Coalition Slams DHS Plans To Demand Social Media Passwords

from the isn't-that-a-cfaa-violation? dept

Starting last summer, we noted that the Department of Homeland Security had quietly tested the waters to expand the information it requested of travelers entering the United States, to "optionally" include social media handles. By December it was officially in place. And then, just days into the new administration, the idea was floated to expand this program even further to demand passwords to social media accounts.

In other words: that escalated quickly. We went from "hey, maybe we could ask people to volunteer what their social media profiles are" to "hey, let's demand all social media accounts, including passwords" in, like, six months.

In response, a ton of human rights and civil liberties organizations have posted an open letter condemning this dangerous plan.

This proposal would enable border officials to invade people’s privacy by examining years of private emails, texts, and messages. It would expose travelers and everyone in their social networks, including potentially millions of U.S. citizens, to excessive, unjustified scrutiny. And it would discourage people from using online services or taking their devices with them while traveling, and would discourage travel for business, tourism, and journalism.

Demands from U.S. border officials for passwords to social media accounts will also set a precedent that may ultimately affect all travelers around the world. This demand is likely to be mirrored by foreign governments, which will demand passwords from U.S. citizens when they seek entry to foreign countries. This would compromise U.S. economic security, cybersecurity, and national security, as well as damage the U.S.’s relationships with foreign governments and their citizenry.

Policies to demand passwords as a condition of travel, as well as more general efforts to force individuals to disclose their online activity, including potentially years’ worth of private and public communications, create an intense chilling effect on individuals. Freedom of expression and press rights, access to information, rights of association, and religious liberty are all put at risk by these policies.

The first rule of online security is simple: Do not share your passwords. No government agency should undermine security, privacy, and other rights with a blanket policy of demanding passwords from individuals.

There are lots of reasons why the proposal is bad -- but the security one is probably the biggest. People should never share passwords with anyone, but most especially foreign governments who have no interest in protecting them. And the letter is accurate that this will just encourage other countries to do this back to Americans (and others) and create a massive security nightmare. And that doesn't even touch on the chilling effects created by such promised surveillance.

Of course, one hopes that this kind of insane policy will get people to recognize that passwords suck as a security system. At the very least, it should encourage people to use multifactor authentication that can't just be handed over to some random border control person demanding your passwords. But that's no excuse for DHS going down this path in the first place. It's a bad proposal that won't help DHS protect us, but will cause tremendous harm and create serious security problems.


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 22 Feb 2017 @ 4:55pm

    *motions DHS around the corner to the back door*

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 22 Feb 2017 @ 5:11pm

    So, in order to obtain legal entry one needs to commit a felony - got it.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 22 Feb 2017 @ 8:03pm

      Re:

      If it comes to that, you could simply wipe any evidence that you gave a foreign Customs agent your passwords.

      Just killdisk your PCs/laptops and factory reset your phones before coming back to the United States. Any evidence you let Customs in a foreign country access your accounts will be gone. US Customs will never have any clue of what you did.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 22 Feb 2017 @ 8:46pm

      Re:

      It is not a felony, yet, to give out your passwords, though they have tried to change the CFAA to make it that way

      reply to this | link to this | view in chronology ]

      • icon
        That One Guy (profile), 23 Feb 2017 @ 3:38am

        "Left Hand, could you at least send a LETTER to Right Hand every so often?!"

        So you've got one part of the government trying to make handing out passwords a felony, and another part talking about requiring those that wish to enter the country... hand over their passwords.

        Brilliant.

        reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 23 Feb 2017 @ 5:07am

        Re: Re:

        There may be no law explicitly stating such ... however there is precedence.

        reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 23 Feb 2017 @ 8:29am

        Re: Re:

        I believe most T&A require you to not share your passwords (maybe the phrase "[company employees] will never ask you for your account information online" rings a bell).

        Failing that, the CFAA criminalizes unauthorized access- which, unless you grant written permission, it would be trivial to argue that doing anything with said passwords would be unauthorized access.

        But honestly, the commit-a-felony-to-gain-ingress part is probably intentional. Commit crimes for the group so you'll be less likely to turn away from the group.

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 23 Feb 2017 @ 9:14am

          Re: Re: Re:

          However, any evidence could be wiped out, like I said. You could simply have Customs, in the country you want to enter, use your laptop, to search through Facebook, or whatever, using a VPN to hide what is going on, and then wipe the evidence from your hard disk using a secure wiping utility, such as KillDisk, before re-entering the United States.

          Wiping the disk for this reason is not currently against the laws in the United States, though there have been calls to ban products like KillDisk or the former Evidence Eliminator.

          reply to this | link to this | view in chronology ]

          • icon
            Bergman (profile), 26 Feb 2017 @ 1:29pm

            Re: Re: Re: Re:

            Yeah, but doing that is ALSO a felony -- one carrying a 20 year prison sentence.

            The government doesn't need to prove that you actually destroyed evidence of a crime, only prove that you destroyed what could be evidence, even if you didn't believe it was.

            reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 22 Feb 2017 @ 5:54pm

    "one hopes that this kind of insane policy will get people to recognize that passwords suck as a security system. At the very least, it should encourage people to use multifactor authentication"

    while I understand your point and where you're coming from I can't help but think the grinding wheels of bureaucracy would just require the multi-factor authentication code as "part of" the account password

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 22 Feb 2017 @ 6:33pm

      Re:

      That clearly wouldn't work since it changes literally every time you login.

      reply to this | link to this | view in chronology ]

      • icon
        Bergman (profile), 26 Feb 2017 @ 1:32pm

        Re: Re:

        So instead of just seizing your laptop, they'll seize your key ring (and all the electronic keys attached to it) just to be sure. If your phone is where the code generating app lives, they'll take that too.

        If you use a third party to generate the codes in the cloud, they'll take that password as well. If you leave your ability to generate codes at home...why are you traveling with a device you cannot unlock, again?

        reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 22 Feb 2017 @ 7:57pm

    Like I have said before, you give CBP a "dummy" account and hide your real account.

    And you do not given them ALL of your acounts. Just give one or two, and leave the rest OFF your Customs declaration form.

    Problem solved

    reply to this | link to this | view in chronology ]

    • identicon
      Vel the Engimatic, 22 Feb 2017 @ 8:13pm

      Re:

      You do realize they will probably check for what all your social media accounts are based on your email, right?

      Most people use the same email for all those accounts.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 22 Feb 2017 @ 8:18pm

        Re: Re:

        You just give CBP/DHS a "dummy" Email address as well,

        reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 22 Feb 2017 @ 8:21pm

        Re: Re:

        For the ones you DO give to DHS/CBP, you just change the Email over to a "dummy" Email account. Just temporarily change the Email account to a diferent Email address to throw them off the trail.

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 22 Feb 2017 @ 11:33pm

          Re: Re: Re:

          Your are being just clever enough to be caught trying to fool them when you devices gives them you other email account, or when they request Internet history from your phone provider. Hint, reset and freshly installed devices give them a clue that you may be trying to hide something.

          reply to this | link to this | view in chronology ]

          • identicon
            Anonymous Coward, 23 Feb 2017 @ 12:30am

            Re: Re: Re: Re:

            Your devices will not give then your other Email accounts if you do factory reset and wipe the phone before going through Customs.

            Wiping your phone before going through Customs is highly recommended and very wise. When I go on road trips all over North America, I always wipe my phone with factory reset before crossing the border into either Canada or the United States.

            Wiping your phone before going through Customs does not violate either Canadian or American law.

            reply to this | link to this | view in chronology ]

          • identicon
            Anonymous Coward, 23 Feb 2017 @ 12:32am

            Re: Re: Re: Re:

            As far as internet history on your phone provider, than can be taken care of by always using a VPN when surfing the Interenet on your phone. The only thing your phone provider will be able to tell them is that you connected to a VPN.

            As long as that VPN provider is not in the United States, it is not subject to American laws.

            reply to this | link to this | view in chronology ]

            • identicon
              Anonymous Coward, 23 Feb 2017 @ 12:43am

              Re: Re: Re: Re: Re:

              There is also one provider right now, for 110 Euros a month, that provides a totally anonymous SIM card you can use.

              Jammerspro provides such anonymous encrypted systems, including an encrypted router that automatically routes through a VPN. You can connect to that through your phone's Wifi, and your phone provider will not have any records they can give you.

              This router connects to your normal home or business broadband service, and can be used to anonymize Internet on any device that connects to it.

              You just use this router with any VPN provider on the market, and any device that connects to it will go through the VPN, including your phone, leaving no internet connection history on your phone provider.

              Also, a mobile provider outside the United States is NOT SUBJECT to United States laws, and cannot be compelled to hand information over to the US government.

              Just do that, and then factory reset your phone before going through Customs, and CBP will n4ver figure out what you are up to.

              reply to this | link to this | view in chronology ]

              • identicon
                Cowardly Lion, 23 Feb 2017 @ 4:34am

                Re: Re: Re: Re: Re: Re:

                All fine in theory. And for people who are comfortable with fairly advanced IT. But you've repeatedly talked about nulling your devices and using spurious online presences just to cross a border.

                Non of what you are suggesting is realistic for everyday people. The answer isn't to spend 110€ a month to avoid government sanctioned breaches of your security and privacy, it's to resist stupid laws. And in my case, not even contemplating entering the USA.

                reply to this | link to this | view in chronology ]

          • identicon
            Anonymous Coward, 23 Feb 2017 @ 12:39pm

            Re: Re: Re: Re:

            If your phone provider is not in the United States, they cannot be compelled to hand over your Internet history.

            reply to this | link to this | view in chronology ]

          • identicon
            Anonymous Coward, 23 Feb 2017 @ 12:55pm

            Re: Re: Re: Re:

            There is no possible way they can find out you recently reset your phone and reinstalled your apps.

            And like I said, if you are driving, just find a place in your car to hide your SD cards where Customs will never look.

            reply to this | link to this | view in chronology ]

    • icon
      Bergman (profile), 26 Feb 2017 @ 1:34pm

      Re:

      Lying to a federal agent is a felony. So you get to sit in a cell awaiting trial for that felony while they get a warrant to seize everything in your home.

      Old problem solved, worse problem created.

      reply to this | link to this | view in chronology ]

      • icon
        Bergman (profile), 26 Feb 2017 @ 1:36pm

        Re: Re:

        Destroying what you believe may be used as evidence is, likewise, a felony.

        So between lying about your accounts and doing a factory reset on your devices, you have now given the government proof that you have committed two felonies, totaling 30 years in prison.

        reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 22 Feb 2017 @ 8:25pm

    As far as them wanting to see what you are watching on YouTube, that can be taken care of right quick. YouTube does allow you to clear your watch history and search history. Just clear those, so CBP cannot find out what you are watching on YouTube.

    Also, a good idea, as I have said, is to killdisk your laptop and then reinstall Windows and and all your programs, so the forensic examination of your laptop will get nothing.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 22 Feb 2017 @ 8:26pm

    A positive side to giving away your passwords

    You are no longer able to be legally held responsible for anything on any site you hand a password over for. Since you have no legitimate ability to stop a DHS agent from handing out that information to anyone, literally anyone could be in your account sending out threats, porn, etc...

    I see this as a win. Its all poisoned fruit. You can claim the DHS agent did it from that moment on.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 22 Feb 2017 @ 8:30pm

      Re: A positive side to giving away your passwords

      One you get through Customs, you just change your password, so that that CBP/DHS cannot get into your account again after you have left Customs

      reply to this | link to this | view in chronology ]

      • identicon
        Paul, 22 Feb 2017 @ 8:48pm

        Re: Re: A positive side to giving away your passwords

        The thing is you have no idea what they copied or if they installed some app on your facebook account or used SSO to get a long term refresh token to your data.

        Once they have this power they will learn all the tricks, install backdoors, create lists of your contacts and start going after friends of yours or friends of your friends the next time we need to root out communists.

        This is much worse if you understand security theory then you may think.

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 22 Feb 2017 @ 8:54pm

          Re: Re: Re: A positive side to giving away your passwords

          Well, you can simply delete your Facebook account and make a new one, make all their apps and tokens useless. Once your facebook account is deleted, and all the tokens and backdoors to your account will no longer work.

          Then you just go and make a new facebook account, and DHS/CBP will not be able to get back on to.

          reply to this | link to this | view in chronology ]

          • icon
            Eldakka (profile), 23 Feb 2017 @ 4:05am

            Re: Re: Re: Re: A positive side to giving away your passwords

            Facebook accounts can't be deleted, only deactivated.

            If you suspend your facebook, all you (or anyone) needs to do to re-activate it is to login to it.

            reply to this | link to this | view in chronology ]

            • icon
              Eldakka (profile), 23 Feb 2017 @ 4:12am

              Re: Re: Re: Re: Re: A positive side to giving away your passwords

              Oops my bad, it looks like you can delete your account permanently, although it appears to take 90 days.

              Is this a new feature? I swear that 12 months ago there wasn't that ability.

              reply to this | link to this | view in chronology ]

              • identicon
                Wendy Cockcroft, 24 Feb 2017 @ 5:49am

                Re: Re: Re: Re: Re: Re: A positive side to giving away your passwords

                You can actually delete your FB account now? I remember trying to delete one profile and it remained there for years "in case I wanted to go back to it at any point."

                I presume this change of heart is due to trolls creating fake online identities, or something.

                reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 22 Feb 2017 @ 8:58pm

          Re: Re: Re: A positive side to giving away your passwords

          This is one reason to give CBP a "dummy" facebook account and hide your real account, so CBP/DHS cannot do that.

          Just create a new Email address, the create "dummy" accounts for facebook, twitter, etc, and give the passwords for those to DHS/CBP and put those on your Customs form instead of your REAL accounts. CBP/DHS will never be the wiser.

          reply to this | link to this | view in chronology ]

          • identicon
            Anonymous Coward, 23 Feb 2017 @ 5:15am

            Re: Re: Re: Re: A positive side to giving away your passwords

            Your expert rationalizations and excuses for this outrageous behavior is quite inspirational ... here, have a cookie.

            Rather than finagling your way around stupid ridiculous laws and regulations, why not point out to your stupid ass government how they are being stupid ..... oh wait, because that will get you tossed in jail. And now they want to asset forfeiture your ass for "participating" in a "riot" if anyone suffers damaged property from protesters - even if they were just standing there ... idk, maybe reporting on it and stuff.

            reply to this | link to this | view in chronology ]

            • icon
              Bergman (profile), 26 Feb 2017 @ 1:42pm

              Re: Re: Re: Re: Re: A positive side to giving away your passwords

              He's being very clever, and he's also completely wrong about how it will play out.

              It is illegal under US law to destroy anything that might be used as evidence -- even if you have committed no other crimes for it to be used as evidence for. Violating this one will get you 20 years in federal prison.

              Lying to a federal agent is illegal under US law. People have been convicted under this one for simply having bad memory, for amending their testimony as they remember more facts, and even for catching a federal agent lying -- the agent is presumed to be truthful barring VERY solid evidence otherwise, therefore disagreeing with the agent about what you said in an interrogation is: a felony! This one will get you 5-10 years in federal prison PER LIE.

              So if you create a fake Twitter account, fake Facebook account, fake email account and give those to a federal agent at the border, that's 5-15 years in prison right there, and all they need to do to prove you're guilty is a google or wayback machine search. If you factory reset your devices, that's another 20 years in prison, possibly per device.

              His 'clever' plan to avoid committing a felony punishable by 5-10 years in prison will cause him to commit felonies punishable by 35-50 years in prison.

              reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 22 Feb 2017 @ 9:51pm

      Re: A positive side to giving away your passwords

      " Its all poisoned fruit. You can claim the DHS agent did it from that moment on."

      ...or the DHS agent can do it and say you did it...

      reply to this | link to this | view in chronology ]

      • icon
        Bergman (profile), 26 Feb 2017 @ 1:47pm

        Re: Re: A positive side to giving away your passwords

        It is a felony to lie to a federal agent or in official testimony. Police (state and federal) are presumed to be telling the truth barring VERY convincing proof otherwise.

        If you disagree with what a federal agent says you said/did, that is considered sufficient proof by the courts to convict YOU for lying!

        reply to this | link to this | view in chronology ]

  • icon
    orbitalinsertion (profile), 22 Feb 2017 @ 8:40pm

    And the people tasked with this invasion of privacy, organizations like CBP and TSA, contain vast collections of some of the biggest knobs on the planet as personnel. (Of course, not all, everywhere, but odds are not good that these are the ones you deal with.)

    Yeah, I want the guys who steal underwear for no apparent reason looking though my email and chat or what have you.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 22 Feb 2017 @ 8:44pm

      Re:

      As far as Hotmail goes, there is an option to delete all mail, so if they want to look in your Hotmail account, they will not see any emails before you deleted all Emails on your account

      reply to this | link to this | view in chronology ]

      • icon
        orbitalinsertion (profile), 23 Feb 2017 @ 10:18am

        Re: Re:

        While I appreciate and understand all your pointers regarding this, most people simply are not prepared to deal with them. The only "active" social media account i do have is a "dummy" already, but honestly i don't want to delete my chat logs. As for email, i have never used Hotmail or any of its later names under MS, and I use an email client, and don't leave things parked on servers.

        Mitigation against an omnipresent totalitarian regime is nice, and honestly, if i were doing anything the gov was actually interested in, i wouldn't use most services and have everything dummy accounts linked to burner devices and never use them near my networks. And sure i can nuke and pave hard drives, but that is a huge pain, especially for most.

        The thing is, we'd rather fight this ridiculous government intrusion than have to adopt measures that we surely would if necessary. (And in some ways, it has been necessary for some people for many years already.)

        It's great advice, and i and many others have given similar advice, especially in IT fora. But here you are kind of mostly preaching to people who already know, and are more interested in dealing with the faulty system than how to avoid having your private or business info and intimate conversations pawed over my officious morons. At least in this venue.

        reply to this | link to this | view in chronology ]

      • icon
        Bergman (profile), 26 Feb 2017 @ 1:49pm

        Re: Re:

        Unfortunately, doing so to avoid a federal agent snooping through your account is a crime under US laws, punishable by 20 years in prison.

        reply to this | link to this | view in chronology ]

  • icon
    a swiss guy (profile), 22 Feb 2017 @ 10:59pm

    Shall I or not?

    As I see it, most comments revolve around ways to trick with accounts you might have to provide.

    At the moment I’m planning an extended vacation in the US for this summer. That means I first book a flight and hope we don’t get rejected by ESTA for whatever obscure reason. Then I book flights, hotels and cars in the US. And then I arrive at the immigration counter … with me comes my family with the usual assortment of phones and tablets and probably our complete digital trail.
    So, how much do I fake in advance and hope it fits together? How good an actor am I and what’s to expect from my co-actors?

    What’s at risk? Just a good time for the family and a lot of money? Or more?

    Why should we go through all that hassle? Canada seems to be a nice and interesting place, too. Maybe Costa Rica. Maybe … I’m sure there are many places, where we’re welcome.

    Is this still chilling or already quite cold?

    reply to this | link to this | view in chronology ]

    • icon
      That One Guy (profile), 23 Feb 2017 @ 3:41am

      Re: Shall I or not?

      Yeah, I'd avoid the US if at all possible for the foreseeable future. Look at the sights online if you really want to, but do not try to come here in person, spend that money in some other country that will appreciate it more.

      reply to this | link to this | view in chronology ]

      • identicon
        Cowardly Lion, 23 Feb 2017 @ 4:46am

        Re: Re: Shall I or not?

        Unfortunately for those of us with an astronomical bent, there's a total solar eclipse in the US in August. I'd really, really like to see it, but as you say...

        It's not ideal, but what with this, the TSA, Trump's new immigration policies, banning teachers from the UK, I'm seriously considering a boat off the Georgian coast. Maybe a cruise from Bermuda or the Bahamas.

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 23 Feb 2017 @ 11:42am

          Re: Re: Re: Shall I or not?

          If you are coming to see the eclipse in August, just factory reset your phone before coming to America. There is no forensic tools that can recover data from your phone once it has been wiped.

          reply to this | link to this | view in chronology ]

    • icon
      Eldakka (profile), 23 Feb 2017 @ 4:07am

      Re: Shall I or not?

      I’m planning an extended vacation in the US

      There's your mistake right there.

      reply to this | link to this | view in chronology ]

    • icon
      Bergman (profile), 26 Feb 2017 @ 1:52pm

      Re: Shall I or not?

      Trying to fake accounts would be lying to a federal agent, which is a felony punishable by 5-10 years in prison PER LIE.

      Giving up your passwords to a federal agent is a felony punishable by 5-10 years in prison per account.

      Destroying anything that could be used as evidence in an investigation of you (even if there is no investigation or no reason to be one) is a felony punishable by 20 years in prison.

      All these guys proposing 'clever' dodges to avoid federal agents pawing through their accounts are not being as clever as they think, since they're trading one 5-10 year felony for a whole set of felonies that could see them in prison for ten times longer.

      reply to this | link to this | view in chronology ]

  • icon
    Roger Strong (profile), 22 Feb 2017 @ 11:45pm

    This ought to end well....

    DHS Agent: "Hand over your Facebook password."

    Visitor: "I don't have a Facebook account."

    DHS Agent: "I don't believe you."

    Visitor: "Sorry."

    DHS Agent: "Look, it's well-established that one can be jailed indefinitely if they won't hand over a password we think they have."

    Visitor: "But I..."

    DHS Agent: "And that's an American citizens. You're not, so we can ship you to a third country for torture. We've done it before. A guy transiting New York on his way home to Canada, just to check on vague suspicions."

    DHS Agent: "Hand it over, and no dummy accounts. We'd better see lots of activity and friends on that account. We'll be examining your friends too."

    Announcer (Facebook commercial): And that is just one reason why everyone should be on Facebook. Get your mandatory account today!

    reply to this | link to this | view in chronology ]

    • icon
      TRX (profile), 24 Feb 2017 @ 7:56am

      Re:

      I'd fall into that category. I have a few forum and blog logins, but I have no "social media" accounts - no Facebook, no Twatter, no MySpace, no Tumblr... there's a freemail account I use for places that demand some kind of email address, but it's just spam and dust bunnies.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 23 Feb 2017 @ 12:53am

    I am American, and I will be damned if I will let my privacy be invaded, as I will always wipe my devices before re-entering the United States.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 23 Feb 2017 @ 1:47am

    What if you are in a country that does not allow Facebook? Facebook is blocked in China and Iran, for sure,m and probably other countries.

    reply to this | link to this | view in chronology ]

  • identicon
    David, 23 Feb 2017 @ 1:52am

    Well, that gives a standard defense for copyright infringement

    "Did anybody else have access to your account?"

    "Dozens of border agents."

    Case dismissed.

    What people don't seem to understand in all of the privacy discussions around handing over passwords is that passwords are not just something you use for _reading_ private account details. They are a handle to _tampering_ with a person's identity. They will naturally _massively_ be used for planting evidence.

    The CIA will be able to invent whole child pornography rings for people they don't like and plant all the evidence for it without using any hacking tool.

    This really beats slipping a satchel in someone's pocket.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 23 Feb 2017 @ 2:16am

      Re: Well, that gives a standard defense for copyright infringement

      That is one reason why you will want you delete your Facebook account after clearing Customs and creating a new one, so that the government can no longer have access to your Facebook account.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 23 Feb 2017 @ 2:18am

      Re: Well, that gives a standard defense for copyright infringement

      One way to solve this is give them the passwords to all your other social media accounts, but don't ever have a facebook account.

      reply to this | link to this | view in chronology ]

    • identicon
      Cowardly Lion, 23 Feb 2017 @ 4:39am

      Re: Well, that gives a standard defense for copyright infringement

      It's even worse.

      https://xkcd.com/792/

      In essence, in modern times where we can have hundreds of passwords to access all kinds of things, there are people who use the same password and remember it, and there are people who use different passwords and use a password manager; paper even.

      If US.gov have some of your passwords or even one, they have an opportunity to expand.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 23 Feb 2017 @ 2:25am

    What about Facebook accounts that are only used for commenting on news articles? That is the only thing I use my Facebook account for, and that does not show up when you log on to your account.

    I only signed up for Facebook because some websites require it or commentary.

    reply to this | link to this | view in chronology ]

    • identicon
      David, 23 Feb 2017 @ 4:09am

      Re:

      What about Facebook accounts that are only used for commenting on news articles?

      What about them? They are the best for figuring out your political leanings. And this makes it possible to correct your comments if they are unsuitable for someone entering the Land of the Free and the Home of the Brave.

      You don't need to thank us, we'll do it ourselves.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 23 Feb 2017 @ 1:34pm

        Re: Re:

        When you go on to your Facebook account, you will not see those comments. I find that is so when I go onto my Facebook account. Those comments would only be available on the websites where you made the comments.

        reply to this | link to this | view in chronology ]

    • icon
      Eldakka (profile), 23 Feb 2017 @ 4:20am

      Re:

      Any website that went over to requiring a facebook account to comment on I stopped visiting. Perfect example was Techcrunch, when they went to requiring facebook I stopped visiting entirely. Even after they reversed that requirement 2(?) years later, I still don't visit the site , with the exception of reading the articles there about their policy reversal, but apart from that I've never been back. I don't trust the judgement of people who'd make such a stupid decision in the first place.

      reply to this | link to this | view in chronology ]

  • icon
    timmaguire42 (profile), 23 Feb 2017 @ 4:52am

    Well, it would reduce a lot of the spam on the internet if Nigeria could just demand our bank passwords at the border.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 23 Feb 2017 @ 6:10am

    No Excuse?!

    "But that's no excuse for DHS going down this path in the first place."

    No excuse except terrorism, pedophilia, drugs, crime, Muslims, and Hitler! If we forget these basic, never-ending wars, the government might lose our willingness to pay the taxes they levy and might lose our support for the outrages they commit in our names with our money.

    I now feel a little un-American that I don't use Facebook.

    reply to this | link to this | view in chronology ]

  • icon
    zarprime (profile), 23 Feb 2017 @ 6:28am

    I'm sure they'll do their "best" to secure this information.

    So we have DHS compiling a massive database of userids and passwords for e-mail and social media accounts. That's not a high-value target at all. Given virtually no government agency has managed to receive a passing mark for securing their systems it's only a matter of time (and probably not a lot of time) before at least one organisation (hackers, foreign gov't, et al) gets their hands on it.

    I expect you'd see lower distribution if you wrote your userid & password on a bathroom wall.

    reply to this | link to this | view in chronology ]

    • icon
      Anonymous Anonymous Coward (profile), 23 Feb 2017 @ 8:23am

      Re: I'm sure they'll do their "best" to secure this information.

      I am sure they are all safe now. Trump ordered the cyber to be fixed. Don't you feel better?

      reply to this | link to this | view in chronology ]

    • icon
      Roger Strong (profile), 23 Feb 2017 @ 11:07am

      Re: I'm sure they'll do their "best" to secure this information.

      So we have DHS compiling a massive database of userids and passwords for e-mail and social media accounts.

      The userids and passwords aren't the point. It's about building a database of connections between people. Your email and Facebook accounts supply a list of who you know and communicate with, and often who THOSE people know and communicate with. Import the accounts of a few million travellers a year, and the connections add up.

      Years later you become a suspect, because you know someone on Facebook who knows someone via company email who got radicalized. In the 2000s they kidnapped and tortured people for less just to check on those suspicions.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 23 Feb 2017 @ 10:42am

    1. If and when these policies become the norm, don't visit the US unless absolutely necessary. If you do have to come here on business buy a burner phone in the US after you are inside.

    2. If you are a US citizen do not carry your phone/laptop with you when on an international trip unless you have cleaned it of accounts you don't the US government looking at. Ideally you bring a burner phone and a cheap 10" tablet.

    I cancelled all of my social media accounts years ago. I knew the information could be used against me someday and have never liked the idea of putting my life out there publicly. Business and professional writers/artists have a use for it but the average person is just playing with fire.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 23 Feb 2017 @ 11:40am

      Re:

      And another one

      3. If you are driving accross the border, take the SD card out of your phone and hide it where CBP will not find it, then factory reset the phone to wipe out any indications an SD card was ever in there.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 26 Feb 2017 @ 5:02am

      Re:

      1. If and when these policies become the norm, don't visit the US.

      Fixed!

      reply to this | link to this | view in chronology ]

  • identicon
    Jordan Chandler, 23 Feb 2017 @ 2:42pm

    passwords

    I don't know my social media passwords, I use a password manager that's on my phone which I plan on wiping prior to landing.

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Special Affiliate Offer

Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.