Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Government Privacy United States

US Visitors May Have to Hand Over Social Media Passwords: DHS (nbcnews.com) 652

People who want to visit the United States could be asked to hand over their social-media passwords to officials as part of enhanced security checks, the country's top domestic security chief said. From a report on NBC: Homeland Security Secretary John Kelly told Congress on Tuesday the measure was one of several being considered to vet refugees and visa applicants from seven Muslim-majority countries. "We want to get on their social media, with passwords: What do you do, what do you say?" he told the House Homeland Security Committee. "If they don't want to cooperate then you don't come in."
This discussion has been archived. No new comments can be posted.

US Visitors May Have to Hand Over Social Media Passwords: DHS

Comments Filter:
  • Against TOS (Score:5, Interesting)

    by Anonymous Coward on Wednesday February 08, 2017 @10:13AM (#53825681)

    At least with FB it's against the TOS, and if you sign on from an unfamiliar IP, it would try other challenges to validate your identity.

    • Re:Against TOS (Score:5, Informative)

      by dmomo ( 256005 ) on Wednesday February 08, 2017 @10:25AM (#53825801)

      It's against the TOS for the user to let another access their account via the password. I didn't see anything in there about being on the receiving end. I would say it's implied, but it's not explicit. So security would be effectively forcing the user to violate the agreement with Facebook. Not sure how that plays out legally, but I'm assuming Facebook has every right to terminate their account for complying with the security check.

      Here's the clause:

      "You will not share your password (or in the case of developers, your secret key), let anyone else access your account, or do anything else that might jeopardize the security of your account.
      You will not transfer your account (including any Page or application you administer) to anyone without first getting our written permission."

      • Re:Against TOS (Score:5, Interesting)

        by Kagato ( 116051 ) on Wednesday February 08, 2017 @10:59AM (#53826099)

        Because it's against the TOS, it's against the Computer Fraud and Abuse Act. CBP is asking people to commit a felony. The United States Court of Appeals held just last year that sharing password and allowing access contrary to the TOS is a violation. There are people in PRISON right now for commit this crime. I would not recommend doing it and Facebook should make a statement that what DHS is proposing is against the law.

        If DHS wants to do this they need to ask congress to add an exemption to the CFAA.

        • Re:Against TOS (Score:5, Informative)

          by tsqr ( 808554 ) on Wednesday February 08, 2017 @11:33AM (#53826475)

          Because it's against the TOS, it's against the Computer Fraud and Abuse Act.

          18 U.S. Code 103018 U.S. Code 1030(f): This section does not prohibit any lawfully authorized investigative, protective, or intelligence activity of a law enforcement agency of the United States, a State, or a political subdivision of a State, or of an intelligence agency of the United States.

        • Re:Against TOS (Score:4, Informative)

          by jeremyp ( 130771 ) on Wednesday February 08, 2017 @06:03PM (#53829383) Homepage Journal

          So if you don't hand over your Facebook password, you might be organising a terrorist group from your Facebook page so you can't enter the |USA.

          If you do hand over your Facebook password, you have committed a felony, so you can't enter the USA.

          That strikes me as exactly the outcome that the Trump administration is looking for.

      • Re:Against TOS (Score:5, Insightful)

        by networkBoy ( 774728 ) on Wednesday February 08, 2017 @10:59AM (#53826117) Journal

        It's also against the 4th amendment:
        "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated..."
        I would argue that an on-line account is an effect of a person (actually in both definitions of the word) and the constitution does not exclude non citizens.

        Just disgraceful what my country has done to it's charter document.

      • by Kjella ( 173770 )

        It's against the TOS for the user to let another access their account via the password. I didn't see anything in there about being on the receiving end. I would say it's implied, but it's not explicit. So security would be effectively forcing the user to violate the agreement with Facebook. Not sure how that plays out legally, but I'm assuming Facebook has every right to terminate their account for complying with the security check.

        Regarding the receiving end it's really quite easy, Facebook has authorized you to use their service and the password is just your authorization token. If anyone else is using your token to access their service they should be hit with some felony "unlawful access to computer resources" hacking charges, regardless if they got the token by accident, theft, blackmail or given voluntarily. Same as if I give you a key to water my plants, no matter who else ends up with the key they don't have my permission, even

    • Yep. I could hand over my password. But they'll have a hell of a time getting past the SSO codes (Unless the NSA has cracked that system somehow)

      But I'm going to give the US a pass over the next 4 years. I have nothing to hide, but on a matter of principles I wouldnt give my own govt my passwords, and I sure as hell wouldnt give a foreign govt them.

      • But I'm going to give the US a pass over the next 4 years.

        What makes you think it will get any better after that?

    • Re: (Score:3, Insightful)

      by Anonymous Coward

      No terrorist could possibly fake a social media profile. Or have two or 100. And it's impossible that an innocent person could just not have a social media profile.

      • Your latter point is right on. But one implication of this - if a person claims that he doesn't have a social media profile, and later on, it turns out that at the time of questioning, he actually did, that would be a reason to scrutinize him further. Of course, if he created one after coming to the US, it would be another story. But the main point is to make sure that anyone w/ a social media profile is looked at, so that you wouldn't have more Tasfeen Maliks.

        I recently opened a new facebook profile w

    • For FB, why do they need a password? If they want to check out Mohammed Islam's account, they can just visit his home page and see what he has written. Or even ask to befriend him temporarily so that they can see his private messages as well, and unfriend them once the background check is over.
  • WTF? (Score:5, Interesting)

    by Calydor ( 739835 ) on Wednesday February 08, 2017 @10:13AM (#53825685)

    I can imagine Facebook, Twitter etc. blowing up over this.

    Besides, if they get password access how can they use ANYTHING they find as evidence of anything? They've got WRITE access, for crying out loud! The evidence chain isn't just poisoned, it's rotted right through.

    • Most social websites will have a timestamp of when the post was made or edited. So, government trapping people by writing fake posts may not be a viable option. Or at least we know this, not sure if the bozos running the government do. I think they might even try!

      • I'll wager money on them trying.
        Not necessarily as a program of sorts, but single operators with access because of their position certainly will.

      • The problem is they could post something, say "Look you're a terrorist" and send you back to your originating country. By the time you've figured it all out, you're 3000 miles away in a foreign land and nothing you can do. This is RIPE for abuse and I can't believe any court would find this legal.
    • Re:WTF? (Score:5, Insightful)

      by squiggleslash ( 241428 ) on Wednesday February 08, 2017 @10:19AM (#53825739) Homepage Journal

      That seems to be the least of the problems. Even if you assume good faith (and you can't... too many stories of individual immigration officers, possibly with the encouragement of higher ups, acting inhumanely towards would-be immigrants), the request doesn't make sense: if I say I don't have a Twitter or Facebook account, are they going to believe me? What are the chances I have one if I live in a part of the world with no Internet?

      And if I do, and I'm actually using my Facebook account to meet up with terrorists, preparing to be the first person ever from any of those seven countries to commit an act of terrorism in the US, what makes you think I'd use the same account for that as I do talking with friends and family? I mean, having one account used for both seems like it'd be asking for trouble. Guess which password you'd end up with...

      What a waste of time and resources, and a completely unnecessary invasion of privacy.

      • Re:WTF? (Score:5, Insightful)

        by Jason Levine ( 196982 ) on Wednesday February 08, 2017 @10:46AM (#53825977) Homepage

        And if I do, and I'm actually using my Facebook account to meet up with terrorists, preparing to be the first person ever from any of those seven countries to commit an act of terrorism in the US, what makes you think I'd use the same account for that as I do talking with friends and family? I mean, having one account used for both seems like it'd be asking for trouble. Guess which password you'd end up with...

        Exactly this. It would take minimal effort for a would-be terrorist to make a "clean" Facebook account. Have it only friend pro-US people and be completely innocuous - not even discussing US politics, but discussing which pop band is the best and the results of "Which Hogwarts House Am I In" quizzes. A clever terrorist organization could even have a whole division dedicated to maintaining these accounts for years before handing them over to the would-be-terrorist. DHS gets the clean Facebook account and doesn't see the secondary account where he's liked every anti-US Facebook post there is. This won't protect us from terrorists (except, maybe extremely stupid ones), will weaken the security of people entering the US, and will lead to abuse.

        • It would take minimal effort for a would-be terrorist to make a "clean" Facebook account.

          Actually I think the amount of effort to do that would drive people to terrorism.

      • by houghi ( 78078 )

        Please alsp define "Social media" I do not have Facebook, twitter or similar accounts. Is /. Social Media? Is the webserver with my domain name one, because that is where I put anything I think is important on (It is nothing).
        Is Usernet "Social Media"? What about email?

      • This is the same as any other thing that gives someone access to personal data. Identity theft in just the US costs victims billions a year what stops a disgruntled government employee from using the information found.

      • That seems to be the least of the problems. Even if you assume good faith (and you can't... too many stories of individual immigration officers, possibly with the encouragement of higher ups, acting inhumanely towards would-be immigrants), the request doesn't make sense: if I say I don't have a Twitter or Facebook account, are they going to believe me? What are the chances I have one if I live in a part of the world with no Internet?

        And if I do, and I'm actually using my Facebook account to meet up with terrorists, preparing to be the first person ever from any of those seven countries to commit an act of terrorism in the US, what makes you think I'd use the same account for that as I do talking with friends and family? I mean, having one account used for both seems like it'd be asking for trouble. Guess which password you'd end up with...

        What a waste of time and resources, and a completely unnecessary invasion of privacy.

        For the 7 countries in question, you'd be right: chances are very likely that someone from Sudan, Libya, Somalia or Yemen doesn't have internet

        Also, you're right about the terrorist thing: a terrorist would maintain a personal profile for friends & family, and another for his Ansar al Jihad comrades. And he won't turn over the latter. But one reason for this is undoubtedly San Bernardino, where Tasfeen Malik used her personal page to promote Jihad

      • Re: (Score:2, Interesting)

        by ooloorie ( 4394035 )

        What a waste of time and resources, and a completely unnecessary invasion of privacy.

        This only applies to the seven banned countries, countries that don't have reliable records.

        If you travel to the US from Europe, the US requests your police, financial, and surveillance records from your home country. In that case, they don't need your social media accounts, because that contains everything from your political affiliations to the terms of endearment you use with your Swedish mistress.

        If you travel to the US

      • Re:WTF? (Score:5, Insightful)

        by jenningsthecat ( 1525947 ) on Wednesday February 08, 2017 @11:43AM (#53826559)

        ...What a waste of time and resources, and a completely unnecessary invasion of privacy.

        Your assertion is based on the premise that the people behind this policy actually give a rat's ass about the safety and/or privacy of the average American.

        A friend once made the insightful comment that having to stand in line at an airport waiting to take your shoes off has nothing to do with thwarting terrorism - its purpose is to make obedience to authority reflexive and habitual. As far as I'm concerned this is more of the same - and don't be surprised when, a few years down the road, America citizens are also forced to give up their social media passwords at the border.

        Once upon a time I thought the people who talk about governments of ostensibly 'free' nations having their citizens chipped or bar-coded was the fantasy of conspiracy theorists. These days I'm not sure they're wrong.

    • by Jhon ( 241832 )

      Access to financial records can make sense. The social media thing is just stupid. People will just start using two sets of email and two sets of social media. One set for me -- and one set for Mrs. Grundy to review which has tons of "followings" of cat videos and dog tricks.

    • by ugen ( 93902 )

      I don't think there is much respect left for "evidence chain", in particular wrt. non-US-citizens.

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      You're so close to realizing this will eventually become mandatory unfettered read-only API calls for the gubmint.

      Better also keep an eye on them for domestic dissidents too. Maybe we can come up with a catchy name for it like COINTELPRO.

    • by caseih ( 160668 )

      If they want to vet someone's social media presence, they can already subpoena these predominantly American companies and get this information. But what about someone who has no social media presence at all?

      The feds have been trending in this general direction for years now, with suspensions of constitutional rights at border crossings that started back under Bush and Obama. Unfortunately the new administration is even less respectful of the rule of law.

      You're absolutely right that officials can with thi

    • Re:WTF? (Score:5, Insightful)

      by Cajun Hell ( 725246 ) on Wednesday February 08, 2017 @10:31AM (#53825831) Homepage Journal

      I can imagine Facebook, Twitter etc. blowing up over this.

      Me too, except "blowing up" in the sense of suddenly having lots of new account signups. I imagine a desk at airports, with public computer everyone uses to sign up for accounts on these websites, in order to have a password to hand over.

      "Uh, yeah, my account is throwaway12345@gmail.com. My password is 12345."

      how can they use ANYTHING they find as evidence of anything?

      This isn't for purposes of finding evidence. It's for theater. Someone got the idea that American voters want visitors to be humiliated and insulted, and this is their idea for how to best do it.

      How the idea of anal pattern photographs got shot down, I have no idea. Cowards!!

    • Re: (Score:3, Funny)

      by Anonymous Coward

      Evidence chain: ancient concept based on the alleged difference between facts and unfacts

    • Re:WTF? (Score:5, Interesting)

      by The-Ixian ( 168184 ) on Wednesday February 08, 2017 @10:53AM (#53826033)

      I think it is fine as long as all other countries ask for traveling American's passwords.

      Just wait for that blow-up

      • I think it is fine as long as all other countries ask for traveling American's passwords.

        Just wait for that blow-up

        Americans following the same rules they expect others to follow? Not a chance!

    • Re:WTF? (Score:5, Insightful)

      by JeffOwl ( 2858633 ) on Wednesday February 08, 2017 @10:57AM (#53826077)
      Rules of evidence don't apply in this case unless they try to prosecute you for something. Denial of entry does not require the same standards as criminal prosecution.
    • I can imagine Facebook, Twitter etc. blowing up over this.

      Besides, if they get password access how can they use ANYTHING they find as evidence of anything? They've got WRITE access, for crying out loud! The evidence chain isn't just poisoned, it's rotted right through.

      That's the point I made above - they can see things w/o a password, particularly in FB.

    • Re: (Score:2, Insightful)

      by ooloorie ( 4394035 )

      Besides, if they get password access how can they use ANYTHING they find as evidence of anything? They've got WRITE access, for crying out loud! The evidence chain isn't just poisoned, it's rotted right through.

      You're not on trial. They are trying to find evidence that's in your favor, not evidence against you. If they don't want to admit you, they don't have to bother planting evidence, they just stamp "denied" on your visa application.

      • by Calydor ( 739835 )

        They are trying to find evidence that's in your favor, not evidence against you.

        I have a bridge I'd like to sell you.

        • You don't understand; the default is simply for you not to get admitted if you are from one of those seven countries; they don't need to look at your social media account for that, they just deny your visa.

  • by gtall ( 79522 ) on Wednesday February 08, 2017 @10:16AM (#53825705)

    Maybe other countries will demand the same thing. I can see el Presidente Tweety giving up his password in the name of security.

    • by Anonymous Coward on Wednesday February 08, 2017 @10:39AM (#53825917)

      Its simple, more and more people are now avoiding the USA.

      If I need to fly to Europe from New Zealand I now go through Hong Kong or one of the other non-us routes. This is now the preferred method for all staff as the risks of IT devices (computers/phones/etc) being compromised at the US boarder is now considered too high.

      There is also a growing preference for equipment from the EU as any training will be outside of the US too.

      The US is slowly but surely shitting in its own nest.

      I know personally, for family holidays we will no longer consider the USA, there is a great big world out there to see, and currently the USA and its policies places it a long way down the list of places to visit.

      • Re: (Score:2, Insightful)

        by unixisc ( 2429386 )

        You make it sound like that is a bad thing. If people who don't like the US avoid the US, that's one of the desirable outcomes, the attempts of Dem AGs notwithstanding.

        • by TimothyHollins ( 4720957 ) on Wednesday February 08, 2017 @11:21AM (#53826369)

          Ahh, I see. So the plan is to make the US such a terrible place that no-one will want to go there? Now it finally makes sense.

          Just a heads up, you might want to look into Somalia, they appear to have attempted a similar approach.

          • by gtall ( 79522 ) on Wednesday February 08, 2017 @12:10PM (#53826843)

            No, the plan is to tell Americans they are safe by banning people who have no record of doing naughty things in America, and that do not have Trump properties in their homelands.

            One thing you have to consider when observing this Administration, nothing is connected. One policy might yang the yin out of some issue, another might yin the yang out of the same issue.

            Also, knock-on effects are not considered because there's no way the head guys can keep two ideas in their heads at the same time. Case in point, the last Yemen raid by American Special Forces. The previous administration tried to think through the effects if something went wrong. The current administration would rather shoot first and aim later. The result: Yemen said no more of those.

            Another case in point: American ban on Iraqis coming to the U.S. Iraq's Parliament is considering legislation banning Americans, and the Iraqis fighting and dying to attack Daesh are looking at the Americans and wondering why they should bother. Trumpets blaring about taking Iraqi oil tell them that the American administration has no respect for Iraqis. End result, decreased cooperation against Daesh, and possibly support for aggression against the U.S. after Daesh goes down the rat hole.

            And the Administration rhetoric has given that little twit Ayatollah running Iran a gift claiming the Administration is showing America's true face.

            Wanting to put China in its place, they did the opposite of rally Asian nations against China hegemony by pulling out of TPP thus pushing those countries closer to China. And whining about cheap Mexican labor and labor standards, they decided pulling out of the TPP would be a good idea, however it would have increased wages and standards for Mexicans.

            Claiming the Mexican hordes are climbing over the borders (they aren't), they give every indication of starting a trade war with Mexico thus lowering the Mexican economy and making it likely to increase the pressure on Mexicans to squirrel under the new stupid wall to get into the U.S.

    • by Kagato ( 116051 )

      Other countries do. In particular Canadian border officials have a habit of asking the same thing. In the US however CPB is actually asking people to commit a Felony.

    • by The-Ixian ( 168184 ) on Wednesday February 08, 2017 @10:56AM (#53826065)

      I would love to see this happen.

      Just wait for the entitled Americans to cry to their government reps about how they are being treated like garbage.

  • Next up in 'Murica (Score:3, Insightful)

    by TimothyHollins ( 4720957 ) on Wednesday February 08, 2017 @10:20AM (#53825747)

    Next up on the hit series "'Murica: Hell yeah!", the orange prez makes a scandalous law - all students are to get daily cavity searches.

    While glove manufacturer stock prices are soaring, Homeland Security Secretary John Kelly tells worried students "If you don't want your rectum searched for contraband, just stay at home.

    God-damn the news are getting entertaining.

  • by fahrbot-bot ( 874524 ) on Wednesday February 08, 2017 @10:25AM (#53825795)

    People will just keep real and fake social media accounts. One for real stuff, and one for border control to ogle.

  • by rossdee ( 243626 ) on Wednesday February 08, 2017 @10:31AM (#53825835)

    USA doesn't want tourists visiting the country
    or business people doing trade deals

    • by thegarbz ( 1787294 ) on Wednesday February 08, 2017 @11:24AM (#53826391)

      To be fair that's been the message for a long time. There's few countries I dread visiting, and the USA is one of them. I remember my last business trip clearly.

      "Welcome to the United States of America" it said in the customs area of the airport. I got to stare at that shitty sign for 3 hours as a single customs man took his time individually fingerprinting and questioning the thousand visitors queued up.

      America is a lovely place and the people are lovely and friendly. But I still dread actually clearing customs in that area and I say that as a white ordinary privileged man.

  • by sjbe ( 173966 ) on Wednesday February 08, 2017 @10:35AM (#53825875)

    I'm not surprised DHS is "considering" something like this. Certain gestapo elements in our government always are trying thuggish and ill considered tactics to make their lives easier. This is plainly a stupid and counterproductive idea to anyone with a functioning brain but the danger is real enough. The good news is that the companies affected (Facebook, Twitter, etc) have lots of money and flesh eating lawyers to fight such an over-reach by the government. I don't generally trust Facebook but I do trust their profit motive and DHS forcing people to hand over passwords is a clear and present danger to their bottom line.

  • by QuietLagoon ( 813062 ) on Wednesday February 08, 2017 @10:37AM (#53825899)
    If this behavior is permitted, then the social media sites need to start implementing read-only passwords for account. It is one thing to allow the US government to see everything n your account, and all your friend's accounts. It is an entirely different thing to allow the US government to act on your behalf with your account.
  • Sucks to be DHS. My FB password alone is like 255 random characters. What about 2FA systems? They can have the password, but they're not getting the token.
    • Using 2FA authentication won't work to stop them.

      They ALREADY ask you to allow inspection of electronics. If you refuse to give them the password, expect to not get your phone, laptop, or tablet back till you either give them the password or they image the whole thing for NSA's "enhanced decryption".

      • What if you come into the country not planning to visit your social media account and therefor you don't bring and devices with you?

        It is already common practice for travelers to bring blanked out devices with them and then restore them once they are through the checkpoints.

  • This is only if you're coming from one of the seven banned countries.

    • by ET3D ( 1169851 )

      Guilty as charged. :) Anyway, it implies that these people could get into the US, which mean no ban. So this is positive news.

  • by xfizik ( 3491039 ) on Wednesday February 08, 2017 @10:52AM (#53826021)
    Just another reason to not use social media.
    P.S. I don't even remember my FB password, on those rare occasions that I try to use FB from a new device I always have to go through the "forgot your password?" ordeal. But I don't expect border officials to be too sympathetic about that.
  • by Kagato ( 116051 ) on Wednesday February 08, 2017 @10:52AM (#53826029)

    Most social networks (like Facebook) expressly forbid sharing passwords or allowing others to use your account. Because that's the policy it becomes a Felony according to the Computer Fraud and Abuse Act (CFAA). The United States Court of Appeals has affirmed sharing accounts contrary to the TOS is a violation of the CFAA and there are people in PRISON as we speak for doing just that.

    I would contend that you cannot be compelled to commit a felony by a agent of the United States. If DHS wants this power they need to have the CFAA amended to grant them an exemption.

  • No social media account? You're a terrorist.

  • That can only be described as fucking stupid. Hell, why don't we make them submit to vivisection? Then we could learn LOTS and be certain they couldn't be a threat afterwards!

    There are many reasons it is stupid but for starters: Most everyone reuses passwords simply so there is some chance that they can actually remember their passwords. So what this amounts to is, "Give us unrestricted access to everything."
    And this coming from one of the least trustworthy things that exists: A government agency...

    If
  • How many social network identities, if any, I have? This is just plain FUD!
  • I simply won't go to the US unless my job forces me to. I certainly won't spend any tourist dollars there until this bullshit stops.

  • ... if they could just get Trump to hand over his Twitter password.

  • Prima Nocta (Score:5, Funny)

    by tekrat ( 242117 ) on Wednesday February 08, 2017 @12:56PM (#53827271) Homepage Journal

    "DHS officials also stated that if the wife of a US visitor is good-looking, they want to demand they get to sleep with the woman before allowing entry to the couple..."

"Everyone is entitled to an *informed* opinion." -- Harlan Ellison

Working...