DHS Secretary Says Agency Is Planning On Demanding Foreigners' Social Media Account Passwords

from the processing-the-fuck-out-of-immigrants-and-visitors dept

Last summer, the DHS started asking visitors to the US to supply their social media handles. It was all on a strictly voluntary basis, of course. But that doesn’t mean some immigrants and visa seekers didn’t do exactly as they were asked, either due to a language barrier or figuring that turning down this request might harm their chances of entering the country.

Six months later, the DHS made it more official, unofficially. An “optional” section in the DHS’s online visa application process asked for account info for multiple social media platforms, including (strangely) Github and JustPasteIt. Again, officials assured everyone this was optional and the information was to be used to assess the threat levels of incoming foreigners. Again, the DHS probably harvested a fair amount of information despite the optional nature of the request. Like any cop asking if you’d “mind if they look around the car a little bit,” the request carried unspoken threats that things might be a bit more difficult if the request was denied.

Now, news comes that the DHS is planning on going even further. Say goodbye to optional social media account disclosure. The DHS wants to be inside travelers’ [social media accounts], according to this report from Federal Computer Week.

John Kelly, the new secretary of the Department of Homeland Security, testified that foreign travelers coming to the United States could be required to give up social media passwords to border officials as a condition of entry.

“We want to say, for instance, which websites do you visit, and give us your passwords, so we can see what they do on the internet,” he said at a Feb. 7 House Homeland Security hearing, his first congressional hearing since his Senate confirmation. “If they don’t want to give us that information, they don’t come in.”

Thanks, Trump. Kelly noted that the recent, not-even-fully-legal-yet travel ban has given the DHS the perfect excuse to start behaving in a more totalitarian fashion.

[H]e added that President Donald Trump’s freeze on entry to the U.S. by citizens of seven countries, “is giving us an opportunity… to get more serious than we have been about how we look at people coming into the United States.”

Perhaps this will be deployed the way the DHS’s other attempts to peer into travelers’ social media accounts has: to make it “optional,” with the implicit threat that rejecting the agency’s advances will result in zero forward progress beyond the nation’s borders.

DHS Secretary Kelly isn’t much for implicit threats. He prefers his threats (at least those he makes) to be explicit.

[I]f they truly want to come into America, then they’ll cooperate. If not, you know, next in line.

Kelly also shouldered some of the blame for the disastrous travel ban roll out. In a too little, far too late mea culpa, Kelly suggested it might have been better to consult with Congress first. Kelly did not offer further details as to whether this would have just been a token gesture or whether the administration could have been talked out of the unpopular, possibly-illegal travel ban by legislators.

Fifteen years ago, a terrorist attack was exploited to expand government power — especially in the intelligence and law enforcement arenas. Fifteen years later, fear-mongering politicians and officials are still dining out on that attack, selling fear and buying government power real estate while using War on Terror eminent domain “orders” to carve holes in civil liberties. The Trump Administration has already made it clear it won’t extend any of our rights to citizens of other nations. The president’s new DHS head is right on top of ensuring visitors and immigrants are welcomed with maximum intrusiveness.

Filed Under: , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “DHS Secretary Says Agency Is Planning On Demanding Foreigners' Social Media Account Passwords”

Subscribe: RSS Leave a comment
That One Guy (profile) says:

Travelling to the US, Tip #01: Don't.

As if people really needed another reason to never visit the US if it can at all be avoided.

Look at pictures of the scenery, monuments and parks online, contact people via email, phone or even gorram snail mail, but never, ever come to the country in person if it’s even remotely possible to avoid doing so.

Cowardly Lion says:

Re: Travelling to the US, Tip #01: Don't.

I was in the States in December 2002, and the news on the telly there was that air travellers shouldn’t lock their luggage so that the TSA could open it up and inspect it. They had a mouthpiece saying “security”, and “terror”, and that the TSA were free to force locks open if they wanted to. The TSA. Airport “security”. Some of the biggest tea-leafs on the planet, contemptuous of other human beings. With a license to rummage through women’s underwear…

So because of that, and the groping, I haven’t been back since. And that’s a shame, because I used to like the place…

Roger Strong (profile) says:

Re: Re: Travelling to the US, Tip #01: Don't.

Since then the TSA came up with TSA-Approved locks that they had master keys for. It provided an excellent lesson in government-ordered back doors.

The TSA released close-up photos of the TSA master keys, in turn published in the Washington Post, letting anyone duplicate them. Those without locksmith skills can download the design for a 3D printer.

It soon became common for belongings to disappear from "locked" luggage. Meanwhile, TSA agents would still tear apart and destroy luggage…

Techdirt: TSA Agents Outwitted By Cory Doctorow’s Unlocked, ‘TSA-Safe’ Suitcase

sigalrm (profile) says:

Re: Re: Re: Travelling to the US, Tip #01: Don't.

I don’t lock my luggage anymore, for US domestic travel at least.

“Sorry officer, no idea what that might be. I didn’t put it in there, and I didn’t leave it alone until I handed it to the airline agent. How many people did you say handled my bag before you found it?”

I also don’t check anything of any value, but then, I never have.

Anonymous Coward says:

I don’t understand how this is enforceable.

“Give us your facebook password.”
“What’s facing-book?”
“We looked up your name on facebook and found this account right here”
“That’s not mine.”

What are they going to do? Just assume you’re lying and deny you entry? Now having social media accounts is also a requirement for entry into the united states?

Anonymous Coward says:

Re: Re:

Imagine the fun if, like me, you use a password manager. Here you go,


And, as we all know, the favorite Twitter handle for these people is @RadicalMuslimTerrorist.

But in the .gov defense, which I’ve worked in, and despite this being an incredibly stupid policy, every so often you find someone who goes full-retard on social-media under their real name. It really does happen.

Geno0wl (profile) says:

Re: How long does that take to do?

Can they check all of them? How long would that even take? Does a person specialized in doing this check these accounts or some robot? How do you check some of these if you can’t speak/read a foreign language?

Tumblr? Whatsapp? Snapchat? Twitter? Instagram? Viber? Sina Weibo? QQ? QZone? Line? Facebook? Google+?

Now not to mention it is only too long before they try to expand what defines a “social media” website.

Youtube? Pinterest? Flickr? LinkedIn? Kik? Tinder? Skype? Any other Dating website.

The rabbit hole is endless, ever changing, and they will only keep moving the goal posts as far they think they can to get access to more and more.

Anonymous Coward says:

Re: Re: How long does that take to do?

How do you check some of these if you can’t speak/read a foreign language?

That part’s easy. Feed it to Google Translate. If it doesn’t come back looking squeaky clean, assume it’s bad and treat them like they refused to give you the password at all.

As an optional shortcut, if it’s Arabic, don’t even bother with Google Translate and skip straight to assuming it’s bad. After all, terrorists speak Arabic.

Anonymous Coward says:

Easy path to arresting people

This feels less like they want access to social accounts for security purposes and more of an easy avenue to make an arrestable offense.

Obstruction of justice, lying to a federal official, whatever they want. All they have to do is find a single social account you did not tell them about (sign up for that Github account five years ago and never use it? You better remember that login details) and you will be loaded with charges against you.

99% of folks they likely will never ask this information. But the few who do? Makes it really easy for them to either deny entry or arrest them.

I am curious on the legal boundaries of this. For example – if you manage the social accounts for your business, can they demand your passwords for that too?
If you manage your passwords using a password manager, can they demand access to that password manager? If they can, does that then allow them access to all of the logins stored on that manager?
If you store your logins on your phone, do they now have full access to your phone unencrypted?
If they find something critical of America but still protected by the 1st amendment, if they deny you entry because of that is that illegal?
How does this work with accounts held by minors?
If you delete the social media app from your phone so they can’t get access through your phone, but do provide them the login details, is that obstruction by making it more difficult for them to view your details?
If you use your social accounts to login to other services, do they then get access to those other services?
If an account was set up for you (think the parents who make a Facebook account for their child before they become of age to manage one on their own), and you have no access to that account at all, are you still responsible for those details?

Wendy Cockcroft (user link) says:

Re: Re:

I won’t be setting foot in the USA for the foreseeable future. I take my holidays right here in the UK and have a fine old time. Last year we went to the Isle of Man (there’s more to see and do there so we will be going back); we’re going to Edinburgh this year. We’ve got to do York at some point…

Yet the US tourist industry is placing ads on UK TV inviting us to come and see the wonders of California, Florida, etc. I’d love to visit those places — gotta see the Grand Canyon for myself — but not while this horrible situation continues.

The thing is, Trump’s base isn’t urban or in touristy areas, it’s in Flyover Country. If the cities and resorts lose business, it’s no skin off their noses. I doubt that a drop in overseas visitor revenues will force a change in policy. :/

Anonymous Coward says:

Isn’t the sharing of passwords a violation of every website’s Terms of Service? And isn’t that (at least in the eyes of the DOJ) a violation of CFAA, and a felony? So every non-citizen who visits the USA will be required to commit a felony before they will be admitted?

The CFAA doesn’t seem to grant an exemption for this kind of activity, so any government agent who logs in to another person’s account violates that website’s TOS, and they also commit a felony? Wonderful.

Anonymous Coward says:

Sharing your credentials is a terms of service violation with Facebook and Twitter. Doing so could open you up to prosecution under the CFAA. The government should not be able to demand you commit a crime.

Twitter and Facebook should alter their terms of service to make the government’s use of credentials obtained through coercion (and without a warrant) a TOS violation. They should also start blacklisting blocks of IPs known to be used by government agencies.

Baz says:

Two-factor authentication

For pretty much everything I use, my password is no longer enough to get into my stuff. For ongoing access, they’d need to clone my phone and also bypass fraud prevention on the sites which stops unrecognized devices from using the account.

So what is the implementation plan here? Asking you to fill a form with usernames and passwords will not work. Clone your phone? Wait while you log into each site and show them what’s there?

Roger Strong (profile) says:

Re: Re:

Americans need a passport when they cross into Canada. Not because Canada requires it, but because the US requires it for them to return. The US now has agreements with Canada and other countries whereby if an American travels from there to a 3rd country, the US is notified.

The US already requires foreigners – and returning Americans – to allow their cell phones to be imaged at the border if requested.

So. If the US makes password demands, cell phone scans and social media scans mandatory for foreigners entering the country, the best bet is that it would do the same for returning Americans. And it would sign agreements with other countries to do the same to Americans at their borders, with the information returned to the US government.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...