DHS Secretary Says Agency Is Planning On Demanding Foreigners' Social Media Account Passwords

from the processing-the-fuck-out-of-immigrants-and-visitors dept

Last summer, the DHS started asking visitors to the US to supply their social media handles. It was all on a strictly voluntary basis, of course. But that doesn't mean some immigrants and visa seekers didn't do exactly as they were asked, either due to a language barrier or figuring that turning down this request might harm their chances of entering the country.

Six months later, the DHS made it more official, unofficially. An "optional" section in the DHS's online visa application process asked for account info for multiple social media platforms, including (strangely) Github and JustPasteIt. Again, officials assured everyone this was optional and the information was to be used to assess the threat levels of incoming foreigners. Again, the DHS probably harvested a fair amount of information despite the optional nature of the request. Like any cop asking if you'd "mind if they look around the car a little bit," the request carried unspoken threats that things might be a bit more difficult if the request was denied.

Now, news comes that the DHS is planning on going even further. Say goodbye to optional social media account disclosure. The DHS wants to be inside travelers' [social media accounts], according to this report from Federal Computer Week.

John Kelly, the new secretary of the Department of Homeland Security, testified that foreign travelers coming to the United States could be required to give up social media passwords to border officials as a condition of entry.

"We want to say, for instance, which websites do you visit, and give us your passwords, so we can see what they do on the internet," he said at a Feb. 7 House Homeland Security hearing, his first congressional hearing since his Senate confirmation. "If they don't want to give us that information, they don't come in."

Thanks, Trump. Kelly noted that the recent, not-even-fully-legal-yet travel ban has given the DHS the perfect excuse to start behaving in a more totalitarian fashion.

[H]e added that President Donald Trump's freeze on entry to the U.S. by citizens of seven countries, "is giving us an opportunity… to get more serious than we have been about how we look at people coming into the United States."

Perhaps this will be deployed the way the DHS's other attempts to peer into travelers' social media accounts has: to make it "optional," with the implicit threat that rejecting the agency's advances will result in zero forward progress beyond the nation's borders.

DHS Secretary Kelly isn't much for implicit threats. He prefers his threats (at least those he makes) to be explicit.

[I]f they truly want to come into America, then they'll cooperate. If not, you know, next in line.

Kelly also shouldered some of the blame for the disastrous travel ban roll out. In a too little, far too late mea culpa, Kelly suggested it might have been better to consult with Congress first. Kelly did not offer further details as to whether this would have just been a token gesture or whether the administration could have been talked out of the unpopular, possibly-illegal travel ban by legislators.

Fifteen years ago, a terrorist attack was exploited to expand government power -- especially in the intelligence and law enforcement arenas. Fifteen years later, fear-mongering politicians and officials are still dining out on that attack, selling fear and buying government power real estate while using War on Terror eminent domain "orders" to carve holes in civil liberties. The Trump Administration has already made it clear it won't extend any of our rights to citizens of other nations. The president's new DHS head is right on top of ensuring visitors and immigrants are welcomed with maximum intrusiveness.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: cbp, dhs, john kelly, passwords, privacy, social media


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. icon
    That One Guy (profile), 9 Feb 2017 @ 7:26am

    Travelling to the US, Tip #01: Don't.

    As if people really needed another reason to never visit the US if it can at all be avoided.

    Look at pictures of the scenery, monuments and parks online, contact people via email, phone or even gorram snail mail, but never, ever come to the country in person if it's even remotely possible to avoid doing so.

    link to this | view in thread ]

  2. identicon
    Anonymous Coward, 9 Feb 2017 @ 8:48am

    I don't understand how this is enforceable.

    "Give us your facebook password."
    "What's facing-book?"
    "We looked up your name on facebook and found this account right here"
    "That's not mine."

    What are they going to do? Just assume you're lying and deny you entry? Now having social media accounts is also a requirement for entry into the united states?

    link to this | view in thread ]

  3. identicon
    Baron von Robber, 9 Feb 2017 @ 8:59am

    For pushing a smaller government, it sure is getting bigger (along with the federal deficit to follow).

    link to this | view in thread ]

  4. identicon
    Anonymous Coward, 9 Feb 2017 @ 8:59am

    Fair's fair

    America leads by example. I think other countries should follow by also asking for social media account names and passwords, but just from Americans, especially politicians.

    link to this | view in thread ]

  5. identicon
    Anonymous Coward, 9 Feb 2017 @ 9:02am

    Re:

    Imagine the fun if, like me, you use a password manager. Here you go,

    *4ecD$#hcBf@~eld,(MF@^tq[$94Dp

    And, as we all know, the favorite Twitter handle for these people is @RadicalMuslimTerrorist.

    But in the .gov defense, which I've worked in, and despite this being an incredibly stupid policy, every so often you find someone who goes full-retard on social-media under their real name. It really does happen.

    link to this | view in thread ]

  6. icon
    sigalrm (profile), 9 Feb 2017 @ 9:04am

    Dear Social Media Platforms:

    Time to Implement a "Read Only" duress password, that will allow the required access _but not_ allow posting, binding of applications and services, etc to the account.

    Think of it as a Valet Key for your social media account.

    link to this | view in thread ]

  7. icon
    Toestubber (profile), 9 Feb 2017 @ 9:08am

    Re:

    It doesn't have to make sense. In fact, it's better for the authorities if their requirements are illogical. Like all border harrassment, this shit is completely subjective, and ambiguous "rules" only cause the traveler to be the one who suffers. He/she is already presumed guilty.

    link to this | view in thread ]

  8. icon
    Geno0wl (profile), 9 Feb 2017 @ 9:08am

    How long does that take to do?

    Can they check all of them? How long would that even take? Does a person specialized in doing this check these accounts or some robot? How do you check some of these if you can't speak/read a foreign language?

    Tumblr? Whatsapp? Snapchat? Twitter? Instagram? Viber? Sina Weibo? QQ? QZone? Line? Facebook? Google+?

    Now not to mention it is only too long before they try to expand what defines a "social media" website.

    Youtube? Pinterest? Flickr? LinkedIn? Kik? Tinder? Skype? Any other Dating website.

    The rabbit hole is endless, ever changing, and they will only keep moving the goal posts as far they think they can to get access to more and more.

    link to this | view in thread ]

  9. identicon
    Anonymous Coward, 9 Feb 2017 @ 9:10am

    Easy path to arresting people

    This feels less like they want access to social accounts for security purposes and more of an easy avenue to make an arrestable offense.

    Obstruction of justice, lying to a federal official, whatever they want. All they have to do is find a single social account you did not tell them about (sign up for that Github account five years ago and never use it? You better remember that login details) and you will be loaded with charges against you.

    99% of folks they likely will never ask this information. But the few who do? Makes it really easy for them to either deny entry or arrest them.

    I am curious on the legal boundaries of this. For example - if you manage the social accounts for your business, can they demand your passwords for that too?
    If you manage your passwords using a password manager, can they demand access to that password manager? If they can, does that then allow them access to all of the logins stored on that manager?
    If you store your logins on your phone, do they now have full access to your phone unencrypted?
    If they find something critical of America but still protected by the 1st amendment, if they deny you entry because of that is that illegal?
    How does this work with accounts held by minors?
    If you delete the social media app from your phone so they can't get access through your phone, but do provide them the login details, is that obstruction by making it more difficult for them to view your details?
    If you use your social accounts to login to other services, do they then get access to those other services?
    If an account was set up for you (think the parents who make a Facebook account for their child before they become of age to manage one on their own), and you have no access to that account at all, are you still responsible for those details?

    link to this | view in thread ]

  10. identicon
    Anonymous Coward, 9 Feb 2017 @ 9:11am

    Re: Dear Social Media Platforms:

    No, this is a terrible idea. The point is that they should not have access to private accounts, and be able to snoop through messaging history, etc, period.

    If you give them this kind of concession, they'll only come back demanding more.

    link to this | view in thread ]

  11. identicon
    Anonymous Coward, 9 Feb 2017 @ 9:11am

    Are they trying to discourage all forms of immigration and travel?

    link to this | view in thread ]

  12. identicon
    Anonymous Coward, 9 Feb 2017 @ 9:18am

    Isn't the sharing of passwords a violation of every website's Terms of Service? And isn't that (at least in the eyes of the DOJ) a violation of CFAA, and a felony? So every non-citizen who visits the USA will be required to commit a felony before they will be admitted?

    The CFAA doesn't seem to grant an exemption for this kind of activity, so any government agent who logs in to another person's account violates that website's TOS, and they also commit a felony? Wonderful.

    link to this | view in thread ]

  13. identicon
    Anonymous Coward, 9 Feb 2017 @ 9:18am

    Sharing your credentials is a terms of service violation with Facebook and Twitter. Doing so could open you up to prosecution under the CFAA. The government should not be able to demand you commit a crime.

    Twitter and Facebook should alter their terms of service to make the government's use of credentials obtained through coercion (and without a warrant) a TOS violation. They should also start blacklisting blocks of IPs known to be used by government agencies.

    link to this | view in thread ]

  14. identicon
    Anonymous Coward, 9 Feb 2017 @ 9:23am

    Re: Dear Social Media Platforms:

    It would have to be a key to a separate dummy account.

    link to this | view in thread ]

  15. identicon
    Anonymous Coward, 9 Feb 2017 @ 9:27am

    Re: How long does that take to do?

    How do you check some of these if you can't speak/read a foreign language?

    That part's easy. Feed it to Google Translate. If it doesn't come back looking squeaky clean, assume it's bad and treat them like they refused to give you the password at all.

    As an optional shortcut, if it's Arabic, don't even bother with Google Translate and skip straight to assuming it's bad. After all, terrorists speak Arabic.

    link to this | view in thread ]

  16. identicon
    Anonymous Coward, 9 Feb 2017 @ 9:39am

    Re:

    You know that's true and if argued effectively could get the whole thing stricken.

    link to this | view in thread ]

  17. icon
    Roger Strong (profile), 9 Feb 2017 @ 9:41am

    Did Facebook just unofficially become mandatory for visitors?

    I don't have Facebook or Twitter accounts. If I were a teen or young adult, would they believe me? Or would they accuse me of lying and ban me from entering?

    link to this | view in thread ]

  18. identicon
    Cowardly Lion, 9 Feb 2017 @ 10:11am

    Re: Travelling to the US, Tip #01: Don't.

    I was in the States in December 2002, and the news on the telly there was that air travellers shouldn't lock their luggage so that the TSA could open it up and inspect it. They had a mouthpiece saying "security", and "terror", and that the TSA were free to force locks open if they wanted to. The TSA. Airport "security". Some of the biggest tea-leafs on the planet, contemptuous of other human beings. With a license to rummage through women's underwear...

    So because of that, and the groping, I haven't been back since. And that's a shame, because I used to like the place...

    link to this | view in thread ]

  19. identicon
    Anonymous Coward, 9 Feb 2017 @ 10:17am

    Re: Re: How long does that take to do?

    Hand over your password, and the NSA will do a backup and translate much faster that Google can do a translate.

    link to this | view in thread ]

  20. identicon
    Anonymous Coward, 9 Feb 2017 @ 10:20am

    facepalm

    Has the US government gone completely bonkers?

    link to this | view in thread ]

  21. identicon
    Anonymous Coward, 9 Feb 2017 @ 10:31am

    Re: Fair's fair

    Trump should lead by example and publicly post the password to his twitter account.

    link to this | view in thread ]

  22. identicon
    Anonymous Coward, 9 Feb 2017 @ 10:34am

    Re: Dear Social Media Platforms:

    Giving that "valet" password to DHS I'm sure would get you permanently banned.

    link to this | view in thread ]

  23. icon
    Roger Strong (profile), 9 Feb 2017 @ 10:35am

    Re: Re: Fair's fair

    But then someone would post all sorts of garbage to it that would embarrass the Presidency and the country. We can't have that.

    /s

    link to this | view in thread ]

  24. identicon
    Anonymous Coward, 9 Feb 2017 @ 10:38am

    Re: Re: Re: Fair's fair

    But then someone would post all sorts of garbage to it that would embarrass the Presidency and the country.

    Too late.

    link to this | view in thread ]

  25. icon
    Roger Strong (profile), 9 Feb 2017 @ 10:53am

    Re: Re: Travelling to the US, Tip #01: Don't.

    Since then the TSA came up with TSA-Approved locks that they had master keys for. It provided an excellent lesson in government-ordered back doors.

    The TSA released close-up photos of the TSA master keys, in turn published in the Washington Post, letting anyone duplicate them. Those without locksmith skills can download the design for a 3D printer.

    It soon became common for belongings to disappear from "locked" luggage. Meanwhile, TSA agents would still tear apart and destroy luggage...

    Techdirt: TSA Agents Outwitted By Cory Doctorow's Unlocked, 'TSA-Safe' Suitcase

    link to this | view in thread ]

  26. identicon
    Baz, 9 Feb 2017 @ 10:57am

    Two-factor authentication

    For pretty much everything I use, my password is no longer enough to get into my stuff. For ongoing access, they'd need to clone my phone and also bypass fraud prevention on the sites which stops unrecognized devices from using the account.

    So what is the implementation plan here? Asking you to fill a form with usernames and passwords will not work. Clone your phone? Wait while you log into each site and show them what's there?

    link to this | view in thread ]

  27. identicon
    Anonymous Coward, 9 Feb 2017 @ 11:10am

    Re: Two-factor authentication

    The assumption is that they also take your device too. Or force you to disable two-factor while they do their investigation.

    link to this | view in thread ]

  28. identicon
    Anonymous Coward, 9 Feb 2017 @ 11:24am

    Re: Re: Re: How long does that take to do?

    ever heard of att secure rooms?

    link to this | view in thread ]

  29. icon
    sigalrm (profile), 9 Feb 2017 @ 11:36am

    Re: Re: Re: Travelling to the US, Tip #01: Don't.

    I don't lock my luggage anymore, for US domestic travel at least.

    "Sorry officer, no idea what that might be. I didn't put it in there, and I didn't leave it alone until I handed it to the airline agent. How many people did you say handled my bag before you found it?"

    I also don't check anything of any value, but then, I never have.

    link to this | view in thread ]

  30. icon
    sigalrm (profile), 9 Feb 2017 @ 11:37am

    Re: Re: Dear Social Media Platforms:

    No, they shouldn't have access.

    But they're going to. So now's a good time to start planning for it to happen.

    link to this | view in thread ]

  31. identicon
    Anonymous Coward, 9 Feb 2017 @ 11:39am

    Re: facepalm

    More and more evidence points to that, yes.

    link to this | view in thread ]

  32. icon
    sigalrm (profile), 9 Feb 2017 @ 11:45am

    Re: Two-factor authentication

    "So what is the implementation plan here? "

    ICE Agent: "Thank you sir, now please log in and authorize the USG terror-detector app to access your account, Ok, we're good to go. Thank you, and have a nice day."

    link to this | view in thread ]

  33. icon
    sigalrm (profile), 9 Feb 2017 @ 11:51am

    Re: Re:

    I wonder if Facebook allows the use of unprintable characters (like ) in their passwords?

    link to this | view in thread ]

  34. icon
    sigalrm (profile), 9 Feb 2017 @ 11:54am

    Re: Re: Re:

    heh. Like "space".

    link to this | view in thread ]

  35. identicon
    Anonymous Coward, 9 Feb 2017 @ 12:02pm

    Is this shit required for getting out too? :)

    link to this | view in thread ]

  36. identicon
    Anonymous Coward, 9 Feb 2017 @ 12:04pm

    I'm certain this will work...

    ...because every actual terrorist -- who is willing to shoot people or blow them up or stab them or set them on fire -- will be perfectly honest when dealing with DHS personnel.

    link to this | view in thread ]

  37. identicon
    Anonymous Coward, 9 Feb 2017 @ 12:07pm

    So when foreigners traveling to the US all cancel their social media accounts, can Facebook sue the US government under Corporate Sovereignty laws?

    link to this | view in thread ]

  38. identicon
    Anonymous Coward, 9 Feb 2017 @ 12:46pm

    Re: Re: Fair's fair

    To be fair, Sean Spicer has done that three or four times already.

    link to this | view in thread ]

  39. icon
    Roger Strong (profile), 9 Feb 2017 @ 1:29pm

    Re:

    Americans need a passport when they cross into Canada. Not because Canada requires it, but because the US requires it for them to return. The US now has agreements with Canada and other countries whereby if an American travels from there to a 3rd country, the US is notified.

    The US already requires foreigners - and returning Americans - to allow their cell phones to be imaged at the border if requested.

    So. If the US makes password demands, cell phone scans and social media scans mandatory for foreigners entering the country, the best bet is that it would do the same for returning Americans. And it would sign agreements with other countries to do the same to Americans at their borders, with the information returned to the US government.

    link to this | view in thread ]

  40. identicon
    Kronomex, 9 Feb 2017 @ 3:06pm

    What happens to people, like myself, who don't use any social media at all? Do we become a threat because of that? What secrets are we could be potentially hiding?

    This is utter insanity.

    link to this | view in thread ]

  41. icon
    That One Guy (profile), 9 Feb 2017 @ 3:39pm

    Re:

    They say 'I don't believe you, hand over your passwords or you're not getting in' and deny you entry into the country. Have fun finding a flight back on the spot.

    link to this | view in thread ]

  42. identicon
    Anonymous Coward, 9 Feb 2017 @ 5:01pm

    Re:

    Alternative government

    link to this | view in thread ]

  43. identicon
    Anonymous Coward, 9 Feb 2017 @ 5:02pm

    Re: facepalm

    Well, only a few of them are completely insane while many more are borderline.

    link to this | view in thread ]

  44. identicon
    Anonymous Coward, 9 Feb 2017 @ 5:26pm

    Re:

    Unless of course that is intentional. They're going to deny all foreigners entry because the foreigners committed a felony offence and hence have a criminal record.

    link to this | view in thread ]

  45. icon
    Dr. David T. Macknet (profile), 9 Feb 2017 @ 7:07pm

    Re: Dear Social Media Platforms:

    The point of a duress password is to protect your data and to provide deniability. Allowing the "required" access defeats the point.

    link to this | view in thread ]

  46. identicon
    Anonymous Coward, 10 Feb 2017 @ 12:32am

    Sounds remarkably like he just told them what they wanted to hear to get them off the topic. How many other presidents keep those types of promises? Not many you say? Let me know when your pet-peeve actually *does* something with regard to this. Everything else is speculation (and you know it).

    link to this | view in thread ]

  47. identicon
    Anonymous Coward, 10 Feb 2017 @ 1:02am

    Re:

    Fascism is the victory of instinct over reason. Animal over man.

    link to this | view in thread ]

  48. icon
    PaulT (profile), 10 Feb 2017 @ 1:25am

    Re:

    That would be hilarious!

    Sadly, what will actually happen is that a handful of people decide not to travel to the US at all, a majority will sheepishly agree to hand over their details, and the actual terrorists make innocent dummy accounts while plotting elsewhere.

    link to this | view in thread ]

  49. identicon
    Wendy Cockcroft, 10 Feb 2017 @ 6:14am

    Re:

    I won't be setting foot in the USA for the foreseeable future. I take my holidays right here in the UK and have a fine old time. Last year we went to the Isle of Man (there's more to see and do there so we will be going back); we're going to Edinburgh this year. We've got to do York at some point...

    Yet the US tourist industry is placing ads on UK TV inviting us to come and see the wonders of California, Florida, etc. I'd love to visit those places — gotta see the Grand Canyon for myself — but not while this horrible situation continues.

    The thing is, Trump's base isn't urban or in touristy areas, it's in Flyover Country. If the cities and resorts lose business, it's no skin off their noses. I doubt that a drop in overseas visitor revenues will force a change in policy. :/

    link to this | view in thread ]

  50. identicon
    Wendy Cockcroft, 10 Feb 2017 @ 6:16am

    Re:

    Facebook is like Hotel California: you can check out any time but you can never leave.

    link to this | view in thread ]

  51. identicon
    Anonymous Coward, 10 Feb 2017 @ 8:37am

    Re: Re: Re: Travelling to the US, Tip #01: Don't.

    It soon became common for belongings to disappear from "locked" luggage. Meanwhile, TSA agents would still tear apart and destroy luggage...

    Strangely, the fix for that is to pack a gun: https://lifehacker.com/5448014/pack-a-gun-to-protect-valuables-from-airline-theft-or-loss

    link to this | view in thread ]

  52. icon
    sorrykb (profile), 10 Feb 2017 @ 9:36am

    Re: Re: Re: Dear Social Media Platforms:

    Better just to implement a "dummy data" password for your devices, something that appears to unlock it and opens to a useless collection of games, cat pictures, a few innocuous phone contacts, and a fake calendar or such.

    link to this | view in thread ]

  53. identicon
    furrykef, 10 Feb 2017 @ 2:19pm

    The link in the article for "mind if they look around the car a little bit" is broken. Specifically, it got pasted twice.

    link to this | view in thread ]

  54. icon
    Toestubber (profile), 10 Feb 2017 @ 3:07pm

    Re:

    Who told who what about what? I have no idea what you are trying to convey.

    link to this | view in thread ]

  55. identicon
    Lawrence D’Oliveiro, 10 Feb 2017 @ 7:05pm

    There May Be Ways ...

    link to this | view in thread ]

  56. identicon
    Anonymous Coward, 11 Feb 2017 @ 2:56pm

    Nice Police State.

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.