The USA – land of the free, place of dreams, as long as you’re willing to hand over all rights to privacy upon entry.
In the latest installment of Black Mirror in real life, the border control episode, US Secretary of Homeland Security John Kelly has confirmed that he wants to go ahead with a proposal that non-US visitors must hand over the passwords to their electronics as well as their social media accounts and emails before being allowed into the country.
On Tuesday, while testifying infront of the House Homeland Security Committee about Trump’s ‘Muslim ban’ and taking the fall for it going through too quickly without enough consideration, he also let slip about more concerning security tactics that are currently under consideration by the department.
When quizzed about the increasing role social media plays in “tracking potential terrorists” and using “publicly available data” to catch them, Kelly responded by saying “we want to get on their [visa applicants] social media—with passwords.”
While it’s still being speculated how this could affect travellers (either from the seven banned Muslim-majority countries on Trump’s list or not), the fear is that the cost of travelling to America could be your digital privacy.
It’s not the first mention of the immigration strategy which was mulled over and eventually rejected by the Obama administration in 2015 (side note: remember that Irish couple who were turned away at immigration in LA for their tweets in 2012?).
Instead, the government gave immigration officials the right to ask foreign visitors (including those in visa waiver programmes, like the UK) for their social media handles, but not passwords.
The requirement for passwords to allow entry obviously didn’t go down well with those who those who advocate individual privacy. Joseph Lorenzo Hall, chief technologist at the Center for Democracy and Technology, wrote on his website:
“With that kind of access, they can not only see what you’ve publicly posted, but things you haven't posted yet, private messages, private lists, they can impersonate you, and even do these things on accident
“This kind of access is profoundly invasive.”
While addressing the committee, Kelly took a typically Trump-like approach and stated “If they don’t want to give us that information then they don’t come.”
The practical impacts of the strategy have already affected people, particularly those from the seven countries that have been hit with Trump’s ban.
Earlier this month, the Council for American-Islamic Relations filed complaints with the Department of Homeland Security, the Justice Department, and Customs and Border Patrol, alleging that border agents had asked several Muslim-American travelers to identify their social-media accounts and turn over passwords to their mobile devices.
Last month, Ali Hamedani, an Iranian-born British citizen and a reporter for the BBC, was asked to hand over his phone and password after he arrived at Chicago O’Hare airport.
In an interview with NPR, Kelly shared some more details on the strategy in relation to people from the seven banned countries.
He said the administration is considering requiring residents of the seven countries to provide lists of the websites they’ve visited and their passwords, to enable officials “to get on those websites to see what they're looking at.”
Some of the other “ballpark things” that his department is considering include looking at applicants’ social media use “to see what they tweet,” as well as financial information and cellphone contacts so that officials can check the numbers against databases kept by the U.S. and the European Union.
Kelly is keen to get the strategy through even if Trump’s immigration ban is permanently banned in the courts (where it is currently frozen).
There are a few things you can do to protect your digital privacy, according to Wired, though they are labourious and seem only likely if you have something to be concerned about (though at this rate, we wouldn’t be surprised if you’re turned away for saying Trump is a twat):
- Encrypt your hard drive with tools like BitLocker, TrueCrypt, or Apple’s Filevault, and choose a strong passphrase. On your phone—preferably an iPhone, given Apple’s track record of foiling federal cracking—set a strong PIN and disable Siri from the lockscreen by switching off “Access When Locked” under the Siri menu in Settings.
- Turn devices off before entering border control – this enhances your encryption tools and means you can’t be coerced into opening your phone with your fingerprint.
- Before going into customs, alert a lawyer or a loved one who can contact a lawyer, and contact them again when you get out. If you are detained, you may not be able to access your devices or otherwise have the opportunity to reach the outside world. And in the worst case scenario of a lengthy detention, you’ll want someone advocating for your release and legal representation.
- For the most vulnerable travelers, the best way to keeping customs away from your data is simply not to carry it. Set up travel devices that store the minimum of sensitive data. When you do have to create a linked account—as with iTunes for iOS devices—create fresh ones with unique usernames and passwords.
- One somewhat extreme method is to set up two-factor authentication for your sensitive accounts, so that accessing them requires entering not only a password but a code sent to your phone via text message. Then, before you cross the border, make sure you don’t have the SIM card that allows you—or customs officials—to receive that text message, essentially denying yourself the ability to cooperate with agents even if you wanted to.
These seem like they may raise more suspicion than necessary, but here’s what little hope we have left that it won’t come to that.