
US Visitors May Have to Hand Over Social Media Passwords - adventured
http://www.cnbc.com/2017/02/08/us-visitors-may-have-to-hand-over-social-media-passwords-dhs.html
======
throwaway2016a
It is truly frightening how poorly government understand cyber security...

First Clinton claiming she would work with tech companies to solve the
encryption "problem"... clearly not understanding that mathematically
speaking, putting a back door in encryption is impossible without also letting
the "bad guys" through the door.

Now this.

I'm so glad I already live in this country because if I didn't, I probably
would never be able to visit. No way I'm giving anyone my passwords. Never-
mind someone at the TSA who could just copy it down for personal use. It's
just terrible operational security.

I have enough trouble handing my credit card to a waiter knowing how easy they
could skim the numbers. The only reason I'm OK with it is because (at least in
the US) disputing credit card charges is easy(ish).

I wonder if this will open the door for social networks to have read-only
"security passwords" to give to the TSA that are only good for the length of
your stay.

Traveller gives TSA the password... TSA verifies it is good for at least N
days (as enforced by the social network)... welcome to the United States.

I'll shut up now because I give the administration any good ideas on how to
actually implement such a thing.

P.S. Also, never mind that if I'm up to no good there are less known social
networks that would be more effective. And never mind that I could lie and say
I don't have an account on a network. This is as stupid as banning some-one
based on religion and requiring them to attest to it. No one would possibly
lie about their religion right?

~~~
tmd83
Even beyond the privacy implications, what about the security implications.
This basically means 10s of people would know my account password and whats
stopping any of them from abusing it, posting things that would implicate me
when I myself have done nothing. Who would take that risk?

------
gorbachev
I use randomly generates passwords stored in a password manager. The database
file for the password manager is on my home computer and my phone backed up to
cloud storage (the password to the account is also random).

There is no f __*ing way I 'm taking my phone with me overseas with policies
like this.

I can't give them my passwords, because I do not know them. I'm 100% sure the
DHS grunts are unable to understand that.

------
salmonellaeater
I wonder what will happen with visitors who don't use social media. I don't
have a Facebook account. If I were a foreigner, would I be under extra
suspicion because I can't provide an account like most people? Will people
start manufacturing social media accounts to paint a picture the U.S.
authorities want to see?

The end-game seems to be a social media account that functions like a multi-
purpose credit score, à la Sesame Credit[1].

[1]
[https://en.wikipedia.org/wiki/Sesame_Credit](https://en.wikipedia.org/wiki/Sesame_Credit)

~~~
Zigurd
I see a business case for the social media "blandbot." A slightly patriotic
fan of cat videos that is sufficiently personalized to your life.

"We're kissing the coshes that cripple us Enjoying the beigeness."

------
amelius
Judging from [1], Richard Stallman may be in trouble:

> I have never had a Facebook account. There is a Facebook account called
> "Richard Stallman", but it is an impostor.

[1] [https://stallman.org/facebook.html](https://stallman.org/facebook.html)

~~~
hashkb
Glad I'm already here; my social media would look suspicious(ly empty).

------
gol706
From a practical standpoint, isn't this likely to trip Facebook and Twitter's
protections against account theft? If you suddenly log in on a new machine in
another country, and that same machine has just logged into a bunch of other
accounts in a similar way, I would think that would get you blocked.

~~~
CaptSpify
I wonder if you could also argue that it's against the TOS for the site? I
highly doubt the officials would care, but I still wonder...

------
mariojv
This makes me wonder if Facebook and other social media companies could
engineer a solution to this problem.

Maybe have a duress password that unlocks the account and shows only the
public data of the user as well as some fake messages, friends, etc.

~~~
hashkb
They would not openly resist this, if it became law.

------
bediger4000
I don't remember my passwords sometimes - since Firefox (it's non-corporate!)
manages that for me, I can't get the multiple reinforcements I need to
remember some passwords.

Lots of folks will be in this situation - just can't recall their password,
because The Explorer takes care of it. What happens to them? Does all this
handover take place well before a visit?

This seems like a practically unworkable thing to ask for.

------
Raed667
This reminds me of Black Mirror "The Entire History of You" (2011) [0].

[0] :
[https://en.wikipedia.org/wiki/The_Entire_History_of_You](https://en.wikipedia.org/wiki/The_Entire_History_of_You)

------
coldcode
If this became a requirement, the solution is likely to be no one comes here
anymore. Also likely we can't go anywhere else either. Goodbye travel and
tourism industries.

------
Angostura
To be honest, if this happens, the next time I visit the US it will be with a
dumb phone.

~~~
nooneyouknow
You should have been thinking this for a while already, US border crossings
have been getting steadily worse.

Every visit to the US I first replace the harddrive on any laptop I bring. I
also image my phone (rooted Android) and reset it, installing a minimum of
apps and data, with no important accounts. Once across and on a decent network
I retrieve whatever data I need.

This doesn't protect against evil maids or other advanced attacks, but I
figure it's good enough for power hungry border crossing officials.

------
qntty
I'm guessing "I use a local password manager on a computer I left at home"
isn't an acceptable answer?

------
donald123
There is no practical way to do this. How can you assume any foreigner to have
a facebook/twitter account? If they say they don't have any, how can you prove
they are lying?

The only way is probably to check your phone or laptop, then there is easy way
to bypass this.

~~~
egwynn
And if they say they have one and show it to you, how do you prove that they
don’t also have another “real” one that they use for all of their
terroristing?

------
DennisP
If they're security-minded and have 2FA, do they also need to hand over a
yubikey?

~~~
y7
If you're security-minded you're already extra suspicious, because then you
must have something to hide.

------
ohthehugemanate
Stupid idea when the Obama administration considered it, stupid idea now. And
like so many stupid ideas in politics, I'm sure it will gain credibility every
time it's brought up, until it actually gets implemented. Le sigh.

------
sharemywin
This seems like a giant security hole. Please send us your password and don't
change it for 2 years while we "vet" you. might as well be like here criminals
here's your list of passwords.

~~~
xherberta
Right. Maybe it's federal employees' way of retaliating for the fact that all
their data got taken.

------
lb1lf
This is going to get interesting.

With the international fondness for reciprocity, US citizens travelling abroad
will soon face the same intrusions into their privacy.

No-one wins - except the companies bound to pop up offering tailor-made social
media presences...

~~~
St-Clock
That would be nice. If you know you have a trip coming in two weeks, you could
register to get a apolitical facebook account with posts created every day
with your virtual apolitical friends. You could optionally register for a
twitter account that likes most of Trump's tweets or replies with "I love this
guy" kind of message.

------
fergie
Great use case for "duress passwords"

------
justinlaster
I thought this is what the NSA, CIA, and FBI were for? Maybe we can start
downsizing them if we're just going to hand everything over.

Maybe then we might be able to use the numerous mathematically talented people
they've snatched up for something actually productive.

