Security

Watch the Net Neutrality Senate Livestream on June 11th

Since I care (as we all should) about privacy, security, government surveillance, third-party trackers, and all the other downsides that have already happened to this thing we love called the internet, WE ALL need to stand up and make our voices heard about the recent bill passage to gut net neutrality. That's why I just donated (and have continued to donate) to the Fight for the Future cause and will be watching the livestream next Tuesday, June 11th, to see what is happening and to leverage social media to bring attention to it.

What’s happening?

One year ago, Big Cable’s dream came true: they killed net neutrality, giving ISPs like Comcast, Verizon, and AT&T control over what we see and do online. Millions of people demanded that Congress restore net neutrality. In response, the House of Representatives passed the landmark Save the Internet Act. But Senate Majority Leader Mitch McConnell — who has taken over $1 million in campaign donations from Big Cable — is refusing to allow his branch of Congress to vote on this popular bill. So on June 11th, net neutrality supporters in the Senate will try to force a vote using a procedure called “Unanimous Consent.”

How can you help?

We’re organizing an epic livestream so that millions of everyday people just like you can watch their lawmakers, and hold their lawmakers accountable for their actions … or inaction. Fill out the form above and tell Congress why you support net neutrality. We'll make sure your comment gets hand-delivered to Congress, and we'll be reading our favorite comments during the livestream on June 11th. You can also spread the word on social media to make sure everyone knows what's happening.

Watch the livestream on June 11th

There is a Dangerous Problem with the Honda Clarity

My wife and I had a terrifying loss of power in our new 2019 Honda Clarity yesterday AND we were in rush hour traffic on CA-73 (a toll-road that runs from Newport Beach to I-5 in Laguna Niguel, California) driving along at 70MPH.

Here is what happened and how we discovered afterwards that this is an isolated, but seemingly common, quite dangerous issue with the Honda Clarity PHEV.

LOSS OF POWER IN RUSH-HOUR TRAFFIC

It’s late afternoon yesterday (May 31, 2019) and we are headed home from an appointment up in Huntington Beach, CA. We are driving on CA-73 in the Clarity’s HV Mode. When the battery drops to two bars — the baseline where the car’s computer stops the drainage from the battery to power the car — the engine is supposed to kick-in but it began REVVING and then lost ALL POWER.

Since we were going up a hill, the Clarity immediately dropped from 70mph to 40mph in seconds and kept dropping. Pushing the accelerator to the floor did nothing except redline the engine and it gave NO POWER TO THE WHEELS TO MAKE THE CAR GO.

Due to the rush-hour traffic on all sides (and cars coming up behind us at 70mph or greater), we *barely* are able to make it to the shoulder with cars honking and speeding around us! It was a truly terrifying experience. No matter what I did, I couldn’t get the car to power itself. I had to turn the car off, then back on, put it in “Sport” mode, and then we were able to drive it like it should work when the battery is depleted.

Just so you know, the Clarity Plug-In Hybrid has 3 modes: ECON, Sport and HV. ECON is battery-only. Sport is what you’d expect: it uses the battery and ICE (Internal Combustion Engine) to power the car simultaneously. HV mode uses the engine and the electric motor to power the Clarity as efficiently as possible in order to achieve the highest possible MPG.

In seconds I was switching between these modes in an attempt to get SOME power to safely get the car to the shoulder. My wife suggested turning on the hazard flashers which I did, and fortunately several cars slowed down so we could coast over to the side of the road and turn the car off.

After the adrenaline rush subsided, I was stumped that the car wasn’t smart enough to either warn me or, more importantly, to simply self-correct and not put us in to such a dangerous situation.

FOUND OUT I’M NOT THE ONLY ONE

Returning home, I find DOZENS of postings showing this is an issue many people have experienced. I concur with most that this is a DANGEROUS situation and HONDA HAS BEEN SILENT on this major issue.

CAR COMPLAINTS
I’ve found about 15 places where people have described the exact issue we experienced, but some also discuss other situations where the car had this revving-no-power problem (revving is also euphemistically called “angry bees”) even without a depleted battery. At CarComplaints.com there are several, including many like these:

January 15, 2019: “3 days after purchase I was driving on an interstate when the car suddenly lost all power. I managed to pull to a slow lane but the lack of power continued for another 5 minutes. It had been running on battery just prior and I had 2 bars of power left. The outside temperature was about 15 degrees. The internal combustion engine began to race but only began to give adequate power to the wheels after 5 minutes. A terrifying experience. Honda checked out the car and said nothing was wrong. I am hearing of other cases being reported like mine.”

Steve Borsch note: This is what happened to us, but the outside temperature was approximately 67 degrees. In the next two CarComplaint’s posts I’ve bolded specific items of note:

January 09, 2019: “Car revs up when driving down the highway but drops speed to 10mph. It has done this 2 times once in town and once on US-23 while driving 70mph. There are several complaints about the car doing the same thing to other Clarity owners and this is a highly dangerous situation that Honda should take care of! Reineke Honda in Findlay Ohio had my car for about 3 weeks and while test driving it the car did the same thing for the service manager Mike Stevens. They took a control box off a brand new Clarity per Honda’s suggestion and I am driving the car and had no new problems so far. They were not sure this would fix the issue but so far it hasn’t happened again. This is a dangerous failure in the car and I am lucky I wasn’t driving in Columbus, Ohio the 2nd time the car did it or I would have been rear ended! Honda needs to make sure this problem is fixed!!!”

February 09, 2019: “On approx 6 occasions, when EV power is used up, the car switches to ICE mode with issues. When traveling up hill, it feels like the transmission is not engaging. The vehicle losses power, and does not accelerate. The ICE revs extremely high without speed gain. Have also experienced a downhill situation with nearly full EV in EV mode. Vehicle feels like it disengages drivetrain. When pressing the accelerator, there was no response. One feels helpless when this occurs. Most of the time, the car had switches from EV to HV automatically, without issue. But, the above phenomena has happened 6 times in the last year this is unsafe. The vehicle was sold as an EV, with a gas engine to take over when EV runs out. At no time was there any explanation regarding potential situations that would cause the vehicle to become unsafe and lose power. One should not have to ensure reserve EV power for potential power loss situations. When these situations have occurred, upon shutting off the car and exiting, there is a strong smell of burning rubber and other material similar to transmission and brakes, or hot metal. Clearly something is overheating, and if the vehicle was not shutdown and allowed to cool, a reasonable person might conclude that significant damage to the engine, electric motors, EV battery, or transmission would take place. I am no longer driving the vehicle as a pure EV for city driving. The fear of power loss without control is extremely upsetting, and consequently, not getting the value of vehicle. My spouse will not drive the vehicle as driver or passenger if the trip is to exceed 20 miles in one direction. My gas savings has dropped considerably as I am unable to risk running out of EV before my trip ends. This vehicle has been taken to the dealer 3 times, and inspected by Honda of America. They deny there is anything wrong with the vehicle.

WHAT’S NEXT, HONDA?

What do I do next? More importantly, what do YOU do next, Honda? Almost all postings I’ve read say that dealer investigations turn up nothing and are a waste of time. I suspect it’s because the fundamental software code is at fault, something a dealer cannot fix.

HONDA: This is clearly a software issue since the switchover from HV Mode’s battery/engine, to only the engine, does not happen correctly. You must fix this before someone (or multiple people) die in a horrific crash and you are found to be at fault for not addressing this issue.

WHERE IT HAPPENED: Here is where it happened to us yesterday — we were headed southbound on CA-73 up a hill and the ‘shoulder’ we had to pull over on was on a bridge over El Toro Road, with cars racing by at top speed:

WHY A TWEET AND THIS POST: The primary reason I tweeted Honda today and am writing this post (and will tweet it too), is to document what happened, where it happened, and to have an audit trail in case something happens to me or my family while driving this car … or Honda does nothing to fix this issue and puts an unknown number of Clarity PHEV owners in continued jeopardy.

ProtonMail Continues To Be The Safest, Most Secure, and Private Email Provider

Last evening I saw this article link from Steiger Legal, on a blog run by Swiss lawyer Martin Steiger, in which he published a damning allegation that my beloved ProtonMail, the end-to-end encrypted email provider, was:

Email service provider ProtonMail, based in Switzerland, offers assistance for real-time surveillance: Voluntarily!

Steiger goes on with writing a factually incorrect article about ProtonMail on his blog, alleging, among other things, that “ProtonMail voluntarily offers assistance for real-time surveillance.

Fortunately ProtonMail responded with, in part, this clear statement:

So that there can be no ambiguity: ProtonMail does not voluntarily offer assistance as alleged. We only do so when ordered by a Swiss court or prosecutor, as we are obligated to follow the law in all criminal cases. Furthermore, ProtonMail’s end-to-end encryption means we cannot be forced by a court to provide unencrypted message contents.

That’s crystal clear in my view. Just to restate that last sentence, even if a prosecutor was able to scrape metadata about which user emailed to another person(s), the contents of the email could not be decrypted by ProtonMail and provided (and a government or intelligence service could not as well without massive computing power and a lot of time!

Unfortunately I had seen this article but not ProtonMail’s rebuttal before emailing their support and tweeting it to @ProtonMail, they responded to my tweet:

Hi Steve, these allegations are false, and have also been refuted by the Swiss public prosecutor earlier this week. We have responded on our blog here with more details: https://t.co/xdz2xfF4pu

— ProtonMail (@ProtonMail) May 31, 2019

I then responded and apologized for being rash and not investigating fully before tweeting:

Thank you for the clarification! Had not yet read the HN thread nor your post. Should have gone there first … apologies for that.

Note: With all the recent breaches and revelations that mobile apps are “phoning home” with metadata, my paranoia is accelerating. https://t.co/7XAkEEKD8B

— Steve Borsch (@sborsch) May 31, 2019

The “recent breaches” and “phoning home” items I referred to in my reply to ProtonMail were:

  • Washington Post article about how their privacy experiment showed 5,400 hidden app trackers guzzled our data — in a single week on the reporter’s iPhone.

Is it no wonder I rushed-to-judgement for a secure email service I rely upon to keep my emails to family and friends — and the PDFs, Word docs, and Excel spreadsheets with vital data in them — secure from prying eyes?

Thank you, ProtonMail team, for helping to keep us safe and secure!

NSA Loses Control of THEIR Hacking Software and Apple’s Tim Cook Was 100% Right

Remember when Apple’s Tim Cook wouldn’t put in a backdoor to iOS so the FBI could gain access to the San Bernardino terrorist’s iPhone? THIS IS WHY!

If the NSA can’t control software as destructive as this, how can any government guarantee a compromised operating system won’t get in to the wild? (One guess: they cannot and Tim Cook was 100% right).

Read this article in The New York Times as it tells the story of the NSA’s software loss well.

We must have end-to-end encryption on our devices. Period.

Here is what I believe is the *best* backup solution money can buy

It happened again this morning: A friend reached out to tell me their PC’s 1TB hard drive had crashed and could I help? Of course you guessed it, they did not have it backed up, the drive was toast, and they have either lost everything or could pay close to $2,000 to have the drive recovered!

I have a hard time feeling any sympathy for them, especially since he and I have discussed backup numerous times. I’ve always encouraged him to buy one of inexpensive backup drives that exist, which makes backing up so simple that anyone can do it, even him. So I’ll implore you to backup just like I did him but he is serious about it now after it is too late: PLEASE back up all of your systems and, especially, your main PC or Mac. It’s not IF your hard drive will fail, but rather WHEN it will fail.

WHY I DON’T BACKUP TO CHEAP DRIVES
For me, however, a cheap backup drive won’t do it which is why I use the ioSafe G3 drives:

The ioSafe Solo G3 is fireproof and waterproof external hard drive engineered to keep data safe during fires and floods and to protect to from theft. Designed for optimal reliability, the G3 hard drive is the easiest way to protect your photos, videos, documents and other irreplaceable data.

I’ve written about these drives before here and here and I own two of them. My iMac has a 1TB solid state drive in it and I have one external 3TB ioSafe G3 drive which is nearly full of music, photos, and files. Both my iMac’s drive and my external 3TB drive are encrypted with FileVault, so I needed a 4TB external drive to use for a Time Machine backup drive. So I purchased that second ioSafe drive — this time in a 4TB size — to back them both up (and yes, everything is encrypted there too).

In fact, today I ordered another ioSafe G3 drive but this time in a 6TB configuration. Why? Because my Time Machine backups only go back 30 days and I want them to go at least 30 days further back and maybe longer, so an extra 2TBs of storage will enable me to do that (and I’ll wipe my 4TB drive and connect it to my wife’s iMac).

WHY I DON’T BACKUP TO THE CLOUD
Consider me paranoid, but unless I control the private encryption key I don’t feel my data is safe. Anyone with that key can unlock my data and view it (e.g., Dropbox can, in theory, read all of your files).

The only one I would consider is SpiderOak’s personal One backup plan, a solution that encrypts your data before it is backed up and sent to their servers. As good as SpiderOak is, there are a few “fatal flaws” I see with using it (or any cloud service) as my primary backup solution:

  • My data is in the cloud on someone else’s servers.
  • It takes forever to transfer large data files so backing up is time consuming. Moving huge files can also hammer on your internet service provider’s data caps (which are becoming more common now that TV streaming is ubiquitous and used by more people than ever before) so you’ll have to pay more for data.
  • The 5TB service I’d need is $29 per month ($348 per year) which would buy an ioSafe G3 drive itself!

WHY I USE IOSAFE DRIVES & BELIEVE THEY’RE THE BEST

Look … you can go ahead and backup to cheap drives. But lets say your house catches on fire and the fire department arrives to put it out. If the area near your computer burns your PC is melted and so are your backup drives and everything will be lost. Even if it doesn’t burn and melt, the water used to put out the fire will most likely compromise the backup drives and make them unrecoverable.

The features that make it “the best” backup solution money can buy include:

  • The ioSafe drives can withstand temperatures up to 1550°F for 30 minutes per ASTM E119 (PDF).
  • They can be completely submerged in fresh or salt water up to a 10′ depth for 72 hours (which is so much more than a firehose would douse them with in a house fire).
  • The drives can be secured to either the floor or a hard-to-move object to prevent the drive, and the data it holds, from being stolen (I bolted my drives to my desk when our house was up for sale so no one could grab one and run off with it!).
  • These drives are very, very quiet and, with USB 3, they are fast.
  • They are a “set it and forget it” backup solution. If you have a Mac, use Time Machine to back up your computer. If you have a Windows PC, buying an ioSafe drive includes a license to Genie Timeline Professional: easy to use backup software for Windows that can protect your data with military-grade 256-AES encryption.

Living here in southern California makes drives like these even MORE important for my wife and for me. With earthquakes, wildfires, and more humans than most places on earth (so more likelihood of theft), having these drives as my backup solution give me peace of mind.

HOW AND WHERE TO BUY
Though you can buy these drives directly from ioSafe, here are a few places to pick up a 2TB, 3TB or 4TB drive less expensively:

WHATEVER YOU DO … BACK UP!!
Borsch, you’ve told me I need to back up … I get it!” OK, OK … but I thought my buddy didn’t want to hear me pontificate about backing up either and he didn’t … and now he’s lost all his photos, videos, emails and other data.

Don’t be like my buddy … back up now.


Disclaimer: I receive absolutely nothing from ioSafe or anyone else for my enthusiasm for their incredible hard drives. Yes, I do think they’re the best and just want everyone to back up!

Get Secure *Before* You Get Hacked

As I’ve been dubbed “Mr. Security” by my friends, family and clients (I pay significant attention to, and use, cybersecurity, privacy and software measures) but my pleadings with them to be secure often are ignored…until they get hacked. Then they plead with me to help them out and get their digital life on track. Usually it’s too little, too late, and the work to recover is enormous.

You should care deeply about your digital life and its security, especially since the risk of getting hacked is exploding! The World Economic Forum in its 2018 report (PDF) said blackhat hackers are gaining the upper-hand in cyber warfare…and they are coming after you…and even the experts can’t keep up:

“Offensive cyber capabilities are developing more rapidly than our ability to deal with hostile incidents.”

Here’s the good news: if you haven’t yet been hacked it’s likely you will at some point, so lets get you cyber secure NOW!

SECURITY CHECKLIST

I was delighted this morning to discover this Security Checklist, “An open source checklist of resources designed to improve your online privacy and security. Check things off to keep track as you go.

The Security Checklist is very comprehensive, easy to follow, and one you should look at and implement as quickly as possible. It gives you the “why” and specific resources to use for each category, making this pretty brain-dead-simple to follow and implement:

  • Password Manager
  • Create a strong device passcode
  • Use two-factor authentication
  • Set up a mobile carrier PIN
  • Encrypt your devices
  • Freeze Your Credit
  • Use 1.1.1.1 for DNS resolution
  • Use a VPN
  • Cover your webcam
  • Use a privacy-first web browser
  • Use a privacy-first search engine
  • Review app permissions on your devices
  • Review your social media privacy settings
  • Educate yourself about phishing attacks

Go to Security Checklist

Google’s Motto ‘Do The Right Thing’ is for Them and Not Us — Especially with Chrome 69

UPDATE on September 25, 2018
Looks like Google blinked since so many of us were SO upset about what they were doing. While this is good news, I’ll be sticking with Firefox for the foreseeable future:

“Chrome 70 Will Allow Users to Opt-Out of Controversial Automatic Sign-in Feature”


For years I’ve been a staunch supporter and trusted Google, loved their services like Google Suite, Gmail, Google Voice, and others, all while admiring their machine learning and artificial intelligence research. One thing I specifically trusted was Google’s Don’t Be Evil motto which was baked in to their Code of Conduct for the company.

Then, back in May, I became troubled when they removed Don’t Be Evil and replaced it with Do The Right Thing. At the time I joked with a friend of mine asking him, “Is ‘do the right thing’ for us, or for Google?

It appears the motto change was focused on Google.

The biggest shift away from that “Don’t Be Evil” motto that Google has ever done just happened. Though this thread started on Hacker News a few weeks ago, a cryptographer and professor at Johns Hopkins University whose blog I follow, Matthew Green, wrote a post entitled, Why I’m Done with Chrome. In it he said:

A few weeks ago Google shipped an update to Chrome that fundamentally changes the sign-in experience. From now on, every time you log into a Google property (for example, Gmail), Chrome will automatically sign the browser into your Google account for you. It’ll do this without asking, or even explicitly notifying you.

Green also sees this move as having serious implications for privacy and trust. Do you think!?! My trust-level in Google has plummeted. So much so that I have now shifted 100% back to Mozilla’s Firefox browser and away from Chrome. I will no longer use Chrome until they change the way they infiltrate my privacy.

SO WHAT EXACTLY DID GOOGLE DO?

Google’s recent update to Chrome (browser version 69) has done something unprecedented in their history:

a) Once you login to Chrome as a user, Google can (and does) track EVERYTHING you do in the browser. Every site you view, every login. The change? If you login to any Google service in the Chrome browser, Google will log you in to that browser to give them access to everything you’re doing within Chrome.

b) As a user you can no longer delete ALL the cookies in your browser. Google’s cookies remain no matter what you do. (Hat tip to Christoph Tavan for discovering this breach)

c) Google is increasingly using “dark pattern” user interfaces in their services to hide or obfuscate what something does when you check, uncheck or choose an option. In ExtremeTech’s article Chrome 69 Is a Full-Fledged Assault on User Privacy, they describe how Google’s dark pattern user interfaces obscure their intent to get you to enable them to do the right thing for Google:

These changes are all part of what’s known as a dark pattern. If a pattern is defined as a regularity in the world (designed or naturally occurring) that repeats in a predictable manner, a dark pattern is an attempt to trick users by designing interface options that look like the options users expect to see.

I, for one, don’t want to research, study or figure out how a company I trust might be trying to trick me in to do something that is in THEIR best interest…and not mine. I’d rather pay for offerings and am growing tired of “being the product“.

FOR MORE

Supreme Court Rules Police Need a Warrant to Track Our Mobile Phones

This morning the U.S. Supreme Court ruled that police must obtain a search warrant in order to get access to cellphone location information.

This is HUGE and a big win for anyone who cares about intrusive, mass, warrantless surveillance that is, by any measure, illegal searches and (data) seizures.

Chief Justice John Roberts sided with the “liberal” justices (ones I instead use the adjective “strategic” to describe). This National Public Radio (NPR) story In Major Privacy Win, Supreme Court Rules Police Need Warrant To Track Your Cellphone put it succinctly:

The majority declared that the Fourth Amendment guarantees an expectation of privacy and that allowing police to obtain moment-by-moment tracking of an individual’s cellphone location is a kind of surveillance that the framers of the Constitution did not want to occur without a search warrant.

The chief justice said that this sort of tracking information is akin to wearing an electronic ankle-bracelet monitoring device and that the citizens of the country are protected from that kind of monitoring unless police can show a judge that there is probable cause of a crime that justifies it.

After the 2014 Edward Snowden revelations about mass, warrantless surveillance of U.S. citizens — which was being performed by the signal intelligence focused National Security Agency (NSA) — was an enormous concern both domestically and internationally as the NSA’s clear mission was to focus only on foreign signal intelligence while excluding spying on American citizens. The outcry domestically and internationally reached a fever pitch…but little was revealed on what was being done to stop mass, warrantless surveillance.

Then some of Snowden’s document releases were published and it was revealed that all of this vacuumed-up data had a “Google-like search engine” that could be used to scour all data for an individual or group. Somehow the Drug Enforcement Agency (DEA) and other law enforcement agencies were being provided with data that couldn’t be challenged in court due to “national security concerns” so the extent of data being swept-up has never been completely understood.

The bottom line? The accelerating “surveillance State” was already out of control and Congress seemingly turned a blind eye toward it and extended its capability.

Though it has taken too many years for the Supreme Court to weigh in on the Constitutionality of warrantless surveillance, the explosion in law enforcement’s use of cellphone tracking devices like Stingray, meant that warrantless tracking by police agencies was low-hanging-fruit for the court to address.

In my mind it’s too little, too late…but it’s a start.

Use Your Phone’s Gmail App for Two-Factor Authentication

Email is your most important application whether you access it in a web browser or with an app on your smartphone or tablet. If your email gets hacked, it is trivial for a blackhat hacker to go to your online accounts with a bank, stock brokerage, ecommerce site, and reset your passwords

…and then gain control of all your accounts!

But you can easily and quickly protect your email. If you set 2FA up and turn it on, a hacker would have to have both your email password and your smartphone in order to gain control over your email account!  In the case of Gmail, you can set up another layer of protection though: two-factor authentication (2FA…also called 2-step verification). 2FA makes your smartphone an additional, secure method of proving it is you trying to login to your Gmail.

The good news? Google has made 2FA quite easy to set up and use but they have recently made it even easier to use. Read on to learn how it works.  Read More

Got an iPhone or iPad? You Need a Better Password NOW

There is a new tool for hacking in to an iOS device (i.e., iPhone or iPad) you should be aware of and why you should change your password NOW…but also make it a strong one.

A Motherboard investigation has found that law enforcement agencies across the country have purchased GrayKey, a relatively cheap tool for bypassing the encryption on iPhones, while the FBI pushes again for encryption backdoors.

According to Matthew Green, assistant professor and cryptographer at John Hopkins Information Security Institute, said on Twitter that GrayKey has an exploit that disables Apple’s passcode-guessing protections (i.e., SEP throttling) AND that a 4-digit passcode can be cracked in as little as 6.5 minutes on average, while a 6-digit passcode can be calculated in roughly 11 hours:

Another Motherboard article emphasized that you should immediately Stop Using 6-Digit iPhone Passcodes and yes, you should.

Why a Long, Secure Password Now?

Security and convenience are always a trade-off. But I’ve set up a password for my devices that, according to this password checker, will take 44 thousand years to crack BUT it is easy for me to remember, and to use, as my iOS “custom alphanumeric code.” This password has numbers, upper/lower case letters, along with a few special characters (e.g., !@#$%^&*()).

Do I have something to hide? Nope. But the reason I lock my front door, have security cameras and alarm system, and don’t invite random people in to dig through my drawers or important-papers in filing cabinets, IS THAT MY STUFF IS *MY* STUFF AND PRIVATE! I intend to keep it that way so I protect the shit out of things I want to keep private AND SECURE.

If you travel outside the U.S. like my wife or I do and come back in with your device, TURN IT OFF. That is because U.S. Customs is increasingly grabbing traveler’s devices and disappearing with them to a back-room, apparently to hook them up to a device to suck off all the data. While this hasn’t yet directly affected U.S. citizens, there is nothing stopping other countries from doing the same thing.

Plus, once all of your data is captured, there are enough cracking resources available to government agencies to be able to take their time to crack your device data they have previously stored. It might take them a year or, after quantum computing becomes a reality (if it isn’t already real) in the next several years, those times to crack may be reduced to minutes instead of days or years.

Police agencies within the United States may also be less adherent to the U.S. Constitution and Bill of Rights when it comes to the gray area surrounding digital search and seizures, even though in 2014, the U.S. Supreme Court addressed two cases, Riley v. California and United States v. Wurie, dealing with cell phones searches and the search incident to arrest exception to the warrant requirement. During searches incident to arrest, the high court has not required warrants under certain circumstances where protecting officer safety and preventing evidence destruction are at issue. For more, read this at FindLaw.

The U.S. Border Patrol also could be in a position to do whatever they damn well please — within 100 miles of the U.S. border — as you can see from this article at the American Civil Liberties Union (ACLU):

Why Can You Do?