PrivacyTech coalition fights DHS proposal to collect social media passwords

Published 24 February 2017

Earlier this week, the Center for Democracy & Technology announced the creation of a coalition of tech companies, NGOs, and privacy advocates to oppose efforts by DHS to collect social media passwords from individuals entering the United States. The coalition focuses on visa applicants who might be compelled to share their passwords under new DHS policies.

Earlier this week, the Center for Democracy & Technology announced the creation of a coalition of tech companies, NGOs, and privacy advocates to oppose efforts by DHS tocollect social media passwords from individuals entering the United States.

TechCrunch reports that the coalition focuses on visa applicants who might be compelled to share their passwords under new DHS policies. 

DHS should take the idea of making blanket demands for passwords off the table,” Center for Democracy & Technology Free Expression Project Director Emma Llansó told TechCrunch. “The idea is unbelievably invasive and will put U.S. citizens and foreign travelers alike at risk.”

Last week, Senator Ron Wyden (D-Oregon) sent a letter to DHS secretary John Kelly, in which the senator pointedly criticized government agencies requesting access to locked devices and social media accounts.

The full statement from the Center for Democracy & Technology:

The undersigned coalition of human rights and civil liberties organizations, trade associations, and experts in security, technology, and the law expresses deep concern about the comments made by Secretary John Kelly at the House Homeland Security Committee hearing on February 7th, 2017, suggesting the Department of Homeland Security could require non-citizens to provide the passwords to their social media accounts as a condition of entering the country.

We recognize the important role that DHS plays in protecting the United States’ borders and the challenges it faces in keeping the U.S. safe, but demanding passwords or other account credentials without cause will fail to increase the security of U.S. citizens and is a direct assault on fundamental rights.

This proposal would enable border officials to invade people’s privacy by examining years of private emails, texts, and messages. It would expose travelers and everyone in their social networks, including potentially millions of U.S. citizens, to excessive, unjustified scrutiny. And it would discourage people from using online services or taking their devices with them while traveling, and would discourage travel for business, tourism, and journalism.

Demands from U.S. border officials for passwords to social media accounts will also set a precedent that may ultimately affect all travelers around the world. This demand is likely to be mirrored by foreign governments, which will demand passwords from U.S. citizens when they seek entry to foreign countries. This would compromise U.S. economic security, cybersecurity, and national security, as well as damage the U.S.’s relationships with foreign governments and their citizenry.

Policies to demand passwords as a condition of travel, as well as more general efforts to force individuals to disclose their online activity, including potentially years’ worth of private and public communications, create an intense chilling effect on individuals. Freedom of expression and press rights, access to information, rights of association, and religious liberty are all put at risk by these policies.

The first rule of online security is simple: Do not share your passwords. No government agency should undermine security, privacy, and other rights with a blanket policy of demanding passwords from individuals.