The Trump administration’s plan to require visitors to the United States to hand over their social-media passwords is, when all is said and done, unlikely to catch any more potentially bad actors than we already do. Unfortunately, what it is likely to do is lead to detaining many perfectly legitimate visitors and contributing to both domestic resentment and blowback against U.S. travelers abroad.
Homeland Security Secretary John Kelly first broached the subject in February, telling the House Committee on Homeland Security of visitors who object that: “If they don’t want to cooperate, they don’t come in.”
{mosads}In practice, this may not actually represent as large a policy shift as it appears on the surface. U.S. border agents already have considerable discretion to ask for and even demand access to visitors’ online accounts, so long as such requests can be squared with the Fourth Amendment’s protections against unreasonable searches and seizures. Not unlike prior Trump administration declarations about ad hoc practices and unwritten rules, Kelly’s proposal effectively would ratify what has been a haphazard political reality.
Indeed, much of the precedent for what we now call “extreme vetting” at the border was set in motion during the Obama administration, which could be particularly Janus-faced when it came to security reviews. As recently as December, the government included an “optional” question requesting that foreign visitors “enter information associated with [their] online presence” on Visa Waiver Program applications. Given the leeway customs agents have to determine the disposition of a given application, whether the requests were—or were seen by applicants to be—truly voluntary is a matter for debate.
Nonetheless, the proposed blanket rule requiring all travelers to disclose their online passwords clearly would go beyond even the loosest interpretations of existing law. As Gene Hamilton, a senior DHS adviser, told the Wall Street Journal: “If there is any doubt about a person’s intentions coming to the United States, they should have to overcome—really and truly prove to our satisfaction—that they are coming for legitimate reasons.”
The first question about such a vetting process is whether it actually would prove effective. Bad actors undoubtedly would scrub their phones of evidence signaling dangerous associations and evade security by using different accounts and devices. U.S. Customs and Border Protection guidelines still require that officers can only review postings “consistent with the privacy settings the applicant has chosen to adopt.” Needless to say, criminals who plan to do damage to the United States likely will study their legal rights and deploy the optimal settings to avoid detection.
Moreover, demanding social-media passwords from visitors would create new privacy and security risks for all law-abiding visitors, jeopardizing their safety. Border control agents have few guidelines determining how information they collect should be stored, maintained or disseminated to other government agencies. The ongoing controversies surrounding Section 702 of the FISA Amendments Act underscores how personal information can be unmasked and abused. One can imagine the abuses that would accompany government access to foreigners’ Facebook accounts, which contain personal connections that map people’s digital lives.
American citizens also are far from impervious to the implications of vetting measures that target foreign visitors. There are enough historical examples to conclude that more intense scrutiny at the border eventually would make its way into domestic security checks. It also would embolden other countries—including those with far fewer due process protections—to demand online passwords from Americans, similar to Brazil and China‘s retaliatory responses to the Bush administration’s 2004 fingerprinting and photographing requirements for visa holders.
Just last month, the European Commission announced that it would no longer waive visa requirements for those traveling on U.S. passports, saying it was “legally obliged to take measures temporarily reintroducing visa requirements for US citizens, given that Washington still does not grant visa-free access to nationals of five EU countries.”
DHS’ plan to ask for visitors’ social-media passwords isn’t as unprecedented as some believe. But it also is neither an effective nor an efficient way to police the border and is likely to ratchet up international tensions in a way that could take a long time to unwind.
Arthur Rizer (@ArthurRizer) is justice and national security policy director with the R Street Institute. Daniel Semelsberger is a research associate with R Street.
The views expressed by contributors are their own and are not the views of The Hill.