​Broad coalition slams US border plan to require foreigners’ social media passwords

  • Liam Tung (CSO Online)
  • 22 February, 2017 09:02

A coalition of trade groups representing Google, Facebook and Microsoft, as well as dozens of security experts, rights advocates and lawyers have opposed a plan to require foreign travelers divulge social media passwords at the border to gain entry to the US.

The group’s open letter reacts against a suggestion made recently by Department of Homeland Security Secretary John Kelly as part of an extreme vetting measure. He said it was hard to “truly vet” visa applicants from the seven Muslim majority countries targeted by the then intact travel ban, and suggested visitors should be required to give up their passwords as a condition of entry.

“If they don’t want to give us the information, then they don’t come,” he said.

The move would significantly expand the US Customs and Border Protection process that gives visa waiver applicants the option to provide social media user names.

“This proposal would enable border officials to invade people’s privacy by examining years of private emails, texts, and messages,” the coalition writes.

“It would expose travelers and everyone in their social networks, including potentially millions of U.S. citizens, to excessive, unjustified scrutiny. And it would discourage people from using online services or taking their devices with them while traveling, and would discourage travel for business, tourism, and journalism,” the letter continued.

Among the 53 organizations that have signed included the American Civil Liberties Union, Center for Democracy & Technology, Internet Society, Computer & Communications Industry Association, and the Internet Association, which represents Google, Microsoft, Amazon, and Facebook. Individuals who signed the letter include a number of security experts, including Bruce Schneier, and Morgan Marquis-Boire.

The coalition also warns that introducing mandatory password disclosure for foreign nationals may set a precedent for other governments, ultimately affecting all travelers around the world.

“This demand is likely to be mirrored by foreign governments, which will demand passwords from U.S. citizens when they seek entry to foreign countries. This would compromise U.S. economic security, cybersecurity, and national security, as well as damage the U.S.’s relationships with foreign governments and their citizenry,” the coalition said.

Democrat Senator Ron Wyden has also opposed the password requirement for visiting foreign nationals. In a letter sent to to Kelly on Tuesday, said he was alarmed by reports of US Customers and Border Protection (CBP) agents pressuing American citizens to reveal their smartphone PUN numbers, and also called out his suggestion to demand social media passwords from visitors.

“With those passwords, CBP may then be able to login to accounts and access that they would otherwise only be able to get from Internet companies with a warrant,” wrote Wyden.

He points out that there are well established rules for obtaining this data, which includes the opportunity for the service provider to challenge a warrant or court order if it is overly broad.

“By requesting a traveler’s credentials and then directly access their data, CBP would be short-circuiting the vital checks and balances that exist in our current system.”