Ride the Lightning

U.S. Born NASA Scientist Detained at Border Until He Unlocks NASA Phone

February 23, 2017

It was very unnerving to read a story in The Verge about the detention of NASA scientist Sidd Bikkannavar who flew back into the United States after spending a few weeks abroad in South America. An employee of NASA's Jet Propulsion Laboratory (JPL), Bikkannavar had been on a personal trip, pursuing his hobby of racing solar-powered cars.

Bikkannavar is a veteran international traveler but his return home was hardly routine. Bikkannavar left for South America on January 15th, under the Obama administration. He flew back from Santiago, Chile to the George Bush Intercontinental Airport in Houston, Texas on January 30th, just over a week into the Trump administration.

Bikkannavar says he was detained by US Customs and Border Patrol and pressured to give the CBP agents his phone and access PIN. Since the phone was issued by NASA, it may have contained sensitive material. Bikkannavar's phone was returned to him after it was searched by CBP, but he doesn't know exactly what information officials might have taken from the device.

The JPL scientist returned to the US four days after the signing of a sweeping and controversial executive order on travel into the country. The travel ban caused chaos at airports across the United States, as people with visas and green cards found themselves detained, or facing deportation. Within days of its signing, the travel order was stayed, but not before more than 60,000 visas were revoked, according to the US State Department.

Seemingly, Bikkannavar's reentry into the country should not have raised any flags. Not only is he a natural-born US citizen, but he's also enrolled in Global Entry, a program through CBP that allows individuals who have undergone background checks to have expedited entry into the country. He hasn't visited the countries listed in the immigration ban and he has worked at JPL for 10 years.

Bikkannavar says he arrived into Houston early Tuesday morning, and was detained by CBP after his passport was scanned. A CBP officer escorted Bikkannavar to a back room, and told him to wait for additional instructions. About five other travelers who had apparently been affected by the ban were already in the room, asleep on cots that were provided for them.

About 40 minutes went by when an officer appeared and called Bikkannavar's name. "He takes me into an interview room and sort of explains that I'm entering the country and they need to search my possessions to make sure I'm not bringing in anything dangerous," he says. The CBP officer started asking questions about where Bikkannavar was coming from, where he lives, and his title at work. It's all information the officer should have had since Bikkannavar is enrolled in Global Entry. "I asked a question, 'Why was I chosen?' And he wouldn't tell me," he says.

The officer also presented Bikkannavar with a document titled "Inspection of Electronic Devices" and explained that CBP had authority to search his phone. Bikkannavar did not want to hand over the device, because it was given to him by JPL and is technically NASA property. He even showed the officer the JPL barcode on the back of phone. Nonetheless, CBP asked for the phone and the access PIN. "I was cautiously telling him I wasn't allowed to give it out, because I didn't want to seem like I was not cooperating," says Bikkannavar. "I told him I'm not really allowed to give the passcode; I have to protect access. But he insisted they had the authority to search it."

Courts have upheld customs agents' power to manually search devices at the border, but any searches made solely on the basis of race or national origin are still illegal. More importantly, travelers are not legally required to unlock their devices, although agents can detain them for significant periods of time if they do not. "In each incident that I've seen, the subjects have been shown a Blue Paper that says CBP has legal authority to search phones at the border, which gives them the impression that they're obligated to unlock the phone, which isn't true," Hassan Shibly, chief executive director of CAIR Florida, told The Verge. "They're not obligated to unlock the phone."

Nevertheless, Bikkannavar was not allowed to leave until he gave CBP his PIN. The officer insisted that CBP had the authority to search the phone. The document given to Bikkannavar listed a series of consequences for failure to offer information that would allow CBP to copy the contents of the device. "I didn't really want to explore all those consequences," he says. "It mentioned detention and seizure." Ultimately, he agreed to hand over the phone and PIN. The officer left with the device and didn't return for another 30 minutes, when he gave the phone back, though Bikkannavar is not sure what happened during the time it was in the officer's possession.

When it was returned he immediately turned it off because he knew he had to take it straight to the IT department at JPL. Once he arrived in Los Angeles, he went to NASA and told his superiors what had happened. Bikkannavar can't comment on what may or may not have been on the phone, but he says the cybersecurity team at JPL was not happy about the breach. Bikkannavar had his phone on hand while he was traveling in case there was a problem at work that needed his attention, but NASA employees are obligated to protect work-related information.

Bikkannavar was left wondering what the point of the search was, and he's upset that the search potentially compromised the privacy of his friends, family, and coworkers who were listed on his phone. He has since gotten a completely new device from work with a new phone number.

Bikkannavar says he's still unsure why he was singled out for the electronic search. He says he understands that his name is foreign — its roots go back to southern India. He didn't think it would be a trigger for extra scrutiny.

As many readers know, companies like Elcomsoft make forensic software that can image your phone and retrieve all your photos, contacts — even passwords for your e-mail and social media accounts — in a matter of minutes. Their customers include the police forces of various countries, militaries, and private security forces. They can use these tools to permanently archive everything there is to know about you. All they need is your unlocked phone.

My personal fear is that we will hear of more and more incidents like this and that more and more people will not travel with business phones (and maybe not personal ones). You can rent phones with data plans at most international airports. Depending on where you travel, you may have to worry about the phones coming with "a little something extra." Businesses need to keep an eye on this and be prepared to issue clean "loaner" phones – and maybe laptops as well, specifically designed to be taken abroad and (perhaps) to be wiped before returning. What a world . . .

E-mail: Phone: 703-359-0700
Digital Forensics/Information Security/Information Technology
http://www.senseient.com
http://twitter.com/sharonnelsonesq
http://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson