Visiting The States? Have Your Passwords Ready


There’s been a lot of buzz about this on Twitter, if you’re visiting the states anytime soon you might want to have your social media login credentials handy – as they might be requesting them at the border.

Visiting The States? Have Your Passwords Ready

I find the whole thing rather contrived though as I use 2FA for everything, so they are welcome to my passwords – they can’t log in even with them.

Over 50 human rights and civil liberties groups, nearly 100 law professors and security experts, and lawmakers have launched a campaign against digital searches at the US border.

An open letter condemns recent comments by Homeland Security secretary John Kelly in which he proposed requiring selected non-citizens entering the US to provide the passwords to their social media accounts.

The letter has been signed by, among others, the American Civil Liberties Union, Center for Democracy & Technology, Consumer Technology Association, Electronic Frontier Foundation and Internet Society, as well as a wide range of law professors, internet engineers and security experts, including Bruce Schneier.

“Demanding passwords or other account credentials without cause will fail to increase the security of US citizens and is a direct assault on fundamental rights,” the letter argues.

It warns that the approach would not only invade people’s privacy – including those of US citizens – but also discourage travel to the United States as well as set a dangerous precedent that would likely see other countries institute similar entry requirements for US citizens.

“The first rule of online security is simple: Do not share your passwords,” the letter concludes. “No government agency should undermine security, privacy, and other rights with a blanket policy of demanding passwords from individuals.”


There’s some good points made as well with so many sites offering authentication and identity management based on Google and Facebook accounts giving up the access to those gives them the ability to access a LOT of sites and a huge amount of information about you.

The whole thing is rather draconian and Orwellian, sometimes especially since 2016 turned out the way it did (Hello Brexit and President Trump) I feel like I’m living in 1984.

And this kind of stuff DOES not help.

The issue has also attracted the attention of Senator Ron Wyden (D-OR), who sent a letter to Secretary Kelly saying he was “alarmed” by reports of Americans being detained by border agents and being pressured into handing over their smartphone PINs.

“These reports are deeply troubling,” Wyden noted, “particularly in light of your recent comments suggesting that CBP [US Customs and Border Protection] might begin demanding social media passwords from visitors to the United States.”

He continues: “Circumventing the normal protections for such private information is simply unacceptable. There are well-established legal rules governing how law enforcement agencies may obtain data from social media companies and email providers” – rules that require warrants or court orders.

He then asks five questions of Kelly, digging into the legal authority that the Department of Homeland Security (DHS) feels it possesses to demand passwords and asks for stats on how often it has happened.

The whole thing makes travelling to the USA quite unattractive with border agents able to demand your phone PIN code and now your social media login details.

I hope it all goes away when some judge realises this is a HUGE violation of privacy and doesn’t actually make anything more secure.

Source: The Register

Posted in: Legal Issues, Privacy


Latest Posts:


zBang - Privileged Account Threat Detection Tool zBang – Privileged Account Threat Detection Tool
zBang is a risk assessment tool for Privileged Account Threat Detection on a scanned network, organizations & red teams can use it to identify attack vectors
Memhunter - Automated Memory Resident Malware Detection Memhunter – Automated Memory Resident Malware Detection
Memhunter is an Automated Memory Resident Malware Detection tool for the hunting of memory resident malware at scale, improving threat hunter analysis process.
Sandcastle - AWS S3 Bucket Enumeration Tool Sandcastle – AWS S3 Bucket Enumeration Tool
Sandcastle is an Amazon AWS S3 Bucket Enumeration Tool, formerly known as bucketCrawler. The script takes a target's name as the stem argument (e.g. shopify).
Astra - API Automated Security Testing For REST Astra – API Automated Security Testing For REST
Astra is a Python-based tool for API Automated Security Testing, REST API penetration testing is complex due to continuous changes in existing APIs.
Judas DNS - Nameserver DNS Poisoning Attack Tool Judas DNS – Nameserver DNS Poisoning Attack Tool
Judas DNS is a Nameserver DNS Poisoning Attack Tool which functions as a DNS proxy server built to be deployed in place of a taken over nameserver to perform targeted exploitation.
dsniff Download - Tools for Network Auditing & Password Sniffing dsniff Download – Tools for Network Auditing & Password Sniffing
Dsniff download is a collection of tools for network auditing & penetration testing. Dsniff, filesnarf, mailsnarf, msgsnarf, URLsnarf, and WebSpy passively monitor a network


2 Responses to Visiting The States? Have Your Passwords Ready

  1. sudon't March 20, 2017 at 7:35 pm #

    How do you figure two-factor auth is going to help? They’ll just click “send a text to my phone”, and when the text comes in, they’ll have your phone in hand. If they’ve decided to have a look at you social media, do you think they’ll leave you holding your phone? No, they’ll want your phone’s passcode as well.

    • Darknet March 23, 2017 at 2:13 am #

      Set the 2FA number to a feature phone in your check-in luggage. Or use a YubiKey (also not with you) etc.