By Asheeta Regidi
The news following the US ban of entry of nationals from seven countries is that such nationals may need to disclose the passwords to their social media accounts. This is the latest vetting measure, among many others, suggested by the Department of Homeland Security (DHS) for entry into the US. The suggestion is currently limited to the seven banned countries, but there is no saying if the rule will soon be extended to all persons seeking entry.
The worrying part is, the DHS had earlier considered mandating this for all applicants in 2011. If made mandatory, an applicant is not entitled to refuse to provide the information.
Social media vetting already being done
Vetting of social media activity has actually been done for some time, though not on a mandatory basis. The DHS clearly mentions the use of publicly available information on social media sites as a part of the application vetting process. Even now, application forms, such as the ESTA visa application, seek account names on an optional basis, though not the passwords.
This move was reportedly triggered by the San Bernardino shooting incident, where the government faced severe criticism for failing to detect the shooter’s jihadist posts on social media. In fact, the DHS had considered making this a formal part of the vetting process in 2011, as per a leaked internal document of the DHS, released by MSNBC. Thankfully, the plan was shelved since it was both, too time consuming and cost prohibitive.
Chilling effect of such vetting
A person cannot reasonably expect privacy for posts made publicly on the internet. However, there is a huge difference between people in general reading their public posts and the government gaining access to these accounts. There is also no saying how much discretionary authority will be granted to the DHS officials to access or judge a person’s social media activity. Fears arise therefore that this system may be used to unfairly discriminate against people for reasons like political ideology and religious belief.
For example, suppose a person has cited quotes from the Quran, does that make him a suspect? Will a person who has criticised the US President’s moves, be discriminated against?
Such a move will have a direct chilling effect on the people’s right to freedom of speech, particularly their right to freely criticise the government.
Will changing your password become fraud?
Apart from the gross invasion of privacy, there are several other issues. For example, people may not remember every social media account they ever signed up for. They may well disclose only those accounts that they are using actively. This could very well be considered as fraud.
Similarly, records of information provided by immigrants and other visa applicants are to be stored with the UC Citizenship and Immigration Services (USCIS) for 15 years. During this, are people allowed to change their passwords? Will people need to inform the USCIS every single time they change their passwords? Even if the required validity of the password is limited to the application process, the application process alone may take any time between a few weeks to years depending on the type (tourist visa vs green card). Throughout this time are persons not to change their passwords?
You cannot refuse to disclose
The sad part is, that if this is made a mandatory part of visa applications, the applicants are not entitled to refuse to provide the information. By submitting an application, applicants formally consent to the provision to and use of such information by the US government. A person refusing to provide such information will simply have his application rejected.
An applicant also will not be able to claim the right to privacy as a ground of refusing to provide the information. While the right to privacy for applicants exists, it is granted in a limited manner in the form of privacy obligations imposed on the USCIS and the DHS. These rights do not extend to refusing to provide the information. In case of misuse of the information by the DHS, people have a remedy, but the obligation to provide the information remains.
Risks of security and preventing misuse
The privacy obligations imposed are under the US Immigration and Nationality Act and other laws like the Electronic Communications Privacy Act and the Privacy Act of 1974. These obligations direct the DHS on how to lawfully use the information, which includes issues like access of such information, use of the information for lawful purposes only, securing the information and conditions for disclosure.
While the restrictions on the use of the information are laid down on paper, who is to say what the information can be used for? The misuse of information by the NSA and its surveillance activities are already well known. This move now only adds to the surveillance abilities of the government. Even if the uses of the information are lawful, hacking of government databases is not new. The storage of such information will make the USCIS database a crucial target for cybercriminals.
Other countries may follow suit
The US privacy laws limit the collection of personal information to relevant and necessary information only. Clearly, gaining direct, unlimited access to a person’s social media account exceeds those limits. Advances in technology may remove even the cost considerations that had prevented the US from implementing this scheme earlier. If the US makes social media vetting mandatory, other countries are also likely to follow suit. The true purpose behind it, to detect terrorist links is hardly likely to be served, as terrorists would simply create false accounts. The only actual effect of such a move will be an absolute chilling effect on free speech and the free use of the internet.
The author is a lawyer with a specialisation in cyber laws and has co-authored books on the subject
Publish date: February 10, 2017 1:46 pm| Modified date: February 10, 2017 2:00 pm