DHS Secretary Says Agency Is Planning On Demanding Foreigners' Social Media Account Passwords
from the processing-the-fuck-out-of-immigrants-and-visitors dept
Last summer, the DHS started asking visitors to the US to supply their social media handles. It was all on a strictly voluntary basis, of course. But that doesn't mean some immigrants and visa seekers didn't do exactly as they were asked, either due to a language barrier or figuring that turning down this request might harm their chances of entering the country.
Six months later, the DHS made it more official, unofficially. An "optional" section in the DHS's online visa application process asked for account info for multiple social media platforms, including (strangely) Github and JustPasteIt. Again, officials assured everyone this was optional and the information was to be used to assess the threat levels of incoming foreigners. Again, the DHS probably harvested a fair amount of information despite the optional nature of the request. Like any cop asking if you'd "mind if they look around the car a little bit," the request carried unspoken threats that things might be a bit more difficult if the request was denied.
Now, news comes that the DHS is planning on going even further. Say goodbye to optional social media account disclosure. The DHS wants to be inside travelers' [social media accounts], according to this report from Federal Computer Week.
John Kelly, the new secretary of the Department of Homeland Security, testified that foreign travelers coming to the United States could be required to give up social media passwords to border officials as a condition of entry.
"We want to say, for instance, which websites do you visit, and give us your passwords, so we can see what they do on the internet," he said at a Feb. 7 House Homeland Security hearing, his first congressional hearing since his Senate confirmation. "If they don't want to give us that information, they don't come in."
Thanks, Trump. Kelly noted that the recent, not-even-fully-legal-yet travel ban has given the DHS the perfect excuse to start behaving in a more totalitarian fashion.
[H]e added that President Donald Trump's freeze on entry to the U.S. by citizens of seven countries, "is giving us an opportunity… to get more serious than we have been about how we look at people coming into the United States."
Perhaps this will be deployed the way the DHS's other attempts to peer into travelers' social media accounts has: to make it "optional," with the implicit threat that rejecting the agency's advances will result in zero forward progress beyond the nation's borders.
DHS Secretary Kelly isn't much for implicit threats. He prefers his threats (at least those he makes) to be explicit.
[I]f they truly want to come into America, then they'll cooperate. If not, you know, next in line.
Kelly also shouldered some of the blame for the disastrous travel ban roll out. In a too little, far too late mea culpa, Kelly suggested it might have been better to consult with Congress first. Kelly did not offer further details as to whether this would have just been a token gesture or whether the administration could have been talked out of the unpopular, possibly-illegal travel ban by legislators.
Fifteen years ago, a terrorist attack was exploited to expand government power -- especially in the intelligence and law enforcement arenas. Fifteen years later, fear-mongering politicians and officials are still dining out on that attack, selling fear and buying government power real estate while using War on Terror eminent domain "orders" to carve holes in civil liberties. The Trump Administration has already made it clear it won't extend any of our rights to citizens of other nations. The president's new DHS head is right on top of ensuring visitors and immigrants are welcomed with maximum intrusiveness.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: cbp, dhs, john kelly, passwords, privacy, social media
Reader Comments
The First Word
“The CFAA doesn't seem to grant an exemption for this kind of activity, so any government agent who logs in to another person's account violates that website's TOS, and they also commit a felony? Wonderful.
Subscribe: RSS
View by: Time | Thread
Travelling to the US, Tip #01: Don't.
As if people really needed another reason to never visit the US if it can at all be avoided.
Look at pictures of the scenery, monuments and parks online, contact people via email, phone or even gorram snail mail, but never, ever come to the country in person if it's even remotely possible to avoid doing so.
[ link to this | view in chronology ]
Re: Travelling to the US, Tip #01: Don't.
So because of that, and the groping, I haven't been back since. And that's a shame, because I used to like the place...
[ link to this | view in chronology ]
Re: Re: Travelling to the US, Tip #01: Don't.
Since then the TSA came up with TSA-Approved locks that they had master keys for. It provided an excellent lesson in government-ordered back doors.
The TSA released close-up photos of the TSA master keys, in turn published in the Washington Post, letting anyone duplicate them. Those without locksmith skills can download the design for a 3D printer.
It soon became common for belongings to disappear from "locked" luggage. Meanwhile, TSA agents would still tear apart and destroy luggage...
Techdirt: TSA Agents Outwitted By Cory Doctorow's Unlocked, 'TSA-Safe' Suitcase
[ link to this | view in chronology ]
Re: Re: Re: Travelling to the US, Tip #01: Don't.
"Sorry officer, no idea what that might be. I didn't put it in there, and I didn't leave it alone until I handed it to the airline agent. How many people did you say handled my bag before you found it?"
I also don't check anything of any value, but then, I never have.
[ link to this | view in chronology ]
Re: Re: Re: Travelling to the US, Tip #01: Don't.
Strangely, the fix for that is to pack a gun: https://lifehacker.com/5448014/pack-a-gun-to-protect-valuables-from-airline-theft-or-loss
[ link to this | view in chronology ]
"Give us your facebook password."
"What's facing-book?"
"We looked up your name on facebook and found this account right here"
"That's not mine."
What are they going to do? Just assume you're lying and deny you entry? Now having social media accounts is also a requirement for entry into the united states?
[ link to this | view in chronology ]
Re:
*4ecD$#hcBf@~eld,(MF@^tq[$94Dp
And, as we all know, the favorite Twitter handle for these people is @RadicalMuslimTerrorist.
But in the .gov defense, which I've worked in, and despite this being an incredibly stupid policy, every so often you find someone who goes full-retard on social-media under their real name. It really does happen.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
How long does that take to do?
Tumblr? Whatsapp? Snapchat? Twitter? Instagram? Viber? Sina Weibo? QQ? QZone? Line? Facebook? Google+?
Now not to mention it is only too long before they try to expand what defines a "social media" website.
Youtube? Pinterest? Flickr? LinkedIn? Kik? Tinder? Skype? Any other Dating website.
The rabbit hole is endless, ever changing, and they will only keep moving the goal posts as far they think they can to get access to more and more.
[ link to this | view in chronology ]
Re: How long does that take to do?
That part's easy. Feed it to Google Translate. If it doesn't come back looking squeaky clean, assume it's bad and treat them like they refused to give you the password at all.
As an optional shortcut, if it's Arabic, don't even bother with Google Translate and skip straight to assuming it's bad. After all, terrorists speak Arabic.
[ link to this | view in chronology ]
Re: Re: How long does that take to do?
[ link to this | view in chronology ]
Re: Re: Re: How long does that take to do?
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Fair's fair
[ link to this | view in chronology ]
Re: Fair's fair
[ link to this | view in chronology ]
Re: Re: Fair's fair
/s
[ link to this | view in chronology ]
Re: Re: Re: Fair's fair
Too late.
[ link to this | view in chronology ]
Re: Re: Fair's fair
[ link to this | view in chronology ]
Dear Social Media Platforms:
Think of it as a Valet Key for your social media account.
[ link to this | view in chronology ]
Re: Dear Social Media Platforms:
If you give them this kind of concession, they'll only come back demanding more.
[ link to this | view in chronology ]
Re: Re: Dear Social Media Platforms:
But they're going to. So now's a good time to start planning for it to happen.
[ link to this | view in chronology ]
Re: Re: Re: Dear Social Media Platforms:
[ link to this | view in chronology ]
Re: Dear Social Media Platforms:
[ link to this | view in chronology ]
Re: Dear Social Media Platforms:
[ link to this | view in chronology ]
Re: Dear Social Media Platforms:
[ link to this | view in chronology ]
Easy path to arresting people
Obstruction of justice, lying to a federal official, whatever they want. All they have to do is find a single social account you did not tell them about (sign up for that Github account five years ago and never use it? You better remember that login details) and you will be loaded with charges against you.
99% of folks they likely will never ask this information. But the few who do? Makes it really easy for them to either deny entry or arrest them.
I am curious on the legal boundaries of this. For example - if you manage the social accounts for your business, can they demand your passwords for that too?
If you manage your passwords using a password manager, can they demand access to that password manager? If they can, does that then allow them access to all of the logins stored on that manager?
If you store your logins on your phone, do they now have full access to your phone unencrypted?
If they find something critical of America but still protected by the 1st amendment, if they deny you entry because of that is that illegal?
How does this work with accounts held by minors?
If you delete the social media app from your phone so they can't get access through your phone, but do provide them the login details, is that obstruction by making it more difficult for them to view your details?
If you use your social accounts to login to other services, do they then get access to those other services?
If an account was set up for you (think the parents who make a Facebook account for their child before they become of age to manage one on their own), and you have no access to that account at all, are you still responsible for those details?
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
Yet the US tourist industry is placing ads on UK TV inviting us to come and see the wonders of California, Florida, etc. I'd love to visit those places — gotta see the Grand Canyon for myself — but not while this horrible situation continues.
The thing is, Trump's base isn't urban or in touristy areas, it's in Flyover Country. If the cities and resorts lose business, it's no skin off their noses. I doubt that a drop in overseas visitor revenues will force a change in policy. :/
[ link to this | view in chronology ]
The CFAA doesn't seem to grant an exemption for this kind of activity, so any government agent who logs in to another person's account violates that website's TOS, and they also commit a felony? Wonderful.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Twitter and Facebook should alter their terms of service to make the government's use of credentials obtained through coercion (and without a warrant) a TOS violation. They should also start blacklisting blocks of IPs known to be used by government agencies.
[ link to this | view in chronology ]
Did Facebook just unofficially become mandatory for visitors?
I don't have Facebook or Twitter accounts. If I were a teen or young adult, would they believe me? Or would they accuse me of lying and ban me from entering?
[ link to this | view in chronology ]
facepalm
[ link to this | view in chronology ]
Re: facepalm
[ link to this | view in chronology ]
Re: facepalm
[ link to this | view in chronology ]
Two-factor authentication
So what is the implementation plan here? Asking you to fill a form with usernames and passwords will not work. Clone your phone? Wait while you log into each site and show them what's there?
[ link to this | view in chronology ]
Re: Two-factor authentication
[ link to this | view in chronology ]
Re: Two-factor authentication
ICE Agent: "Thank you sir, now please log in and authorize the USG terror-detector app to access your account, Ok, we're good to go. Thank you, and have a nice day."
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
Americans need a passport when they cross into Canada. Not because Canada requires it, but because the US requires it for them to return. The US now has agreements with Canada and other countries whereby if an American travels from there to a 3rd country, the US is notified.
The US already requires foreigners - and returning Americans - to allow their cell phones to be imaged at the border if requested.
So. If the US makes password demands, cell phone scans and social media scans mandatory for foreigners entering the country, the best bet is that it would do the same for returning Americans. And it would sign agreements with other countries to do the same to Americans at their borders, with the information returned to the US government.
[ link to this | view in chronology ]
I'm certain this will work...
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
Sadly, what will actually happen is that a handful of people decide not to travel to the US at all, a majority will sheepishly agree to hand over their details, and the actual terrorists make innocent dummy accounts while plotting elsewhere.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
This is utter insanity.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
There May Be Ways ...
... to take appropriate (plausibly-deniable) countermeasures ...
[ link to this | view in chronology ]
[ link to this | view in chronology ]