
Passwords for social media accounts could be required for some to enter country - rainhacker
https://techcrunch.com/2017/02/08/passwords-for-social-media-accounts-could-be-required-for-some-to-enter-country/
======
natch
If they get a person's password, the largest privacy violation is not to that
person. It's to all that person's friends and family who shared private
material.

We can discuss all we want whether it was wise for anyone to share, say,
everyday normal photos of their children or themselves on Facebook.

If you think they shouldn't have shared normal, everyday, family photos on an
online service, sure, fine, I don't know what to say. But let's say they did
do so, which is pretty normal.

Are they entitled to some privacy from whatever pervs the DHS hires?

Remember "they" is the friends and family of the person visiting the US, not
the person themselves.

Many of these friends and family will be US citizens, so arguments about
differing rights for non-citizens, whether valid or invalid with respect to
privacy rights, don't necessarily apply in those cases.

~~~
tn13
US citizens must thank the founding fathers for all the amendments else the
feds would have treated all of us just like this.These wannabe immigrants have
0 rights or voting power so they are being treated like complete shit.

The way US government treats legal immigrants, they might as well ask them to
bring a lube and drop pants and bend over at the immigration check. This
comment might seem crass but it is nowhere close to the crassness with which
US government has come to treat people who are going through all the
ridiculous legal hoops and in process making criminals out of perfectly
ordinary people.

This is like having a super complex CAPTCHA on your signup page for humans
while letting bots pass through by some minor cookie manipulation.

------
pfooti
I wonder if this includes google accounts (since you know, google plus).

I mean, the whole notion is horrific and abysmal, but in today's OAUTH world
you're not just giving up the facebook goods, you're giving up co-logins to
lots of other sites too. There's other technical issues too - I use 2FA
everywhere. So, do I disable the 2FA or have to give that up too? In
perpetuity? I mean, I don't trust law enforcement to not go around murdering
people, why should they have access to passwords?

The very _thought_ or suggestion that this could someday happen would make me
cancel any and all trips to the US for the foreseeable future (if I weren't
already a US citizen who lived here, that is, and as it is I'm seriously
considering emigrating in response to this administration).

The brain drain effects will have to be enormous. There's already a company
focused on helping startups use Vancouver to base their remote employees. [0]

On so many levels this is bad. I'd heard the notion floated under the Obama
administration, but I trusted them to be adult and see all the possible
ramifications. I do not trust the Trump administration to even be in the
neighborhood of rational, let alone adult. I mean, they dumped the immigration
executive order with no actual warning whatsoever (besides repeatedly saying
he'd do just that, I suppose). So now we have no real choice but to take them
at their word.

0: [https://techvibes.com/2017/02/01/true-north-establish-
vancou...](https://techvibes.com/2017/02/01/true-north-establish-vancouver-
hub-foreign-workers-trump)

------
nodesocket
I am failing to see how providing your Facebook password provides any
legitimate confirmation about you and your associations. You can easily create
a fake Facebook profile with your picture, fake posts, fake friends, fake
everything.

The internet is a cesspool of people who troll, create fake profiles, invoke
reactions, behave completely different than they would on the streets, and
intentionally hide their identity. Using it as a primary source of identity
verification is a terrible idea.

Why not require proof of a financial statement? Bank account in your name, or
a process to verify somebody via their bank account without requiring their
bank account password.

~~~
pier25
It's just as ridiculous as those forms you are asked to fill when entering the
US as a foreigner.

For example:

> Do you seek to engage in terrorist activities while in the United States?

~~~
rdtsc
The reason for those is to then quickly provide a way to invalidate their visa
and have an administratively easy path to kick them out without having to go
to court and such. Terrorist activities doesn't mean blowing things up, it
could be open to all kinds of interpretation (donated money to some
organization, protested and was arrested for rioting, went to a black-hat
conference which had talks about subverting security systems of power plants
etc, etc).

~~~
pas
Any statue establishing those could also establish that those are proper cause
for immediate deportation, no need for fancy forms and logic-gymnastics.

------
Tharre
What if I don't have any social media accounts? Do the officials just assume
I'm lying and deny me entry?

This is insanity.

~~~
x0x0
You know what's better? Other countries will follow our lead and demand the
same. Particularly of American visitors. And why should they not?

~~~
adventured
You act like that's some kind of revelation. Countries such as France,
Britain, Germany, Sweden, the Netherlands, Australia, India, Russia and China
are already on par with or beyond the US when it comes to abusive domestic
espionage.

~~~
hellofunk
You can't make a statement like that without backing it up.

The evidence to the contrary is in greater favor until you provide support.

------
oskarth
Considering how the NSA probably has access to this already, what does this
mean? A few options off the top of my head. Not putting any probabilities on
these, but it's interesting to think about. The options are neither exhaustive
nor exclusive.

(a) NSA info is drying up due to resistance from companies

(b) NSA info can't be shared due to low-priority targets

(c) NSA info can be shared but there's something going on between NSA and DHS
that makes this difficult

(d) NSA info can be shared, but only to people of a certain clearance, which
makes this non-scalable for ports of entry

(e) NSA info can be shared but the goal of the policy isn't info, it's
signaling

~~~
salesguy222
I would say everything except option (a). additionally, it's possible that
data streams are drying up into the NSA (i dont think they are), but the NSA
already has enough to incriminate literally every human on earth for any petty
thoughtcrime

most likely, I say, is that the data in NSA Utah is basically like a walled
off test dev that only a few special people can query for currently important
things. their main job is to determine how best to query it in the future

and then each agency maintains a prod database of its own data its collected
to oppress everyone. very rarely would they ever get NSA data

~~~
Cyph0n
> but the NSA already has enough to incriminate literally every human on earth
> for any petty thoughtcrime

I think that you are _slightly_ overestimating how much the NSA can achieve
with current technologies.

~~~
salesguy222
Interesting. How many people, would you say, have a textual conversation over
email or FB or a forum, etc, that had ended up in an NSA dragnet?

Then, of those conversations (presumably several billion), how many are stored
with some identifiable metadata, like IP address, GPS tag, real name, photo?

Even if it is only a few million people, it's still way too much of an
overreach, and still ridiculously cheap to store on tape and analyze on
disk/ssd.

then you just pay someone who cant find any better work to type queries into a
system.

How many times have you talked about potential crimes with your friends? how
many times have they talked about using drugs, fake IDs, speeding, petty
theft, etc

how many times has "child porn" inadvertantly made it into your browsers
temporary files.

Almost everything is a crime, and the government's ability to cheaply
prosecute is only growing

~~~
Cyph0n
I am aware of all that, and I can see how it would be feasible given enough
compute power and cooperation from FB et. al.

My issue is with your claim that the NSA could incriminate "literally" anyone
on the planet.

~~~
salesguy222
I agree that literally is an exaggeration, and that for now, masai warriors
and newborn infants are safe :)

------
salesguy222
i hope everyone can look at this and see the conclusive proof:

many people in government from all sides abuse technology to control the lives
of people in new, shocking, and totalitarian ways

to say "i'm not muslim, or Iranian, or Mexican, or a dissident", or etc, will
soon no longer suffice.

Every conceivable activity and word you speak or think will eventually be
evaluated if the technology is cheap enough and politicians are daring enough

The constitution doesn't even stop people from doing things like this anymore,
so I don't know how to fix this

~~~
anigbrowl
The Constitution is on it's way to becoming a dead letter. There's nothing
wrong with rebooting the Republic, many countries go through such disruptions.
I'm not saying just do it, but if the existing political consensus collapses
we won't benefit from trying to back to how things used to be.

~~~
andai
I was just thinking today about Thomas Jefferson's idea that the constitution
be rewritten every 19 years (every generation).

I arrived at that thought while thinking about how Dropbox Paper is more
modern than Google Docs (which turns 12 this year).

Sometimes it's better to start over from scratch.

It lets you do things you actually couldn't do with lots of small changes.

~~~
user982
One of the very first changes of any new version of the Constitution arising
from any major quarter would be the deletion of the First Amendment, with the
Fourth following closely. I have no faith that a document reflecting
contemporary American generational consensus, as Jefferson aspired to, would
be better or more free.

~~~
anigbrowl
Could =/= would. If you're arguing for the status quo because every
alternative you can imagine is worse then you're essentially treating it as
religious dogma.

------
averagewall
Those travelers would be violating their FaceBook ToS:

"You will not share your password (or in the case of developers, your secret
key), let anyone else access your account, or do anything else that might
jeopardize the security of your account." [1]

Perhaps this would give FaceBook the power to intervene and, well block their
account or something.

[1] [https://www.facebook.com/terms](https://www.facebook.com/terms)

~~~
otterley
Any term in contract that is contradictory to law is null and void. That's
been in contract law since forever.

The law always trumps contracts.

~~~
DiabloD3
IANAL, but even though this is true, Facebook could still ban accounts for
complying.

They are a US company, and their TOS says they can ban an account for any
reason or no reason at all. If they chose to ban anyone who shares passwords,
even with the US government, even if they are Americans or not, they are
within their rights as a US company to do so.

~~~
otterley
It's quite likely that any law promulgated to compel the production of
passwords or any other authentication information would include language
prohibiting a provider from terminating an account for complying with the law.

~~~
DiabloD3
Then they terminate the account for no reason at all.

~~~
otterley
They probably wouldn't, as it would create a huge hassle for them when the
government starts investigating.

Also, proximity in time to an event is admissible as evidence of intent.

------
hefeweizen
In addition to other points against this measure, there are massive privacy
implications. Loads of people could be reusing passwords or may reuse keywords
for multiple passwords. A collection of such data by an organization can and
will be misused.

------
matt_wulfeck
I hope that we can keep this issue "apartisan", because the importance
absolutely transcends past or future political affiliation. What has become
"reasonable" is slowly but surely come to mean "what we can get away with".

------
privong
This has been discussed several times in the past few days:

[https://news.ycombinator.com/item?id=13600704](https://news.ycombinator.com/item?id=13600704)

[https://news.ycombinator.com/item?id=13598505](https://news.ycombinator.com/item?id=13598505)

------
jackjeff
I heard you can have password hundreds of characters long for Facebook... it'd
be nice to have some long random gibberish impossible to type or maybe the
full text of the 4th amendment to remind these people that what they do is
against the constitution.

PS. password managers mean you won't suffer the same inconvenience.

------
ben0x539
I hope other countries introduce that requirement for US-based travelers too,
that'd probably be the quickest way to get the US to knock it off.

~~~
adventured
Most other countries have been thrilled to abuse their own people when it
comes to espionage. So no, they'll jump right on board, gladly. Not primarily
to punish the US, but because it's a perfect excuse to expand their existing
spying programs.

------
westmeal
Easy fix: Delete your Facebook and Twitter accounts.

------
dbg31415
Look, as much as we all get up in arms about this... total access to my email,
calendar, and contacts were required to play Pokemon Go. I hate it, but until
people starting taking privacy seriously, what is an appropriate response? The
encroachments are everywhere and so prevalent (and people are so dulled) that
nobody bats an eye when "the authority" (or just someone who seems mildly
trustworthy) asks for things they shouldn't ask for.

If you offer to help a stranger fix something on their laptop, what percentage
do you think would just tell you that their password is their kids' middle
name -- and how many do you think would use the same password on their Gmail
and bank accounts? The fact that so few people take privacy and security
seriously is enraging; it's hard to go from enraged to outraged when most
people don't even bother protecting themselves.

It's all so infuriating.

~~~
curriedbits
Maybe if they change this to an app that was required for entry, instead of
turning over passwords.

~~~
dbg31415
How far off do you think we are from that? It'll be here within 5 years. To
get a visa, you have to have the visa pre-scan app that requires every account
you own to share data with it. They'll run that through some magic black box
and it'll show the TSA's glorified mall cops a green or red light when you
walk up to the scanner.

Fucking terrifying, and 99.9% of the people won't bat an eye before logging
in. Thought policing is "for national security." That same percentage of
people would be ok with the government raping their own mother if it was for
national security.

This is all so damn frustrating.

~~~
curriedbits
I'm not sure, but to be honest I'm somewhat surprised something like this
isn't already in place. Is there a TSA PreCheck app already? I also wonder if
it will be tied to getting a visa/entering the country/flying, or initially
pitched as a way to gain access to the TSA PreCheck line or some similar
promotion. Maybe that will be the pilot program

------
dahart
I saw a video interview with the CEO of Hotspot shield vpn the other day, he
had a quote ready that went something like 'The first 3 companies to hit 1
billion users did it by selling private information, the next 3 are going to
make it by protecting private information.'

I wrote it off as a nice sound bite, but maybe he's right...

Hey I'm sure I'm not the only one to think of this, but to everyone trying to
build the next social network, how about putting in a feature where a second
password will open your scrubbed profile? You'd choose what goes in from your
main account, and not have to build entirely fake accounts. There's a way to
get some quick traction, should the Trump administration succeed at making a
policy of asking for passwords!

~~~
mistersquid
Perhaps I'm not understanding something. Why wouldn't an information-hungry
regime simply ask for both passwords given that this would be a known feature?

~~~
dahart
Plausible deniability.

------
lechevalierd3on
Wouldn't two factor make this irrelevant?

~~~
jewbacca
A state actor wouldn't even break a sweat getting around 2FA, individually or
at scale, if the 2nd factor involves SMS (or the phone system in general)
(which, for 99% percent of the 1% of people using it, it currently does):

[https://en.wikipedia.org/wiki/Dishfire](https://en.wikipedia.org/wiki/Dishfire)

It's not even out of the question for malicious private actors who _don 't_
have total control over the whole system:

[https://krebsonsecurity.com/2016/09/the-limits-of-sms-
for-2-...](https://krebsonsecurity.com/2016/09/the-limits-of-sms-for-2-factor-
authentication/)

------
ylecuyer
What happens if I have 2FA enables?

~~~
differentView
First, you and your devices will be held for hours while they go through your
accounts and devices. Then they'll require you to disable 2FA.

~~~
MichaelGG
Yeah the best approach, the one I use when crossing, is to encrypt everything,
then send part of the password to someone else who won't give it to me until
later. They can steal your hardware, I guess.

~~~
guitarbill
And then you'll just be denied entry for "not cooperating". There is no
technical solution to this political problem. (It also happens to be an
ineffective measure, as false identities are easily crafted on the internet.)

------
zitterbewegung
I don't have a Facebook account so will I be let in the country?

~~~
differentView
Depends how much the border officer likes you.

------
PakG1
Here's the question I want answered. How does this type of thinking affect the
future of Snapchat. The future of Signal is easy to predict. Back door.
Snapchat? This type of thinking seems like an existential threat to Snapchat.

------
simplemath
This is as good a time as any to stop using social media.

------
stuckagain
I don't fall for your both-sides-do-it framing. Fact is that the other side
had power and didn't do it. Now we have insane cheetoh in office and we're
getting insane cheetoh policy ideas. This is not a matter of equivalence.

~~~
salesguy222
While I am not a defender of insane cheetoh, the article itself says the Obama
administration (but more importantly, the officials that work for the admin in
every agency) crafted these initial ideas around social media affecting
immigration

Regardless of party, I would invite you to google the following governmental
overreaches and then see which parties were in office:

The Pirate Bay raid, NATO bombing of Yugoslavia, NSA surveillance revelations,
Superpredators, War on Drugs, War on Crime...

~~~
kobayashi
>NATO bombing of Yugoslavia

One of these things is not like the others

~~~
salesguy222
Watch Boris Malagurski's film "The Weight of Chains" and see if you change
your opinion

The West (mostly USA) bombed everyone regardless of ethnicity in Yugoslavia
and then took their largest assets. If they really cared about democracy and
freedom, and if the Serbs really were genocidal maniacs as many believe, then
the evidence in this film that shows the contrary wouldn't exist

~~~
gruez
>Watch Boris Malagurski's film "The Weight of Chains" and see if you change
your opinion

Off topic, but I cringe every time someone responds like that. It's
essentially shows you can't (bother) to write a coherent response and instead
want the other guy to waste 2 hours watching your video.

~~~
salesguy222
Ok, I can prepare a more detailed textual response for anyone who is
interested, but for a very deep and thorough exposition of the topic, I really
do think the _video evidence_ within the film will do more justice than I ever
could

Upon Tito's death in 1980, Western European and US political and business
interests _systemically destroyed_ Yugoslavia, undeniably.

They did so to "fight communism", "promote democracy", and more importantly,
bomb Yugoslav mines, factories, etc that were competing with Western ones both
in Yugoslavia and abroad.

Everyone from the IMF, UN, World Bank, Reagan Admin, Bush Admin, Clinton Admin
(and all of their supporters like Biden and Albright), Germany, etc etc, all
of these participants were DEEPLY and PUBLICLY involved.

The end result was the bombing of all ethnicities of people, including the
ones that were supposed to be being "liberated", such as the Bosnians and
Albanians.

So, lastly, to tie it back into my original point. In my opinion, if you view
all of this video evidence, and still say "ONLY THE (democrats, republicans)
DID THIS), then you are denying the vast evidence that it was a cross party,
multi decade plan.

I hope you can take the time to reply on the quality of my analysis!

------
irishcoffee
If you put it on the internet, it isn't private. There really isn't a debate
to be had about this.

I think requiring passwords for social media is fucking stupid. Really, really
stupid.

People who expects to have "privacy on the internet" are also fucking stupid.
Yes, this includes facebook, twitter, instagram, email, et. al.

If you wan't to keep a secret, don't tell anyone. If you put something
"private" on the internet, you've ostensibly told 3-4 billion people.

~~~
trendia
> If you put it on the internet, it isn't private.

Access to social media accounts includes access to private communications,
e.g. messages that were sent with the understanding that only the recipient
would receive it.

But those nudes your girlfriend sent you are now in the hands of an
immigration agent working in the name of "border security".

~~~
irishcoffee
Yeah, and those nudes are also visible on whatever server they're stored on,
with whatever rootkit is installed on it, or to whatever bored employee
decides to look at them. Or to the jackass who saw you looking at your phone
and took a picture, or the asshole who rooted your girlfriends phone, or the
neighbor who hopped on your wireless router and guessed your "test12"
password. God forbid anyone uses their phone to sign onto a public wifi
somewhere, don't even get me started on that.

It is very foolish to consider anything, sent across any digital medium
"private" in any sense.

~~~
mistersquid
Many of the examples you present are considered unlawful or, at the very
least, unauthorized use.

I'll risk an analogy (I know, I know) and compare your examples of digital
trespass to examples of physical trespass.

If someone can physically enter your (perhaps unlocked) home/place of
business/doctor's office, etc. and expropriate copies and originals of
documents associated with you--documents that are very likely protected by law
as they are in the case of digital documents--would you also assert there is
no such thing as something being "private"?

Your argument, to my mind, seems to blame people for having reasonable
expectations of privacy and absolving criminals who violate that privacy.

EDIT: Recast caveat/second paragraph. Readability.

~~~
thaumaturgy
This is another iteration of the usual debate over what is right (or legal)
and what is realistic. For example: you should be able to walk through any
area anywhere at any time and feel safe; as a practical matter, some areas at
some times may lead to violence.

irishcoffee is taking the "don't walk there at that time, everybody knows
that" position, and you're taking the "everyone should be able to walk there
at any time" position. You're both right, and yet these two positions never
ever get reconciled in a productive manner.

~~~
sedachv
> irishcoffee is taking the "don't walk there at that time, everybody knows
> that" position, and you're taking the "everyone should be able to walk there
> at any time" position. You're both right, and yet these two positions never
> ever get reconciled in a productive manner.

irishcoffee is engaging in the victim blaming fallacy, which makes him wrong.

~~~
irishcoffee
I'm being realistic. If you want something to be private, don't put it on the
internet. It's like putting up a bulletin at your local gym, and getting mad
when someone from out of state reads the bulletin. It just doesn't make any
sense.

"They violated my privacy! I didn't intend for them to see that!"

They didn't. You put private information in a public place. I'm floored how on
hn I'm having to describe how the internet works.

