The Uncertain World of Passwords and Border Searches


Guest Blog by Craig Zawada, Q.C., WMCZ Lawyers, Saskatoon, SK, Canada.

Searches are the unfortunate norm for today’s air travel. While there are constitutional protections against unreasonable search and seizure in both Canada and the United States, the rules differ when a traveler is “voluntarily” submitting to security checks at an airport.

Virtual Baggage

We are used to having our luggage inspected when we fly. What about our virtual baggage? Few travelers go anywhere without a smartphone, laptop or tablet, and often carry all three. The information on these devices can be more private than the belongings in our suitcases. This is a particular problem for lawyers.

Consider a recent Canadian case. Similar situations have arisen in the United States and other countries, but we are still waiting for the law to solidify into something more certain.

In March, 2015, Alain Philippon was returning to Canada from the Dominican Republic. Canada Border Services Agency officers pulled him aside for additional screening. They found a large amount of cash, traces of cocaine on his suitcase and two phones. As part of the search, he was asked to provide access to one of the phones, a Blackberry which was password-protected. He refused to provide the password and was charged under Canada’s Customs Act for hindering an officer in the performance of his duty.

Password Access

The CBSA’s position is that they have the right to demand and receive password access to any item which passes through security. However, the Canadian Charter of Rights and Freedoms provides in s. 8 that everyone has “the right to be secure against unreasonable search or seizure.” The constitutionality of the Customs Act in light of the Charter has not been tested, and observers were looking forward to a court pronouncement.

In August of this year, however, Philippon decided to forego a trial, pled guilty and was fined $500.

Thus, we still do not have any authoritative ruling on the ability of Canadian officials to pry into electronic devices, at least for purposes of air travel. The Supreme Court of Canada has ruled in ordinary search situations that a suspect may be required to divulge a password, but they did put restrictions on this power. That case involved criminal laws that do not necessarily apply to air travelers.

Solicitor [Lawyer]/Client Privilege

It would be nice to be able to wait several years for courts in North America to sort this out, but life goes on. And it may be a genuine problem for lawyers, since the uncertainty collides with another core right – solicitor [lawyer]/client privilege.

Lawyers who are traveling and face a request for access to their electronic data are in a difficult position. They can refuse to provide access, citing a potential breach of client confidentiality, and then face possible consequences from border personnel. These could range from missing the flight to seizure of the equipment, or even incarceration. On the other hand, providing the passwords could allow a breach of the privilege, leaving the lawyer open to consequences in another forum.

Possible Strategies

There is no easy answer. There are several possible strategies.

Don’t take it with you. One of these should be considered long before going to the airport. Given the current uncertainty, lawyers must assume that any information they carry when flying will be open to inspection, no matter how much protection or encryption they have applied. The obvious solution is to not take such information with you. Wipe laptops, tablets and phones of all data before going to the airport. Better yet, take a completely virgin machine that never had confidential information on it.

Use cloud storage: How practical is this? There are obvious problems. A brand new computer or phone is useless without data. Even just loading the basics, like a phone contact list, exposes potential confidential client information. How much of that can be exposed is up to the user, but one way of handling information, particularly confidential material, would be to use cloud storage. Good security practices must be applied, but the traveler could store everything in the cloud and then only access it when safely ensconced in the destination country. Safeguards must be used, obviously, because the safety of information in the cloud remains controversial. It still may be the least risky way of keeping information out of prying hands.

Use persuasion to work toward a win-win solution. If you do find yourself before a border agent who is requesting access, law is subordinate to persuasion. Yes, you can pull the “Do you know who I am? I’m a lawyer!” tactic and start shouting about constitutional rights. That is a risky, and probably unsuccessful strategy. Your better bet is to try and work with the officers to find a solution that works for everyone. Ask to speak to a supervisor, if possible. Talking to him or her away from the original agent may also help keep personalities out of the equation. Explain that you are a lawyer, that you have information for which you are professionally obliged to maintain secrecy, and try to persuade them that a data search is unnecessary and will be more trouble than it is worth.

Every situation will be different, of course, and you may have to work out some interim measures until more or different considerations can be applied. Measures taken might include sealing the device(s) until a court can rule on your case. This is another reason you should not keep your life history on a single device when traveling—it might not follow you to your destination. While trying to work things out, fight strongly but reasonably to protect your client information.

These are not guaranteed solutions, I know. Many will complain about having to do all this, but unfortunately, this is the landscape today. Be aware of the issues and plan to get around them in advance.

WMCZ Portraits 2012


Craig Zawada, Q.C. is a lawyer with WMCZ Lawyers in Saskatoon, SK, Canada. A graduate of Osgoode Hall Law School in Toronto, Craig specializes in intellectual property and privacy law issues. WMCZ is a full-service law firm, including debt recovery and litigation services.

Categories: Business Relationships, Canadian Debt Collection Law, Canadian Law, Compliance, NL Insider, Outsourcing

Tags: , , , , , , , , , , ,

Leave a Reply

%d bloggers like this: