'Hey, Homeland Security. Don't you dare demand Twitter, Facebook passwords at the border'

Civil liberty groups, security experts, law profs, lawmakers slam looming US policy

By Kieren McCarthy in San Francisco


Over 50 human rights and civil liberties groups, nearly 100 law professors and security experts, and lawmakers have launched a campaign against digital searches at the US border.

An open letter condemns recent comments by Homeland Security secretary John Kelly in which he proposed requiring selected non-citizens entering the US to provide the passwords to their social media accounts.

The letter has been signed by, among others, the American Civil Liberties Union, Center for Democracy & Technology, Consumer Technology Association, Electronic Frontier Foundation and Internet Society, as well as a wide range of law professors, internet engineers and security experts, including Bruce Schneier.

"Demanding passwords or other account credentials without cause will fail to increase the security of US citizens and is a direct assault on fundamental rights," the letter argues.

It warns that the approach would not only invade people's privacy – including those of US citizens – but also discourage travel to the United States as well as set a dangerous precedent that would likely see other countries institute similar entry requirements for US citizens.

"The first rule of online security is simple: Do not share your passwords," the letter concludes. "No government agency should undermine security, privacy, and other rights with a blanket policy of demanding passwords from individuals."

At the same time as the letter was published, others have published posts outlining the dangers of providing passwords and what consumers can do to avoid most of them.

New law

The issue has also attracted the attention of Senator Ron Wyden (D-OR), who sent a letter to Secretary Kelly saying he was "alarmed" by reports of Americans being detained by border agents and being pressured into handing over their smartphone PINs.

"These reports are deeply troubling," Wyden noted, "particularly in light of your recent comments suggesting that CBP [US Customs and Border Protection] might begin demanding social media passwords from visitors to the United States."

He continues: "Circumventing the normal protections for such private information is simply unacceptable. There are well-established legal rules governing how law enforcement agencies may obtain data from social media companies and email providers" – rules that require warrants or court orders.

He then asks five questions of Kelly, digging into the legal authority that the Department of Homeland Security (DHS) feels it possesses to demand passwords, and asks for stats on how often it has happened.

Wyden also writes that he will introduce legislation designed to "guarantee that the Fourth Amendment is respected at the border by requiring law enforcement agencies to obtain a warrant before searching devices, and prohibiting the practice of forcing travelers to reveal their online account passwords."

Travel ban 2.0

On the same day as the outcry, the DHS published two memoranda covering immigration that Kelly noted would supersede previous policies.

Those memos are largely focused on deporting illegal immigrants currently living within the United States, although it also looks at detaining individuals attempting to enter the country and promises to hire many more customs and immigration officials in the coming year.

President Trump's controversial travel ban remains in limbo, with the administration giving conflicting information about how it intends to respond to a decision by the Ninth Court of Appeals to temporarily block it. Meanwhile, people, including British Muslims, are being turned away from America seemingly for no real reason.

President Trump is reportedly planning to issue a revised executive order this week that is designed to withstand legal challenge and will continue to cover the seven Muslim-majority countries in the original travel ban order, but only block those arriving without a visa or who have never entered the country previously. ®

Sign up to our NewsletterGet IT in your inbox daily


More from The Register

Encryption? This time it'll be usable, Thunderbird promises

A generation that tried the PGP plugin weeps

SEAL up your data just like Microsoft: Redmond open-sources 'simple' homomorphic encryption blueprints

How to work on encrypted data without having to decrypt it first

Make America Wait Again: Trump hasn't stopped H-1B visas

Candidate Trump promised to make tech companies hire Americans first, but the deadline for action in 2017 has passed

Solid state of fear: Euro boffins bust open SSD, Bitlocker encryption (it's really, really dumb)

Security experts frantically facepalming at stupid design

Oz opposition caves, offers encryption backdoor compromise

Mark Dreyfus offers to rubber-stamp legislation if only counter-terror agencies get decryption

We're Putin our foot down! DHS, FBI blame Russia for ongoing infrastructure hacks

Alert adds detail to 'Dragonfly' cyber-attack disclosed last year

Wah, encryption makes policing hard, cries UK's National Crime Agency

Ever since Snowden it's been the default – report

Australia on the cusp of showing the world how to break encryption

You just pass a law, apparently

Post-Brexit five-year UK work visas planned – report

Plus, an extra 50 'exceptional' folk can get a Tech Nation passport

How's that encryption coming, buddy? DNS requests routinely spied on, boffins claim

Uninvited middlemen may be messing with message