This is not a NASA Website. You might learn something. It's YOUR space agency. Get involved. Take it back. Make it work - for YOU.
IT/Web

Warning: NASA Employees: Do Not Take Your Government Phone Outside The U.S.

By Keith Cowing
NASA Watch
February 12, 2017
Filed under ,
Warning: NASA Employees: Do Not Take Your Government Phone Outside The U.S.

A US-born NASA scientist was detained at the border until he unlocked his phone, The Verge
“Seemingly, Bikkannavar’s reentry into the country should not have raised any flags. Not only is he a natural-born US citizen, but he’s also enrolled in Global Entry — a program through CBP that allows individuals who have undergone background checks to have expedited entry into the country. He hasn’t visited the countries listed in the immigration ban and he has worked at JPL — a major center at a US federal agency — for 10 years. … The officer also presented Bikkannavar with a document titled “Inspection of Electronic Devices” and explained that CBP had authority to search his phone. Bikkannavar did not want to hand over the device, because it was given to him by JPL and is technically NASA property. He even showed the officer the JPL barcode on the back of phone. Nonetheless, CBP asked for the phone and the access PIN. “I was cautiously telling him I wasn’t allowed to give it out, because I didn’t want to seem like I was not cooperating,” says Bikkannavar. “I told him I’m not really allowed to give the passcode; I have to protect access. But he insisted they had the authority to search it.”

https://media2.spaceref.com/news/2017/phonefb.jpg

NASA Watch founder, Explorers Club Fellow, ex-NASA, Away Teams, Journalist, Space & Astrobiology, Lapsed climber.

38 responses to “Warning: NASA Employees: Do Not Take Your Government Phone Outside The U.S.”

  1. TheStargazer says:
    0
    0

    Hopefully it was a “clean” phone like they normally issues government employees before international travel, though most of the coverage I have seen suggests it was his normal work phone.

  2. fcrary says:
    0
    0

    Well, that’s exactly the sort of story I like to read while I’m on the bus to the airport… I guess I was right not to bother with Global Entry; it doesn’t seemed to help this person. But I do feel sorry for anyone stuck between US Customs and Border Protection and the JPL securing people.

  3. Forrest Lumpkin says:
    0
    0

    I am a JSC civil servant and in 2013 I took my JSC issued iPhone on a work trip to the CNES facility in Toulouse, France. In order to get prior approval to take the phone, I was required to obtain an export license for the phone and review applicable IT policies and procedures. I wonder if JPL has a similar procedure?

    • fcrary says:
      0
      0

      Yes. I work with people at JPL all the time, and I’ve heard them talk about this sort of thing. I’m afraid I don’t know the exact details, but I’ve heard enough to know the policies are similar to what you describe. In general, every NASA center and every institution NASA contracts to have similar policies.

      Working at a university, I’m not expected to get export licenses. I’m required to receive training on import/export rules and every time i go out of the country, I’m reminded of what I can and can not have on my laptop. (I don’t have an institution-provided cell phone, but the policies would be the same if I did.) I’m expected to decided on the details myself, in a way which makes sure I’m the one who gets into trouble if I make a mistake. From what my friends at JPL have said, the rules there are similar but perhaps a bit stricter.

      • Forrest Lumpkin says:
        0
        0

        I doubt that I could have obtained the approval to take government owned IT equipment out of the USA if I had been on personal rather than official travel. Since the individual here appears to have been on personal travel, I just wondered if JPL has different procedures.

        Recall most employees at JPL are not civil servants. JPL, due to its Army heritage, is a Federally Funded Development & Research Center (FFDRC), unlike the other NASA centers. Most of the employees at JPL are in fact Caltech Employees.
        Recall the pushback by some at JPL a few years back with regards to background checks as mandated by HSDP-12 during the US Goverment’s push to have standardized employee badging. If I recall the pushback of those JPL employees centered on the fact that they are not civil servants. If I recall correctly, this was covered in NASAWatch.

        I would also suppose that the phone is owned by Caltech and not the US Govt. However, I would further suppose that government IT requirements are flowed thru to the JPL equipment via NASA’s contract with Caltech with regards to its management of JPL as a FFDRC. I am not sure, though, which is why I asked.

        However, I do find it interesting that a JPL employee is allowed to take JPL owned IT on personal international travel. I very seriously doubt that we would be allowed to do this at JSC without significantly justifiable rationale and approval from a very senior official (the Center Director???)

        • fcrary says:
          0
          0

          The full article explained his having a lab-owned phone while on personal travel. The explanation more-or-less matches what I’ve heard from friends who work at JPL. Some jobs require people to be contactable, in case of an emergency, even when on vacation. (Or, even at 4 AM. Having experienced that once, trust me, this is not a bounce.) In that case, lab policy allows taking a lab phone on vacation with you. I’m not sure of the details for international travel (demonstrably allowed for business travel, and apparently allowed for a weekend off after an international business trip.) I’m also not clear why this particular person was someone on call in case of emergencies. The description of his job in the article didn’t imply that.

          But different NASA centers have different policies. I have, two years ago, walked into NASA Ames after only showing a driver’s license. When I mentioned what meeting I was attending, the guard at the gate just asked if I needed directions. In contrast, I’m currently in Manrovia, California, for a Cassini meeting. Starting last year, we stopped having these meetings at JPL, because their security requirements where just too much of a barrier. (Attendee names supplied months in advance, foreign nationals not allowed to go to the toilet without an escort, etc.) So, clearly, there are differences between the practices at various NASA centers, and, as you note, JPL has a unique status as a NASA-funded but privately-managed center. But that doesn’t mean JPL is less strict in its security practices.

          And, along those lines, you mentioned the Nelson et al.
          lawsuit. HSPD-12 did not mandate specific security requirements, it ordered government facilities to have rules and policies, and to figure out what best suited their requirements. The Nelson et al. suit claimed that JPL was adopting unreasonable and unnecessary requirements. I only bring this up because JPL, during the course of the lawsuit, tried to claim they were simply following HSPD-12 requirements when they actually had quite a bit of discretion within those requirements.

          • Forrest Lumpkin says:
            0
            0

            I just wonder what is JPL’s policy regarding taking JPL IT equipment out of the country. Is prior approval required as it is at JSC?

            Surprised that 2 years ago, Ames only required a DL check for entry. That was not the case when I worked there as a Stanford graduate student and then as a civil servant from 1987-1993. I needed an Ames issued badge to gain entry. I don’t recall the background check required to get the badge (I have through a lot of background checks over the years) but I need have my finger prints taken. I assume they were checked against some criminal database. Visitors needed to be processed through the visitor center.

            Of course back then, Moffett Field was a Naval Air Station, and entrance to Ames also meant entrance to Moffett Field as there was not any physical separation between the two facilities. So, maybe things changed some time after Moffett Field was no longer a Naval Air Station?

            And in NASA v. Nelson, NASA prevailed at the Supreme Court. At JSC, during the HSDP-12 period, we all went through the background checks.

          • fcrary says:
            0
            0

            I’m not sure if JPL requires permission to take phones out of the country. I just know JPL employees who have done so, not what sort of paper work was required in advance.

            I was definitely surprised that it was so easy to get into NASA Ames. I was a student at Berkeley at the same time you were at Stanford, so I know how it used to be. As well as Moffett Field closing, Google now rents out a significant amount of space there. That might affect security requirements.

            As far as the Nelson Supreme Court ruling, it’s worth reading both it and the lower court ruling. The lower court ruling and the injunction were about the specific background check, as described by JPL, being excessive. On appeal to the Supreme Court, the lab said that was just a hypothetical example of what they might do, and the Court ruled that JPL can do background checks of an unspecified sort. They did not say anything about what might, or might not, be unconstitutionally excessive. (Although there were several concurring opinions, with some justices writing that they didn’t think any right to privacy is constitutionally protected.)

          • MarkShirley says:
            0
            0

            I think you both are right, but to clarify this …. The NASA Ames Research Park does require only a driver’s license for entry and that’s been the case since early 2002. Entering the Research Center itself requires a One NASA badge or visitor identification similar to what’s required at other NASA centers, and access to specific facilities is further restricted. Meetings with broad attendance are often held in the Research Park rather than in the center because it’s easier. Until recently, it was very easy to confuse the two, because, to enter the center, one entered the Research Park first, going past one guard before taking left and passing through a second gate with a second guard. Road construction to change that is underway now.

          • rktsci says:
            0
            0

            And now our data is in the hands of the Chinese.

  4. cb450sc says:
    0
    0

    So I was at JPL and asked this exact question – my NASA-tagged laptop may or may not have ITAR data on it, and did that mean I should stop anyone from inspecting it at the border if I didn’t know if they were allowed to see it. So I had to carry an offsite permit, and I was told explicitly that TSA or whatever had the right to search it.

  5. Colin Seftor says:
    0
    0

    It’s interesting (more like depressing) that, so far, the comments posted about this incident only talk about the technical aspects of it and blithely ignore how outrageous the conduct of Homeland Security was. Well I, for one, am horrified. And Bikkannavar was a US citizen. I shudder to think what happens if you “only” have a green card or, heaven forbid, you are visiting this country and have a foreign sounding name. Is this truly what we want from our country? I hope not.

    • Michael Spencer says:
      0
      0

      My reaction as well. Politicians in America have whipped up such a furor over ‘terrorism’ – unless you are in a few well-understood spots, chances of terror attack are near zero. The result? Election of far-right candidates, militarization of local police (does every burg need a SWAT team? really?) and lionization of ‘first responders’. TSA is stunningly intrusive and silly- thank you, inept shoe bomber- fighting last week’s war. Our rights are being eroded by complacency. and the terrorists? They’ve already won.

      Meanwhile stand in line sometime at an airport and probe gently into how your neighbor feels about the delay, or the 2-3 hour advance arrival at the airport (!). Answer: “they are keeping me safe!”

      What a country.

      • Winner says:
        0
        0

        Terrorism is the Communism of the 2000’s and 2010’s.

      • Daniel Woodard says:
        0
        0

        The damage that terrorists have done to America is insignificant compared to the damage we have done to ourselves in trying to protect ourselves. Nevertheless, there are ways we could do a smarter job of it, both ITAR and identity verification.

        • Michael Spencer says:
          0
          0

          And the whole thing could have been avoided if- wait for it- we’d followed President Carter’s insistence on finding alternatives for oil. We’d be looking at the Middle East with a ‘let them fight over it’ attitude. Imagine- actually starting in the 1970s with solar and wind.

          • DP Huntsman says:
            0
            0

            He’ll never get the recognition while he’s living; but the simple fact is, Carter was right on so many things; and we, and Earth, would be so much better off if we had listened to him.

    • Forrest Lumpkin says:
      0
      0

      By my comments I do not mean to imply that the treatment received by Mr. Bikkannavar at Houston Bush Airport was inappropriate – it was. Apologies for any depression I may caused.

      My comments stem from the fact that it is drilled into our heads that government issued IT equipment very often contains sensitive information (ITAR, SBU, PII) requiring protection from inadvertent disclosure. We are further trained that taking such equipment outside the US requires special precautions and procedures to preclude inadvertent disclosure of sensitive information to foreign players. Often it is required that the IT equipment is a specially issued “clean” piece of equipment just for that international travel. I took such a clean laptop, with prior approval, on my 2013 Toulouse trip.

      I am just wondering if the JPL procedures regarding use of government issued IT on international travel line up with those at JSC and the rest of NASA, and if they were followed in this instance.

      • rktsci says:
        0
        0

        You can’t take ITAR, SBU, or PII information out of the country without the proper paperwork, especially on a government phone.

    • fcrary says:
      0
      0

      I just didn’t think this was an appropriate forum to comment on border security.

      • SouthwestExGOP says:
        0
        0

        fcrary – I am forced to point out that this is not about border security at all but about rights of a citizen. The Constitution (a document which is often ignored) shields us from unreasonable search and seizure. Since Mr Bikkanavar is a citizen there should be some grounds for delaying him. It would be interesting to hear what the TSA thought that they could get from someone’s phone, especially since we should assume that they do not have advanced decryption capability at airports.

      • Jafafa Hots says:
        0
        0

        This is an appropriate forum to comment on whatever the blog owner decides it’s an appropriate forum to comment on.

  6. Eric Fielding says:
    0
    0

    Mobile devices issued to JPL employees these days are leased from Lockheed Martin Information Technologies, not owned by NASA. Not sure if that makes a difference.

    • kcowing says:
      0
      0

      Since when can CBP take an American citizen’s phone – government or personal – for any reason?

      • Eric Fielding says:
        0
        0

        It is my understanding that CBP has the right to inspect everything you carry with you across the border, whether you are a citizen or not. See the BoingBoing.net article yesterday “How to legally cross a US (or other) border without surrendering your data and passwords”.

        • DP Huntsman says:
          0
          0

          “Inspect” for contraband- the main reasons for Customs – is one thing; seize, record, and distribute to ALL government agencies is quite another; and yet, that’s what CBP does, and the courts haven’t stopped them yet. And THAT is a total and complete violation of the Constitution CBP has sworn to uphold and protect.

      • John Thomas says:
        0
        0

        I seem to remember hearing a few years back of boarder patrol seizing and/or requiring laptops to be unlocked of US citizens coming into the US. I think specifically it was coming from Canada.

      • Anonymous says:
        0
        0

        Please take a look at this and many other documents that can be found online explaining why such violation of the fourth amendment exists in the first place. The sad thing is that because of the very low awareness, the abusive practice has existed for many years.

        https://www.eff.org/wp/defe

        • rktsci says:
          0
          0

          That EFF article says that roughly 5 US citizens per day have their electronic devices searched each day by CPB.

      • fcrary says:
        0
        0

        That was one of the fun parts in that article. Apparently, and according to that article, they can “physically” search them. They can do that with any personally property you take into the country. I think that’s the C part of CBP. But they can’t force you to give them the password. Despite that, they can, apparently imply you have to give them the password, drag their feet, and generally intimidate people into providing passwords.

      • Lawrence Wild says:
        0
        0

        Keith, this is how the government views it. https://www.cbp.gov/travel/
        and this is, presumably the blue sheet that Mr. Bikkannavar was handed https://www.cbp.gov/sites/d
        Certainly they seem to feel they can inspect anyone’s things regardless of citizenship or entry status or anything else. Their white paper on this available at https://www.cbp.gov/faqs/wh… certainly cites a number of legal decisions as granting them authority in it’s footnotes.
        Not saying they are right, not saying they are wrong. I’m not a lawyer. But I thought out of a sense of even-handedness I would point out the position as the Customs and Border police see the situation.

      • rktsci says:
        0
        0

        Customs has the right to search anyone entering the US, including a body cavity search, and search all their belongings. Until they admit you, you aren’t in the US and they can search you for any reason whatsoever. They also do random searches all the time.

        I’ve been searched by them on returning from a scuba trip. All my bags were opened and rummaged through. Other times I’ve been waved through after presenting my declaration form. And I’m a white male.

  7. AnnInCleveland says:
    0
    0

    As a matter of security practice, we instruct our employees to never take any device with NASA data on it outside the U.S., whether the travel is personal or professional. The only exception is if they are presenting NASA funded work at an international conference, and then we give them a sanitized laptop with their NASA-approved presentation on it. All our employees are citizens but anyone can be searched upon re-entry into the U.S. Prior to the current climate, the primary worry seemed to be unauthorized access to NASA data by foreign entities; I don’t think that has changed.

  8. Anon Ymous says:
    0
    0

    Am I the only one thinking there might have been ANOTHER reason for his being detained? Should this really be a warning to ALL NASA employees?

  9. DP Huntsman says:
    0
    0

    I’m surprised that no one here has suggested why this one native-born American citizen, who works at a Federal laboratory and not only had done nothing whatsoever suspicious but was a Global Entry-enlisted person, was stopped at all.

    The only thing I can think of: He’s a dark-skinned American of Indian descent. I honestly can see nothing else here.

  10. Tally-ho says:
    0
    0

    My takeaway, he was using Facebook on his government phone. Oops, shouldn’t have let that out.

  11. gelbstoff says:
    0
    0

    I am asking the legal office for an opinion. If it was my personal IT equipment (and if traveling without family), I would just say no. Customs has extra-constitutional powers at the border. I think this is wrong.
    G.