Many have been alarmed about the US Department of Homeland Security’s desire to not just examine the social media profiles of some travellers, tourists and visa holders – but to also permit border agents and immigration officials to demand account passwords, so that they can rifle through non-public posts, private messages and online financial transactions.
As John Kelly, the newly-appointed United States Secretary of Homeland Security, told the House Homeland Security Committee this week:
“We want to say ‘what kind of sites do you visit and give us your passwords,’ so we can see what they do. We want to get on their social media with passwords – what do you do, what do you say. If they don’t want to cooperate then they don’t come in. If they truly want to come to America they’ll cooperate, if not then ‘next in line’.”
This is clearly not just an obvious massive intrusion into people’s privacy, but also raises worrying questions about how much care the border agencies will take in ensuring that passwords and private information does not fall into the wrong hands, or is misused.
— Joseph Lorenzo Hall (@JoeBeOne) February 9, 2017
Indeed, your reaction may be that if this is the way a country plans to treat its visitors, you may politely decline to travel to the country at all.
Fortunately, iOS security expert Jonathan Zdziarski has put together a great guide designed to help people protect their devices and privacy when they pass through border controls:
You might think that you can simply change your passwords after a border encounter, but what you may not realize is that a forensics tool is capable of imaging potentially your entire life from a single access to your account. Whether it’s old iPhone backups sitting in iCloud that can date back years, or your entire Facebook private message history, once an API is wired into a forensics tool, that one moment in time exposes all of your historical data to the border agent, which ultimately exposes all of your historical data to an intelligence database.
It’s well worth a read.