Updated on June 30, 2016
Facebook stalking is a staple of modern life. New friends and potential Tinder dates get the treatment; so too do job candidates and college applicants. Now, the government wants to get in on the game.
If a proposal from U.S. Customs and Border Protection is adopted, a common customs form will soon include a new, optional question. The form would ask some visitors to the U.S. to write down their social-media usernames so that agents can gather more information from their public profiles and timelines.
The Department of Homeland Security, which oversees CBP, has already been testing ways to use publicly available information about visitors in the screening process, but it currently has no standard approach for considering information found on social-media accounts. The lack of such a policy earned the department a harsh rebuke from Congress after the FBI uncovered that Tafsheen Malik, one of the San Bernardino attackers, had sent private Facebook messages to friends in Pakistan about her support for violent jihad.
“We should have said, ‘We want your social media, both your private stuff and your public stuff,’” said Stephen Lynch, a Democratic representative from Massachusetts, during a heated House committee hearing in December. “That’s entirely reasonable to ask people who are coming from countries that are known to sponsor terror.”
While the department doesn’t intend to ask for applicants’ passwords in order to read private messages and posts, CBP’s new proposal would make sweeps of public social-media information an integral part of the visa-application process. The new question would appear on forms for non-citizens seeking to enter the U.S. without a visa.
Combing through Twitter timelines could give customs agents another view into visa applicants’ intentions and backgrounds—but whether agents use that information responsibly is another matter.
“In general, social media is not a place where every statement should be taken dead seriously, as CBP seems to have done in the past,” said Joseph Lorenzo Hall, the chief technologist at the Center for Democracy and Technology, a digital-rights advocacy group.
Hall was referring to an incident in 2012, when two tourists from the U.K. were refused entry to the U.S., apparently over a pair of misguided tweets. One of the travelers tweeted that he would “destroy America,” a phrase he later said was slang for his intention to party during his trip. He also tweeted that he would dig up Marilyn Monroe’s grave—this, he claimed, was a reference to Family Guy, a TV show. The travelers were turned back at the Los Angeles airport.
Most people’s social media presences aren’t entirely accurate reflections of themselves. Hall, for example, often tweets about satanic death-metal music—but no, he’s not a satanist. “I just find it fascinating, and I used to play in a heavy-metal band,” Hall told me. “If you read from that that I’m traveling someplace to commit some sort of ritual, you’d have a pretty bad insight into what I think is important.”
Travelers eager to gain entry to the U.S. might be unlikely to skip over a question that seems like it could support their case, but sharing their social media information with the government may hurt more than it would help. In an experiment run by the office of the Director of National Intelligence last year, 300 randomly selected government workers from a pool of 5,000 volunteers were screened using open-source investigation tactics, including scans of their public social media information. Of those people, a whopping 28 percent had something in their profiles that raised a red flag. (And that’s among volunteers who already held security clearances.)
This May, the government made it official policy to use public information, including public social media posts, in background investigations for security clearances. Combined with CBP’s proposal, these policies could be the foot in the door for other parts of government also seeking to use social media information in their vetting processes. But separate policies wouldn’t even be required if agencies share information gathered from social media accounts with one other.
A CBP spokesperson said the information on the customs form is entered into the Automated Targeting System, a secretive program that assess the risk posed by travelers entering the U.S. Information remains accessible to DHS personnel for 15 years after being input. A spokesperson for the office of the Director of National Intelligence said the information gathered from background checks is governed by the Privacy Act, which allows intra-agency sharing “only to those who have a need to know in conducting agency duties,” and inter-agency sharing for law-enforcement or “other required purposes.”
Eventually, if Americans and potential visitors began to feel that the U.S. government could use their public social media streams against them, the benefits of open communication platforms like Facebook and Twitter could take a hit, says Hall.
“We need places to have online social activity that’s free of government scrutiny and free of long-term consequences, and I don’t think we’re getting there,” he said. “Democracy without those safe spaces to think, to make mistakes, to talk about death metal—or whatever you want to talk about—that’s what makes this such a vibrant place.”
The Center for Democracy and Technology intends to register its complaints with the CBP during the 60-day window for comments. Comments can only be mailed to CBP’s office in Washington, a restriction Hall says is rare. (Most proposals can be commented on electronically.)
But just in case the proposal is approved, Hall has set up a new Twitter account that visa applicants can write down on customs forms if they don’t want to reveal their own. A customs officer who searches for the account, @IAmNoThreat, will find a simple statement in the profile’s name: “Notaterr Orist.”