Visiting The States? Have Your Passwords Ready

Use Netsparker


There’s been a lot of buzz about this on Twitter, if you’re visiting the states anytime soon you might want to have your social media login credentials handy – as they might be requesting them at the border.

Visiting The States? Have Your Passwords Ready

I find the whole thing rather contrived though as I use 2FA for everything, so they are welcome to my passwords – they can’t log in even with them.

Over 50 human rights and civil liberties groups, nearly 100 law professors and security experts, and lawmakers have launched a campaign against digital searches at the US border.

An open letter condemns recent comments by Homeland Security secretary John Kelly in which he proposed requiring selected non-citizens entering the US to provide the passwords to their social media accounts.

The letter has been signed by, among others, the American Civil Liberties Union, Center for Democracy & Technology, Consumer Technology Association, Electronic Frontier Foundation and Internet Society, as well as a wide range of law professors, internet engineers and security experts, including Bruce Schneier.

“Demanding passwords or other account credentials without cause will fail to increase the security of US citizens and is a direct assault on fundamental rights,” the letter argues.

It warns that the approach would not only invade people’s privacy – including those of US citizens – but also discourage travel to the United States as well as set a dangerous precedent that would likely see other countries institute similar entry requirements for US citizens.

“The first rule of online security is simple: Do not share your passwords,” the letter concludes. “No government agency should undermine security, privacy, and other rights with a blanket policy of demanding passwords from individuals.”


There’s some good points made as well with so many sites offering authentication and identity management based on Google and Facebook accounts giving up the access to those gives them the ability to access a LOT of sites and a huge amount of information about you.

The whole thing is rather draconian and Orwellian, sometimes especially since 2016 turned out the way it did (Hello Brexit and President Trump) I feel like I’m living in 1984.

And this kind of stuff DOES not help.

The issue has also attracted the attention of Senator Ron Wyden (D-OR), who sent a letter to Secretary Kelly saying he was “alarmed” by reports of Americans being detained by border agents and being pressured into handing over their smartphone PINs.

“These reports are deeply troubling,” Wyden noted, “particularly in light of your recent comments suggesting that CBP [US Customs and Border Protection] might begin demanding social media passwords from visitors to the United States.”

He continues: “Circumventing the normal protections for such private information is simply unacceptable. There are well-established legal rules governing how law enforcement agencies may obtain data from social media companies and email providers” – rules that require warrants or court orders.

He then asks five questions of Kelly, digging into the legal authority that the Department of Homeland Security (DHS) feels it possesses to demand passwords and asks for stats on how often it has happened.

The whole thing makes travelling to the USA quite unattractive with border agents able to demand your phone PIN code and now your social media login details.

I hope it all goes away when some judge realises this is a HUGE violation of privacy and doesn’t actually make anything more secure.

Source: The Register

Posted in: Legal Issues, Privacy


Latest Posts:


BDFProxy - Patch Binaries via MITM - BackdoorFactory + mitmProxy BDFProxy – Patch Binaries via MiTM – BackdoorFactory + mitmproxy
BDFProxy allows you to patch binaries via MiTM with The Backdoor Factory combined with mitmproxy enabling on the fly patching of binary downloads
Domained - Multi Tool Subdomain Enumeration Domained – Multi Tool Subdomain Enumeration
Domained is a multi tool subdomain enumeration tool that uses several subdomain enumeration tools and wordlists to create a unique list of subdomains.
Acunetix Vulnerability Scanner For Linux Now Available Acunetix Vulnerability Scanner For Linux Now Available
Acunetix Vulnerability Scanner For Linux is now available, now you get all of the functionality of Acunetix, with all of the dependability of Linux.
Gerix WiFi Cracker - Wireless 802.11 Hacking Tool With GUI Gerix WiFi Cracker – Wireless 802.11 Hacking Tool With GUI
Gerix WiFi cracker is an easy to use Wireless 802.11 Hacking Tool with a GUI, it was originally made to run on BackTrack and this version has been updated for Kali (2018.1).
Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.


2 Responses to Visiting The States? Have Your Passwords Ready

  1. sudon't March 20, 2017 at 7:35 pm #

    How do you figure two-factor auth is going to help? They’ll just click “send a text to my phone”, and when the text comes in, they’ll have your phone in hand. If they’ve decided to have a look at you social media, do you think they’ll leave you holding your phone? No, they’ll want your phone’s passcode as well.

    • Darknet March 23, 2017 at 2:13 am #

      Set the 2FA number to a feature phone in your check-in luggage. Or use a YubiKey (also not with you) etc.