of being subjected to this type of search.

Although such practices may now become standard procedure, they are obviously inconvenient and sometimes impractical or not feasible. It all depends on the time available, the technical knowledge/comfort, and financial resources of a travelling lawyer. Some older lawyers may not be comfortable with the technology required to work in this way, and smaller firms, or solo practitioners, might not be able to afford high-security cloud-based third-party servers, ‘dummy’ devices, or burner phones. Regardless of whether a lawyer takes these extraordinary measures or not, when faced with this type of search lawyers should, at a minimum, clearly communicate their objection to the search, assert privilege over the materials that should be protected by solicitor-client privilege, and ensure that their objections/assertions are put in writing or otherwise recorded. Establishing a record of these actions will be critical to a lawyer responding prudently to any future allegations of professional misconduct or violations of professional obligations resulting from a search of their electronic devices.

What Law Societies and the Federal Government should do

Border inspections of electronic devices have increased exponentially and will likely continue to grow. U.S. border agents searched 30,200 phones and other devices last year. This is a nearly 60 percent increase from 2016, although U.S. officials say a negligible percentage of overall travellers (i.e. 0.007 percent, or roughly one per 13,000) are subjected to such searches. Although the odds of any given lawyer being subjected to this kind of search may be low, the potential for the erosion of solicitor-client privilege, and the lack of assurance that lawyers have about their ability to protect privileged information from disclosure during a search, remain significant issues nonetheless.

Therefore, all Canadian law societies should release official statements clearly outlining how they interpret, and to what degree they support or disagree with, these Canadian and U.S. policies -- including the new U.S. Directive. Moreover, law societies and professional legal insurance providers need to provide clear direction confirming that lawyers who assert privilege, but still have their devices inspected (during which privileged information may be accessed), remain insured, are not in violation of their professional and legal obligations to their clients, nor will they be found guilty of professional misconduct as a result.

Preferably, as proposed by Mr. Van Ommen, law societies should also urge the Canadian government to consult with the U.S. CBP to coordinate a uniform, bilateral approach, to safeguard privileged electronic information at border crossings between Canada and the U.S.

Moreover, Canadian law societies have easy-to-access, publicly available membership registries that identify practising lawyers.  These listings could easily be consulted by border agents to confirm that individuals asserting solicitor-client privilege are indeed lawyers, and are entitled to assert privilege.

Ultimately, electronic devices, such as laptops and smartphones, are now a vital part of how lawyers work and communicate with their clients. Given the potential for the Directive, and other developing border security policies, to erode solicitor-client privilege at border crossings, additional guidance and new legislative enactments are needed that leave no room for doubt regarding how border agents and lawyers can, and should, behave when handling privileged information. In the absence of such changes, the vital technologies lawyers rely on to do their work may put in jeopardy the ‘close to absolute’ protections that robust solicitor-client privilege demands.

Note: the author, Jacob Marchel, would like to thank Teresa Meadows, of Meadows Law, for providing her input and guidance with the research and writing of this article.

Image provided by CC0 Creative Commons

 

Disbrand