DHS Secretary Says Agency Is Planning On Demanding Foreigners' Social Media Account Passwords

from the processing-the-fuck-out-of-immigrants-and-visitors dept

Last summer, the DHS started asking visitors to the US to supply their social media handles. It was all on a strictly voluntary basis, of course. But that doesn't mean some immigrants and visa seekers didn't do exactly as they were asked, either due to a language barrier or figuring that turning down this request might harm their chances of entering the country.

Six months later, the DHS made it more official, unofficially. An "optional" section in the DHS's online visa application process asked for account info for multiple social media platforms, including (strangely) Github and JustPasteIt. Again, officials assured everyone this was optional and the information was to be used to assess the threat levels of incoming foreigners. Again, the DHS probably harvested a fair amount of information despite the optional nature of the request. Like any cop asking if you'd "mind if they look around the car a little bit," the request carried unspoken threats that things might be a bit more difficult if the request was denied.

Now, news comes that the DHS is planning on going even further. Say goodbye to optional social media account disclosure. The DHS wants to be inside travelers' [social media accounts], according to this report from Federal Computer Week.

John Kelly, the new secretary of the Department of Homeland Security, testified that foreign travelers coming to the United States could be required to give up social media passwords to border officials as a condition of entry.

"We want to say, for instance, which websites do you visit, and give us your passwords, so we can see what they do on the internet," he said at a Feb. 7 House Homeland Security hearing, his first congressional hearing since his Senate confirmation. "If they don't want to give us that information, they don't come in."

Thanks, Trump. Kelly noted that the recent, not-even-fully-legal-yet travel ban has given the DHS the perfect excuse to start behaving in a more totalitarian fashion.

[H]e added that President Donald Trump's freeze on entry to the U.S. by citizens of seven countries, "is giving us an opportunity… to get more serious than we have been about how we look at people coming into the United States."

Perhaps this will be deployed the way the DHS's other attempts to peer into travelers' social media accounts has: to make it "optional," with the implicit threat that rejecting the agency's advances will result in zero forward progress beyond the nation's borders.

DHS Secretary Kelly isn't much for implicit threats. He prefers his threats (at least those he makes) to be explicit.

[I]f they truly want to come into America, then they'll cooperate. If not, you know, next in line.

Kelly also shouldered some of the blame for the disastrous travel ban roll out. In a too little, far too late mea culpa, Kelly suggested it might have been better to consult with Congress first. Kelly did not offer further details as to whether this would have just been a token gesture or whether the administration could have been talked out of the unpopular, possibly-illegal travel ban by legislators.

Fifteen years ago, a terrorist attack was exploited to expand government power -- especially in the intelligence and law enforcement arenas. Fifteen years later, fear-mongering politicians and officials are still dining out on that attack, selling fear and buying government power real estate while using War on Terror eminent domain "orders" to carve holes in civil liberties. The Trump Administration has already made it clear it won't extend any of our rights to citizens of other nations. The president's new DHS head is right on top of ensuring visitors and immigrants are welcomed with maximum intrusiveness.


Reader Comments

The First Word

Subscribe: RSS

View by: Time | Thread


  • icon
    That One Guy (profile), 9 Feb 2017 @ 7:26am

    Travelling to the US, Tip #01: Don't.

    As if people really needed another reason to never visit the US if it can at all be avoided.

    Look at pictures of the scenery, monuments and parks online, contact people via email, phone or even gorram snail mail, but never, ever come to the country in person if it's even remotely possible to avoid doing so.

    reply to this | link to this | view in chronology ]

    • identicon
      Cowardly Lion, 9 Feb 2017 @ 10:11am

      Re: Travelling to the US, Tip #01: Don't.

      I was in the States in December 2002, and the news on the telly there was that air travellers shouldn't lock their luggage so that the TSA could open it up and inspect it. They had a mouthpiece saying "security", and "terror", and that the TSA were free to force locks open if they wanted to. The TSA. Airport "security". Some of the biggest tea-leafs on the planet, contemptuous of other human beings. With a license to rummage through women's underwear...

      So because of that, and the groping, I haven't been back since. And that's a shame, because I used to like the place...

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 9 Feb 2017 @ 8:48am

    I don't understand how this is enforceable.

    "Give us your facebook password."
    "What's facing-book?"
    "We looked up your name on facebook and found this account right here"
    "That's not mine."

    What are they going to do? Just assume you're lying and deny you entry? Now having social media accounts is also a requirement for entry into the united states?

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 9 Feb 2017 @ 9:02am

      Re:

      Imagine the fun if, like me, you use a password manager. Here you go,

      *4ecD$#hcBf@~eld,(MF@^tq[$94Dp

      And, as we all know, the favorite Twitter handle for these people is @RadicalMuslimTerrorist.

      But in the .gov defense, which I've worked in, and despite this being an incredibly stupid policy, every so often you find someone who goes full-retard on social-media under their real name. It really does happen.

      reply to this | link to this | view in chronology ]

    • icon
      Toestubber (profile), 9 Feb 2017 @ 9:08am

      Re:

      It doesn't have to make sense. In fact, it's better for the authorities if their requirements are illogical. Like all border harrassment, this shit is completely subjective, and ambiguous "rules" only cause the traveler to be the one who suffers. He/she is already presumed guilty.

      reply to this | link to this | view in chronology ]

    • icon
      Geno0wl (profile), 9 Feb 2017 @ 9:08am

      How long does that take to do?

      Can they check all of them? How long would that even take? Does a person specialized in doing this check these accounts or some robot? How do you check some of these if you can't speak/read a foreign language?

      Tumblr? Whatsapp? Snapchat? Twitter? Instagram? Viber? Sina Weibo? QQ? QZone? Line? Facebook? Google+?

      Now not to mention it is only too long before they try to expand what defines a "social media" website.

      Youtube? Pinterest? Flickr? LinkedIn? Kik? Tinder? Skype? Any other Dating website.

      The rabbit hole is endless, ever changing, and they will only keep moving the goal posts as far they think they can to get access to more and more.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 9 Feb 2017 @ 9:27am

        Re: How long does that take to do?

        How do you check some of these if you can't speak/read a foreign language?

        That part's easy. Feed it to Google Translate. If it doesn't come back looking squeaky clean, assume it's bad and treat them like they refused to give you the password at all.

        As an optional shortcut, if it's Arabic, don't even bother with Google Translate and skip straight to assuming it's bad. After all, terrorists speak Arabic.

        reply to this | link to this | view in chronology ]

  • identicon
    Baron von Robber, 9 Feb 2017 @ 8:59am

    For pushing a smaller government, it sure is getting bigger (along with the federal deficit to follow).

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 9 Feb 2017 @ 8:59am

    Fair's fair

    America leads by example. I think other countries should follow by also asking for social media account names and passwords, but just from Americans, especially politicians.

    reply to this | link to this | view in chronology ]

  • icon
    sigalrm (profile), 9 Feb 2017 @ 9:04am

    Dear Social Media Platforms:

    Time to Implement a "Read Only" duress password, that will allow the required access _but not_ allow posting, binding of applications and services, etc to the account.

    Think of it as a Valet Key for your social media account.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 9 Feb 2017 @ 9:11am

      Re: Dear Social Media Platforms:

      No, this is a terrible idea. The point is that they should not have access to private accounts, and be able to snoop through messaging history, etc, period.

      If you give them this kind of concession, they'll only come back demanding more.

      reply to this | link to this | view in chronology ]

      • icon
        sigalrm (profile), 9 Feb 2017 @ 11:37am

        Re: Re: Dear Social Media Platforms:

        No, they shouldn't have access.

        But they're going to. So now's a good time to start planning for it to happen.

        reply to this | link to this | view in chronology ]

        • icon
          sorrykb (profile), 10 Feb 2017 @ 9:36am

          Re: Re: Re: Dear Social Media Platforms:

          Better just to implement a "dummy data" password for your devices, something that appears to unlock it and opens to a useless collection of games, cat pictures, a few innocuous phone contacts, and a fake calendar or such.

          reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 9 Feb 2017 @ 9:23am

      Re: Dear Social Media Platforms:

      It would have to be a key to a separate dummy account.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 9 Feb 2017 @ 10:34am

      Re: Dear Social Media Platforms:

      Giving that "valet" password to DHS I'm sure would get you permanently banned.

      reply to this | link to this | view in chronology ]

    • icon
      Dr. David T. Macknet (profile), 9 Feb 2017 @ 7:07pm

      Re: Dear Social Media Platforms:

      The point of a duress password is to protect your data and to provide deniability. Allowing the "required" access defeats the point.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 9 Feb 2017 @ 9:10am

    Easy path to arresting people

    This feels less like they want access to social accounts for security purposes and more of an easy avenue to make an arrestable offense.

    Obstruction of justice, lying to a federal official, whatever they want. All they have to do is find a single social account you did not tell them about (sign up for that Github account five years ago and never use it? You better remember that login details) and you will be loaded with charges against you.

    99% of folks they likely will never ask this information. But the few who do? Makes it really easy for them to either deny entry or arrest them.

    I am curious on the legal boundaries of this. For example - if you manage the social accounts for your business, can they demand your passwords for that too?
    If you manage your passwords using a password manager, can they demand access to that password manager? If they can, does that then allow them access to all of the logins stored on that manager?
    If you store your logins on your phone, do they now have full access to your phone unencrypted?
    If they find something critical of America but still protected by the 1st amendment, if they deny you entry because of that is that illegal?
    How does this work with accounts held by minors?
    If you delete the social media app from your phone so they can't get access through your phone, but do provide them the login details, is that obstruction by making it more difficult for them to view your details?
    If you use your social accounts to login to other services, do they then get access to those other services?
    If an account was set up for you (think the parents who make a Facebook account for their child before they become of age to manage one on their own), and you have no access to that account at all, are you still responsible for those details?

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 9 Feb 2017 @ 9:11am

    Are they trying to discourage all forms of immigration and travel?

    reply to this | link to this | view in chronology ]

    • identicon
      Wendy Cockcroft, 10 Feb 2017 @ 6:14am

      Re:

      I won't be setting foot in the USA for the foreseeable future. I take my holidays right here in the UK and have a fine old time. Last year we went to the Isle of Man (there's more to see and do there so we will be going back); we're going to Edinburgh this year. We've got to do York at some point...

      Yet the US tourist industry is placing ads on UK TV inviting us to come and see the wonders of California, Florida, etc. I'd love to visit those places — gotta see the Grand Canyon for myself — but not while this horrible situation continues.

      The thing is, Trump's base isn't urban or in touristy areas, it's in Flyover Country. If the cities and resorts lose business, it's no skin off their noses. I doubt that a drop in overseas visitor revenues will force a change in policy. :/

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 9 Feb 2017 @ 9:18am

    Isn't the sharing of passwords a violation of every website's Terms of Service? And isn't that (at least in the eyes of the DOJ) a violation of CFAA, and a felony? So every non-citizen who visits the USA will be required to commit a felony before they will be admitted?

    The CFAA doesn't seem to grant an exemption for this kind of activity, so any government agent who logs in to another person's account violates that website's TOS, and they also commit a felony? Wonderful.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 9 Feb 2017 @ 9:39am

      Re:

      You know that's true and if argued effectively could get the whole thing stricken.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 9 Feb 2017 @ 5:26pm

      Re:

      Unless of course that is intentional. They're going to deny all foreigners entry because the foreigners committed a felony offence and hence have a criminal record.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 9 Feb 2017 @ 9:18am

    Sharing your credentials is a terms of service violation with Facebook and Twitter. Doing so could open you up to prosecution under the CFAA. The government should not be able to demand you commit a crime.

    Twitter and Facebook should alter their terms of service to make the government's use of credentials obtained through coercion (and without a warrant) a TOS violation. They should also start blacklisting blocks of IPs known to be used by government agencies.

    reply to this | link to this | view in chronology ]

  • icon
    Roger Strong (profile), 9 Feb 2017 @ 9:41am

    Did Facebook just unofficially become mandatory for visitors?

    I don't have Facebook or Twitter accounts. If I were a teen or young adult, would they believe me? Or would they accuse me of lying and ban me from entering?

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 9 Feb 2017 @ 10:20am

    facepalm

    Has the US government gone completely bonkers?

    reply to this | link to this | view in chronology ]

  • identicon
    Baz, 9 Feb 2017 @ 10:57am

    Two-factor authentication

    For pretty much everything I use, my password is no longer enough to get into my stuff. For ongoing access, they'd need to clone my phone and also bypass fraud prevention on the sites which stops unrecognized devices from using the account.

    So what is the implementation plan here? Asking you to fill a form with usernames and passwords will not work. Clone your phone? Wait while you log into each site and show them what's there?

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 9 Feb 2017 @ 11:10am

      Re: Two-factor authentication

      The assumption is that they also take your device too. Or force you to disable two-factor while they do their investigation.

      reply to this | link to this | view in chronology ]

    • icon
      sigalrm (profile), 9 Feb 2017 @ 11:45am

      Re: Two-factor authentication

      "So what is the implementation plan here? "

      ICE Agent: "Thank you sir, now please log in and authorize the USG terror-detector app to access your account, Ok, we're good to go. Thank you, and have a nice day."

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 9 Feb 2017 @ 12:02pm

    Is this shit required for getting out too? :)

    reply to this | link to this | view in chronology ]

    • icon
      Roger Strong (profile), 9 Feb 2017 @ 1:29pm

      Re:

      Americans need a passport when they cross into Canada. Not because Canada requires it, but because the US requires it for them to return. The US now has agreements with Canada and other countries whereby if an American travels from there to a 3rd country, the US is notified.

      The US already requires foreigners - and returning Americans - to allow their cell phones to be imaged at the border if requested.

      So. If the US makes password demands, cell phone scans and social media scans mandatory for foreigners entering the country, the best bet is that it would do the same for returning Americans. And it would sign agreements with other countries to do the same to Americans at their borders, with the information returned to the US government.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 9 Feb 2017 @ 12:04pm

    I'm certain this will work...

    ...because every actual terrorist -- who is willing to shoot people or blow them up or stab them or set them on fire -- will be perfectly honest when dealing with DHS personnel.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 9 Feb 2017 @ 12:07pm

    So when foreigners traveling to the US all cancel their social media accounts, can Facebook sue the US government under Corporate Sovereignty laws?

    reply to this | link to this | view in chronology ]

    • icon
      PaulT (profile), 10 Feb 2017 @ 1:25am

      Re:

      That would be hilarious!

      Sadly, what will actually happen is that a handful of people decide not to travel to the US at all, a majority will sheepishly agree to hand over their details, and the actual terrorists make innocent dummy accounts while plotting elsewhere.

      reply to this | link to this | view in chronology ]

    • identicon
      Wendy Cockcroft, 10 Feb 2017 @ 6:16am

      Re:

      Facebook is like Hotel California: you can check out any time but you can never leave.

      reply to this | link to this | view in chronology ]

  • identicon
    Kronomex, 9 Feb 2017 @ 3:06pm

    What happens to people, like myself, who don't use any social media at all? Do we become a threat because of that? What secrets are we could be potentially hiding?

    This is utter insanity.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 10 Feb 2017 @ 12:32am

    Sounds remarkably like he just told them what they wanted to hear to get them off the topic. How many other presidents keep those types of promises? Not many you say? Let me know when your pet-peeve actually *does* something with regard to this. Everything else is speculation (and you know it).

    reply to this | link to this | view in chronology ]

  • identicon
    furrykef, 10 Feb 2017 @ 2:19pm

    The link in the article for "mind if they look around the car a little bit" is broken. Specifically, it got pasted twice.

    reply to this | link to this | view in chronology ]

  • identicon
    Lawrence D’Oliveiro, 10 Feb 2017 @ 7:05pm

    There May Be Ways ...

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 11 Feb 2017 @ 2:56pm

    Nice Police State.

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Shop Now: I Invented Email
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.