Tech Industry Comes Out Against Possible DHS Collection Of Visitors’ Passwords

Earlier this month, newly confirmed Homeland Security Secretary John Kelly told a Congressional committee that one of the possible forms of “extreme vetting” for visitors to the U.S. could include requiring them to hand over their login information for websites they visit. Today, a coalition made up of human rights organizations, consumer advocates, and the tech industry penned an open letter to Kelly, calling on DHS to not go down this path.

Speaking before the House Homeland Security Committee on Feb. 7, Kelly explained some possible processes his department would put in place to screen visitors from the seven mostly Muslim nations listed in President Trump’s controversial travel ban.

“We could be asking them about websites that they frequently visit,” he explained to one Congressmember. “Anything and everything of that nature so we can get our arms around what kind of an individual we’re dealing with.”

Kelly elaborated on this later in the hearing, telling another committee member about how DHS could use a visitor’s social media interactions as part of the vetting process.

“If someone wants to come into our country, not only do they bring a passport or whatever their stories are — and again, it’s very hard to truly vet these people from these seven countries because they just don’t have the internal infrastructure — they come and we say, ‘What sites do you visit?’ and ‘Give us your passwords’ so that we can see what they do on the internet,” explained the Secretary.

“If they don’t want to give us that information, then they don’t come,” he continued. “We want to get on their social media with passwords. ‘What do you do?’ ‘What do you say?’ It they don’t want to cooperate, then they don’t come in… These are the things we’re thinking about. No one should take this as ‘This is what we’re going to do right now,’ but over there [referring to overseas] we can ask them for this kind of information and if they truly want to come to America they’ll cooperate. If not… next in line.”

Two days later, Kelly reiterated many of these same points in an interview with NPR’s Morning Edition, where he also acknowledged that the list of seven affected countries could expand to include travelers from other nations.

While Kelly has repeatedly framed these possible vetting measures as “a work in progress” and “ballpark things” not to be taken as givens, they were nevertheless of enough concern to merit the letter sent this morning by the Computer and Communications Industry Association (CCIA) — a trade group whose members include Amazon, Facebook, Microsoft, Netflix, Google, and Samsung — along with dozens of other organizations.

The letter [PDF] begins by acknowledging the vital role that Homeland Security plays in protecting the nation’s borders, but argues that “demanding passwords or other account credentials without cause will fail to increase the security of U.S. citizens and is a direct assault on fundamental rights.”

“This proposal would enable border officials to invade people’s privacy by examining years of private emails, texts, and messages,” contends the letter, which was also signed by groups like the Electronic Frontier Foundation, Free Speech Coalition, Human Rights Watch, Public Citizen, National Consumer League, the ACLU, and dozens of academics. “It would expose travelers and everyone in their social networks, including potentially millions of U.S. citizens, to excessive, unjustified scrutiny. And it would discourage people from using online services or taking their devices with them while traveling, and would discourage travel for business, tourism, and journalism.”

The letter also raise the concern about the sort of precedent that could be set and its potential ripple effect for travelers worldwide.

“This demand is likely to be mirrored by foreign governments, which will demand passwords from U.S. citizens when they seek entry to foreign countries,” claims the letter. “This would compromise U.S. economic security, cybersecurity, and national security, as well as damage the U.S.’s relationships with foreign governments and their citizenry.”

CCIA President & CEO Ed Black argues in a separate statement “Our borders ought to reflect the Constitutional protections that make the U.S. a place people want to come. There are better ideas that would fulfill the mutual goals of protecting peoples’ security and privacy.”

As NBC News noted following the Feb. 7 hearing, the Obama administration had considered instituting a policy that would have authorized certain officials to access social media accounts to vet foreign visa applicants. However, that policy was never put into place.

Want more consumer news? Visit our parent organization, Consumer Reports, for the latest on scams, recalls, and other consumer issues.