There’s been a lot of buzz about this on Twitter, if you’re visiting the states anytime soon you might want to have your social media login credentials handy – as they might be requesting them at the border.
I find the whole thing rather contrived though as I use 2FA for everything, so they are welcome to my passwords – they can’t log in even with them.
Over 50 human rights and civil liberties groups, nearly 100 law professors and security experts, and lawmakers have launched a campaign against digital searches at the US border.
An open letter condemns recent comments by Homeland Security secretary John Kelly in which he proposed requiring selected non-citizens entering the US to provide the passwords to their social media accounts.
The letter has been signed by, among others, the American Civil Liberties Union, Center for Democracy & Technology, Consumer Technology Association, Electronic Frontier Foundation and Internet Society, as well as a wide range of law professors, internet engineers and security experts, including Bruce Schneier.
“Demanding passwords or other account credentials without cause will fail to increase the security of US citizens and is a direct assault on fundamental rights,” the letter argues.
It warns that the approach would not only invade people’s privacy – including those of US citizens – but also discourage travel to the United States as well as set a dangerous precedent that would likely see other countries institute similar entry requirements for US citizens.
“The first rule of online security is simple: Do not share your passwords,” the letter concludes. “No government agency should undermine security, privacy, and other rights with a blanket policy of demanding passwords from individuals.”
There’s some good points made as well with so many sites offering authentication and identity management based on Google and Facebook accounts giving up the access to those gives them the ability to access a LOT of sites and a huge amount of information about you.
The whole thing is rather draconian and Orwellian, sometimes especially since 2016 turned out the way it did (Hello Brexit and President Trump) I feel like I’m living in 1984.
And this kind of stuff DOES not help.
The issue has also attracted the attention of Senator Ron Wyden (D-OR), who sent a letter to Secretary Kelly saying he was “alarmed” by reports of Americans being detained by border agents and being pressured into handing over their smartphone PINs.
“These reports are deeply troubling,” Wyden noted, “particularly in light of your recent comments suggesting that CBP [US Customs and Border Protection] might begin demanding social media passwords from visitors to the United States.”
He continues: “Circumventing the normal protections for such private information is simply unacceptable. There are well-established legal rules governing how law enforcement agencies may obtain data from social media companies and email providers” – rules that require warrants or court orders.
He then asks five questions of Kelly, digging into the legal authority that the Department of Homeland Security (DHS) feels it possesses to demand passwords and asks for stats on how often it has happened.
The whole thing makes travelling to the USA quite unattractive with border agents able to demand your phone PIN code and now your social media login details.
I hope it all goes away when some judge realises this is a HUGE violation of privacy and doesn’t actually make anything more secure.
Source: The Register
sudon't says
How do you figure two-factor auth is going to help? They’ll just click “send a text to my phone”, and when the text comes in, they’ll have your phone in hand. If they’ve decided to have a look at you social media, do you think they’ll leave you holding your phone? No, they’ll want your phone’s passcode as well.
Darknet says
Set the 2FA number to a feature phone in your check-in luggage. Or use a YubiKey (also not with you) etc.