US Visitors May Have to Hand Over Social Media Passwords: DHS (nbcnews.com) 652
People who want to visit the United States could be asked to hand over their social-media passwords to officials as part of enhanced security checks, the country's top domestic security chief said. From a report on NBC: Homeland Security Secretary John Kelly told Congress on Tuesday the measure was one of several being considered to vet refugees and visa applicants from seven Muslim-majority countries. "We want to get on their social media, with passwords: What do you do, what do you say?" he told the House Homeland Security Committee. "If they don't want to cooperate then you don't come in."
Against TOS (Score:5, Interesting)
At least with FB it's against the TOS, and if you sign on from an unfamiliar IP, it would try other challenges to validate your identity.
Re:Against TOS (Score:5, Informative)
It's against the TOS for the user to let another access their account via the password. I didn't see anything in there about being on the receiving end. I would say it's implied, but it's not explicit. So security would be effectively forcing the user to violate the agreement with Facebook. Not sure how that plays out legally, but I'm assuming Facebook has every right to terminate their account for complying with the security check.
Here's the clause:
"You will not share your password (or in the case of developers, your secret key), let anyone else access your account, or do anything else that might jeopardize the security of your account.
You will not transfer your account (including any Page or application you administer) to anyone without first getting our written permission."
Re:Against TOS (Score:5, Interesting)
Because it's against the TOS, it's against the Computer Fraud and Abuse Act. CBP is asking people to commit a felony. The United States Court of Appeals held just last year that sharing password and allowing access contrary to the TOS is a violation. There are people in PRISON right now for commit this crime. I would not recommend doing it and Facebook should make a statement that what DHS is proposing is against the law.
If DHS wants to do this they need to ask congress to add an exemption to the CFAA.
Re:Against TOS (Score:5, Informative)
Because it's against the TOS, it's against the Computer Fraud and Abuse Act.
18 U.S. Code 103018 U.S. Code 1030(f): This section does not prohibit any lawfully authorized investigative, protective, or intelligence activity of a law enforcement agency of the United States, a State, or a political subdivision of a State, or of an intelligence agency of the United States.
Re: (Score:3)
Well, given that the Customs and Border Patrol were doing exactly that - enforcing after halt ordered by Federal Court, when will they be held liable?
Re:Against TOS (Score:4, Informative)
So if you don't hand over your Facebook password, you might be organising a terrorist group from your Facebook page so you can't enter the |USA.
If you do hand over your Facebook password, you have committed a felony, so you can't enter the USA.
That strikes me as exactly the outcome that the Trump administration is looking for.
Re: (Score:2)
The law doesn't make an exemption for social media. Facebook is a multi billion dollar company and it's TOS is very clear.
Re:Against TOS (Score:4, Insightful)
The word "free" (as in "Land of the Free") is dangerously undefined. Free from what? Free to do what? Not free to do what? The answers to the second and third questions would run to thousands of pages.
To assert that one country is "free" while another is "not free" is ridiculous. It doesn't even make much sense to say that one country is "freer" than another. So in Country A you are allowed to do X but forbidden to do Y; whereas in Country B it is the other way round. Presumably which country you prefer is a function of whether you prefer X to Y.
Re:Against TOS (Score:5, Insightful)
It's also against the 4th amendment:
"The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated..."
I would argue that an on-line account is an effect of a person (actually in both definitions of the word) and the constitution does not exclude non citizens.
Just disgraceful what my country has done to it's charter document.
Re:Against TOS (Score:5, Informative)
At the border, any and all "searches and seizures" are considered "reasonable" for purposes of the Fourth Amendment. See Border search exception [wikipedia.org].
Re:Against TOS (Score:4, Interesting)
this wouldn't be a search; it would be a compulsion to divulge information, which would then be used to assist in searching for something which isn't at the border.
additionally, like most universal claims, what you're saying is obviously false if read literally. for example, i don't think the courts would find it reasonable to conduct a mass cavity search in the lobby of an airport, on all debarking passengers from Syria (or wherever).
How is data "at the border"? (Score:5, Interesting)
Re: (Score:3)
I never agreed to not reveal my city of origin. I have agreed not to reveal my Facebook password. Moreover, knowing I live in Minneapolis, while useful in specifically identifying me, does not reveal any private information about me or my friends and family.
Re: Against TOS (Score:5, Informative)
Georgetown Law School says you don't know what you're talking about.
http://scholarship.law.georget... [georgetown.edu]
The fact that the Framers chose to limit to citizens only the rights to vote and to run for federal office is one indication that they did not intend other constitutional rights to be so limited.
Re: (Score:3)
It's against the TOS for the user to let another access their account via the password. I didn't see anything in there about being on the receiving end. I would say it's implied, but it's not explicit. So security would be effectively forcing the user to violate the agreement with Facebook. Not sure how that plays out legally, but I'm assuming Facebook has every right to terminate their account for complying with the security check.
Regarding the receiving end it's really quite easy, Facebook has authorized you to use their service and the password is just your authorization token. If anyone else is using your token to access their service they should be hit with some felony "unlawful access to computer resources" hacking charges, regardless if they got the token by accident, theft, blackmail or given voluntarily. Same as if I give you a key to water my plants, no matter who else ends up with the key they don't have my permission, even
Re: (Score:3)
No.
It's an agreement, and binding only between the issuing entity and the willing participant.
If I give my password to someone else and Facebook finds about it, all they can do is block access.
Facebook is free, offers no warranties, guarantees, and provides for indemnification.
--
"The only right a Facebook member has is to leave." © 2017 CaptainDork
Re: (Score:3)
Yep. I could hand over my password. But they'll have a hell of a time getting past the SSO codes (Unless the NSA has cracked that system somehow)
But I'm going to give the US a pass over the next 4 years. I have nothing to hide, but on a matter of principles I wouldnt give my own govt my passwords, and I sure as hell wouldnt give a foreign govt them.
Re: (Score:2)
But I'm going to give the US a pass over the next 4 years.
What makes you think it will get any better after that?
Re: (Score:3, Insightful)
No terrorist could possibly fake a social media profile. Or have two or 100. And it's impossible that an innocent person could just not have a social media profile.
Re: (Score:2)
Your latter point is right on. But one implication of this - if a person claims that he doesn't have a social media profile, and later on, it turns out that at the time of questioning, he actually did, that would be a reason to scrutinize him further. Of course, if he created one after coming to the US, it would be another story. But the main point is to make sure that anyone w/ a social media profile is looked at, so that you wouldn't have more Tasfeen Maliks.
I recently opened a new facebook profile w
Re: (Score:3)
Re:Against TOS (Score:5, Funny)
I agree. This is very simple and very great. Bigly! If you won't show your facebook profile then you have something to hide (why wouldn't you if you didn't?). If you have something to hide you are guilty. Seems like good security and can't be abused at all. Finally, we're back to common sense small government!
Re: (Score:3)
Some of us aren't in America and don't want to go there. (Offers in excess of $1 million might be seriously considered - or they might not). Some of us also don't have social media accounts, so we have time to do more important and interesting things.
Re: Against TOS (Score:5, Informative)
Umm... You realize you are posting on a social media platform, using a social media account, right?
There's nothing social about Slashdot.
Re: (Score:3)
Re: (Score:3)
It's better to agree by using a 2nd social medial handle that shows how super happy you are about Trump-America yeah!
We want only the best deceptive people to come to America.
Re: Against TOS (Score:5, Insightful)
I'm pretty sure the bill of rights doesn't say 'love it or leave it' where 'it' is the crazy current administration policy.
Re: Against TOS (Score:5, Insightful)
It's not an appeal to authority, it's an appeal to reality.
The US has long talked a good talk of championing personal freedoms, but usually does a bad job of actually respecting them. In just about every stage of our nation's history, there has been some threatening group of the day who has had its freedoms sharply curtailed, where the response has been more "meh," or at least "maybe this isn't great, but we're under attack or under threat."
Re:Against TOS (Score:5, Funny)
Just make a fake account on FB and Twitter and hand over those details. Follow and like Trump on both accounts and you're done.
WTF? (Score:5, Interesting)
I can imagine Facebook, Twitter etc. blowing up over this.
Besides, if they get password access how can they use ANYTHING they find as evidence of anything? They've got WRITE access, for crying out loud! The evidence chain isn't just poisoned, it's rotted right through.
Re: (Score:3)
Most social websites will have a timestamp of when the post was made or edited. So, government trapping people by writing fake posts may not be a viable option. Or at least we know this, not sure if the bozos running the government do. I think they might even try!
Re: (Score:2)
I'll wager money on them trying.
Not necessarily as a program of sorts, but single operators with access because of their position certainly will.
Re: (Score:3)
Comment removed (Score:5, Insightful)
Re:WTF? (Score:5, Insightful)
Exactly this. It would take minimal effort for a would-be terrorist to make a "clean" Facebook account. Have it only friend pro-US people and be completely innocuous - not even discussing US politics, but discussing which pop band is the best and the results of "Which Hogwarts House Am I In" quizzes. A clever terrorist organization could even have a whole division dedicated to maintaining these accounts for years before handing them over to the would-be-terrorist. DHS gets the clean Facebook account and doesn't see the secondary account where he's liked every anti-US Facebook post there is. This won't protect us from terrorists (except, maybe extremely stupid ones), will weaken the security of people entering the US, and will lead to abuse.
Re: (Score:3)
It would take minimal effort for a would-be terrorist to make a "clean" Facebook account.
Actually I think the amount of effort to do that would drive people to terrorism.
Re: (Score:3)
"You've been denied access to the United States because your Facebook account is only three months old and likes boring stuff."
The immigration system in this country is already a mess, we don't need to add more stupid and arbitrary ways for people to get denied access. If we deny access to someone there should be a good reason, not that their damn Facebook account isn't up to snuff. And, like has been said, it would be easy for an organization to create a whole series of accounts and actively maintain the
Re: (Score:3)
Re: (Score:3)
This is the same as any other thing that gives someone access to personal data. Identity theft in just the US costs victims billions a year what stops a disgruntled government employee from using the information found.
Re: (Score:2)
That seems to be the least of the problems. Even if you assume good faith (and you can't... too many stories of individual immigration officers, possibly with the encouragement of higher ups, acting inhumanely towards would-be immigrants), the request doesn't make sense: if I say I don't have a Twitter or Facebook account, are they going to believe me? What are the chances I have one if I live in a part of the world with no Internet?
And if I do, and I'm actually using my Facebook account to meet up with terrorists, preparing to be the first person ever from any of those seven countries to commit an act of terrorism in the US, what makes you think I'd use the same account for that as I do talking with friends and family? I mean, having one account used for both seems like it'd be asking for trouble. Guess which password you'd end up with...
What a waste of time and resources, and a completely unnecessary invasion of privacy.
For the 7 countries in question, you'd be right: chances are very likely that someone from Sudan, Libya, Somalia or Yemen doesn't have internet
Also, you're right about the terrorist thing: a terrorist would maintain a personal profile for friends & family, and another for his Ansar al Jihad comrades. And he won't turn over the latter. But one reason for this is undoubtedly San Bernardino, where Tasfeen Malik used her personal page to promote Jihad
Re: (Score:2, Interesting)
This only applies to the seven banned countries, countries that don't have reliable records.
If you travel to the US from Europe, the US requests your police, financial, and surveillance records from your home country. In that case, they don't need your social media accounts, because that contains everything from your political affiliations to the terms of endearment you use with your Swedish mistress.
If you travel to the US
Re:WTF? (Score:5, Insightful)
...What a waste of time and resources, and a completely unnecessary invasion of privacy.
Your assertion is based on the premise that the people behind this policy actually give a rat's ass about the safety and/or privacy of the average American.
A friend once made the insightful comment that having to stand in line at an airport waiting to take your shoes off has nothing to do with thwarting terrorism - its purpose is to make obedience to authority reflexive and habitual. As far as I'm concerned this is more of the same - and don't be surprised when, a few years down the road, America citizens are also forced to give up their social media passwords at the border.
Once upon a time I thought the people who talk about governments of ostensibly 'free' nations having their citizens chipped or bar-coded was the fantasy of conspiracy theorists. These days I'm not sure they're wrong.
Re: (Score:2)
Re: (Score:2)
Access to financial records can make sense. The social media thing is just stupid. People will just start using two sets of email and two sets of social media. One set for me -- and one set for Mrs. Grundy to review which has tons of "followings" of cat videos and dog tricks.
Re: (Score:2)
I don't think there is much respect left for "evidence chain", in particular wrt. non-US-citizens.
Re: (Score:2, Insightful)
You're so close to realizing this will eventually become mandatory unfettered read-only API calls for the gubmint.
Better also keep an eye on them for domestic dissidents too. Maybe we can come up with a catchy name for it like COINTELPRO.
Re: (Score:2)
COINTELPRO sounds like an old-school coin-counting machine with a modem built in and some fancy features that set it apart from the non-"pro" version.
You'd think an agency that purports to use communication and psychology to deduce the actions of others would know how to use simple marketing tricks to make their super-fancy project names not sound pants-on-head retarded.
This incompetence is part of why I don't worry too much about US "intelligence" agencies. They may be intelligent, but they have yet to prove it.
I hope this is a joke that has gone over my head. COINTELPRO was not any kind of public name. It was the internal name for a COunter INTELligence PROgram.
Re: (Score:3)
If they want to vet someone's social media presence, they can already subpoena these predominantly American companies and get this information. But what about someone who has no social media presence at all?
The feds have been trending in this general direction for years now, with suspensions of constitutional rights at border crossings that started back under Bush and Obama. Unfortunately the new administration is even less respectful of the rule of law.
You're absolutely right that officials can with thi
Re:WTF? (Score:5, Insightful)
Me too, except "blowing up" in the sense of suddenly having lots of new account signups. I imagine a desk at airports, with public computer everyone uses to sign up for accounts on these websites, in order to have a password to hand over.
"Uh, yeah, my account is throwaway12345@gmail.com. My password is 12345."
This isn't for purposes of finding evidence. It's for theater. Someone got the idea that American voters want visitors to be humiliated and insulted, and this is their idea for how to best do it.
How the idea of anal pattern photographs got shot down, I have no idea. Cowards!!
Re: (Score:3, Funny)
Evidence chain: ancient concept based on the alleged difference between facts and unfacts
Re:WTF? (Score:5, Interesting)
I think it is fine as long as all other countries ask for traveling American's passwords.
Just wait for that blow-up
Re: (Score:3)
I think it is fine as long as all other countries ask for traveling American's passwords.
Just wait for that blow-up
Americans following the same rules they expect others to follow? Not a chance!
Re:WTF? (Score:5, Insightful)
Re: (Score:2)
I can imagine Facebook, Twitter etc. blowing up over this.
Besides, if they get password access how can they use ANYTHING they find as evidence of anything? They've got WRITE access, for crying out loud! The evidence chain isn't just poisoned, it's rotted right through.
That's the point I made above - they can see things w/o a password, particularly in FB.
Re: (Score:2, Insightful)
You're not on trial. They are trying to find evidence that's in your favor, not evidence against you. If they don't want to admit you, they don't have to bother planting evidence, they just stamp "denied" on your visa application.
Re: (Score:3)
They are trying to find evidence that's in your favor, not evidence against you.
I have a bridge I'd like to sell you.
Re: (Score:3)
You don't understand; the default is simply for you not to get admitted if you are from one of those seven countries; they don't need to look at your social media account for that, they just deny your visa.
What's stopping other countries? (Score:3)
Maybe other countries will demand the same thing. I can see el Presidente Tweety giving up his password in the name of security.
Re:What's stopping other countries? (Score:5, Insightful)
Its simple, more and more people are now avoiding the USA.
If I need to fly to Europe from New Zealand I now go through Hong Kong or one of the other non-us routes. This is now the preferred method for all staff as the risks of IT devices (computers/phones/etc) being compromised at the US boarder is now considered too high.
There is also a growing preference for equipment from the EU as any training will be outside of the US too.
The US is slowly but surely shitting in its own nest.
I know personally, for family holidays we will no longer consider the USA, there is a great big world out there to see, and currently the USA and its policies places it a long way down the list of places to visit.
Re: (Score:2, Insightful)
You make it sound like that is a bad thing. If people who don't like the US avoid the US, that's one of the desirable outcomes, the attempts of Dem AGs notwithstanding.
Re:What's stopping other countries? (Score:5, Insightful)
Ahh, I see. So the plan is to make the US such a terrible place that no-one will want to go there? Now it finally makes sense.
Just a heads up, you might want to look into Somalia, they appear to have attempted a similar approach.
Re:What's stopping other countries? (Score:5, Insightful)
No, the plan is to tell Americans they are safe by banning people who have no record of doing naughty things in America, and that do not have Trump properties in their homelands.
One thing you have to consider when observing this Administration, nothing is connected. One policy might yang the yin out of some issue, another might yin the yang out of the same issue.
Also, knock-on effects are not considered because there's no way the head guys can keep two ideas in their heads at the same time. Case in point, the last Yemen raid by American Special Forces. The previous administration tried to think through the effects if something went wrong. The current administration would rather shoot first and aim later. The result: Yemen said no more of those.
Another case in point: American ban on Iraqis coming to the U.S. Iraq's Parliament is considering legislation banning Americans, and the Iraqis fighting and dying to attack Daesh are looking at the Americans and wondering why they should bother. Trumpets blaring about taking Iraqi oil tell them that the American administration has no respect for Iraqis. End result, decreased cooperation against Daesh, and possibly support for aggression against the U.S. after Daesh goes down the rat hole.
And the Administration rhetoric has given that little twit Ayatollah running Iran a gift claiming the Administration is showing America's true face.
Wanting to put China in its place, they did the opposite of rally Asian nations against China hegemony by pulling out of TPP thus pushing those countries closer to China. And whining about cheap Mexican labor and labor standards, they decided pulling out of the TPP would be a good idea, however it would have increased wages and standards for Mexicans.
Claiming the Mexican hordes are climbing over the borders (they aren't), they give every indication of starting a trade war with Mexico thus lowering the Mexican economy and making it likely to increase the pressure on Mexicans to squirrel under the new stupid wall to get into the U.S.
Re: (Score:2)
Other countries do. In particular Canadian border officials have a habit of asking the same thing. In the US however CPB is actually asking people to commit a Felony.
Re:What's stopping other countries? (Score:5, Interesting)
I would love to see this happen.
Just wait for the entitled Americans to cry to their government reps about how they are being treated like garbage.
Next up in 'Murica (Score:3, Insightful)
Next up on the hit series "'Murica: Hell yeah!", the orange prez makes a scandalous law - all students are to get daily cavity searches.
While glove manufacturer stock prices are soaring, Homeland Security Secretary John Kelly tells worried students "If you don't want your rectum searched for contraband, just stay at home.
God-damn the news are getting entertaining.
Uh huh, and then... (Score:3)
People will just keep real and fake social media accounts. One for real stuff, and one for border control to ogle.
The message this sends (Score:5, Interesting)
USA doesn't want tourists visiting the country
or business people doing trade deals
Re:The message this sends (Score:5, Interesting)
To be fair that's been the message for a long time. There's few countries I dread visiting, and the USA is one of them. I remember my last business trip clearly.
"Welcome to the United States of America" it said in the customs area of the airport. I got to stare at that shitty sign for 3 hours as a single customs man took his time individually fingerprinting and questioning the thousand visitors queued up.
America is a lovely place and the people are lovely and friendly. But I still dread actually clearing customs in that area and I say that as a white ordinary privileged man.
Profit motive will keep us safe (probably) (Score:5, Interesting)
I'm not surprised DHS is "considering" something like this. Certain gestapo elements in our government always are trying thuggish and ill considered tactics to make their lives easier. This is plainly a stupid and counterproductive idea to anyone with a functioning brain but the danger is real enough. The good news is that the companies affected (Facebook, Twitter, etc) have lots of money and flesh eating lawyers to fight such an over-reach by the government. I don't generally trust Facebook but I do trust their profit motive and DHS forcing people to hand over passwords is a clear and present danger to their bottom line.
Read-only password needed (Score:5, Interesting)
Re:Read-only password needed (Score:4, Insightful)
I don't even know my passwords (Score:2)
Re: (Score:3)
Using 2FA authentication won't work to stop them.
They ALREADY ask you to allow inspection of electronics. If you refuse to give them the password, expect to not get your phone, laptop, or tablet back till you either give them the password or they image the whole thing for NSA's "enhanced decryption".
Re: (Score:3)
What if you come into the country not planning to visit your social media account and therefor you don't bring and devices with you?
It is already common practice for travelers to bring blanked out devices with them and then restore them once they are through the checkpoints.
Nobody read the article (Score:2)
This is only if you're coming from one of the seven banned countries.
Re: (Score:2)
Guilty as charged. :) Anyway, it implies that these people could get into the US, which mean no ban. So this is positive news.
Oh, well (Score:3)
P.S. I don't even remember my FB password, on those rare occasions that I try to use FB from a new device I always have to go through the "forgot your password?" ordeal. But I don't expect border officials to be too sympathetic about that.
Asking People To Commit a Felony (Score:3, Interesting)
Most social networks (like Facebook) expressly forbid sharing passwords or allowing others to use your account. Because that's the policy it becomes a Felony according to the Computer Fraud and Abuse Act (CFAA). The United States Court of Appeals has affirmed sharing accounts contrary to the TOS is a violation of the CFAA and there are people in PRISON as we speak for doing just that.
I would contend that you cannot be compelled to commit a felony by a agent of the United States. If DHS wants this power they need to have the CFAA amended to grant them an exemption.
Slashdot readers predicted this last year (Score:2)
No social media account? You're a terrorist.
From the geniuses at DHS... (Score:2)
There are many reasons it is stupid but for starters: Most everyone reuses passwords simply so there is some chance that they can actually remember their passwords. So what this amounts to is, "Give us unrestricted access to everything."
And this coming from one of the least trustworthy things that exists: A government agency...
If
How do they know (Score:2)
I'm boycotting (Score:2)
I simply won't go to the US unless my job forces me to. I certainly won't spend any tourist dollars there until this bullshit stops.
I'd be happy ... (Score:2)
Re:I'd be happy ... (Score:4)
Try n9y25ah7 [techcrunch.com].
Prima Nocta (Score:5, Funny)
"DHS officials also stated that if the wife of a US visitor is good-looking, they want to demand they get to sleep with the woman before allowing entry to the couple..."
Re: (Score:2)
Um... TFA said "We want to get on their social media, with passwords".
What you suggest will not allow them to "get on their social media". It's the same as telling them to go pound sand.
Re: (Score:2)
Enjoy paying 10 cents to your carrier to receive an SMS every time you log in.
Re: (Score:3)
Enjoy paying 10 cents to your carrier to receive an SMS every time you log in.
These are people travelling to the US. Not Americans.
Outside the US, people generally don't pay to receive; only to send.
Re: (Score:2)
That just means you can't enter the country without a mobile.
Re: (Score:2)
Simple - you tell the visa applicant to give the DHS the real accounts and not the benign ones, otherwise they aren't allowed in.
Seriously though, I haven't logged onto my facebook account for about 18 months now - so that could flag up as being fake. That is if they could find it - I had the security settings locked down so that I can't even find it knowing my name and username.
Re: If you want to come to my country... (Score:3)
Re: (Score:2)
Re: (Score:2)
What about 2FA?
What if you don't know your password (password manager)?
What if you don't have a social media account?
All perfectly valid non-edge cases.
Re: (Score:3)
Re: (Score:2)
Re: (Score:2)
Me either. As the smarter of you guys can deduce, I have a slashdot account, but that's asocial media.
Re: (Score:2)
Actually, the above reason is why the US tried banning (which is currently in the courts) people from these 7 countries. Somalia, Yemen, Libya and Syria don't have reliable records. In fact, w/ Syria, it's tough to expect that the Assad regime, which the US had been trying to topple (not sure if that's still Trump's policy) would want to share anything w/ the US, and even if they did, they can't have records for the eastern half of their country that's run by ISIS. Same goes for Iraq: their government m
Re: (Score:3)
That's my point: the US government is offering to look at people's social media accounts in lieu of official government records.
I expect the court order will be overturned quickly. Not admitting people from countries without g
Re: (Score:3)
The password is "theseassholesmademecreatethisaccount". No caps.Easy to remember.
Re: (Score:3)
>> I deleted my facebook several years ago.
Last I heard this isn't actually possible.