Thousands of people cross the United States border every day. If the Trump administration has its way, some visitors may soon be required to give their social media passwords to enter the US – an extraordinarily invasive demand that would likely prompt reciprocal demands by other countries from US citizens traveling abroad.
On February 7, US Department of Homeland Security Secretary John Kelly floated the idea of forcing visitors to hand over “a list of websites that they visit and the passwords to get on those websites to see what they’re looking at” and allow agents to examine “what they tweet, cellphones, cellphone conversations or cellphone contact books to where we can run them against databases: telephone numbers, people’s names.” Secretary Kelly provided no details on how usernames, passwords, and private information gleaned from accounts might be used, nor how long such information would be retained.
As a number of organizations raised in a joint statement to DHS, this would represent a sweeping attack on privacy, freedom of expression, and other rights. Much of what we post on a site like Facebook is not public. Access could reveal potentially years’ worth of private communications or membership in private groups, and would affect everyone with whom a person has communicated. The intrusion may not be limited to major social networks either. Increasingly, mobile apps, e-commerce sites, and other websites allow you to use your Facebook, Google, or Twitter account to login to their services. Secretary Kelly gave no explanation of what would restrain the government from repeatedly checking users’ accounts, modifying their settings, or manipulating their digital life using such information.
The proposal would also undermine digital security. Even according to the Federal Bureau of Investigation, a basic rule of online security is “don’t share your password.” To implement this proposal, the US would likely create a database of social media accounts and passwords – an irresistible target for cybercriminals and foreign intelligence agencies. Given the history of serious data breaches of US systems, how confident could anyone be this data would be kept secure.
The proposal would initially be aimed at individuals from the seven predominantly Muslim countries named President Donald Trump’s travel ban. However, Secretary Kelly noted that the program “could be” expanded.
Since December, visitors from 38 countries who seek a visa waiver have been asked to disclose social media usernames (but not passwords) on a voluntary basis. The US also asserts broad authority to search cell phones and laptops and copy data at the border without any suspicion of wrongdoing.
US residents and others who have refused to unlock their devices have had them seized for months, and journalists and others who may have sources or sensitive work product to protect aren’t spared.
Such current practices already raise serious privacy and freedom of expression issues. Demanding access to social media passwords – the keys to our digital lives – is simply beyond the pale.