U.S. Customs and Border Protection (CBP) has published a Feb. 21, 2017, notice of its intent to collect Chinese travelers’ social media account information. There is a 60-day window for public comment. Tell CBP this is a bad idea.
The CBP Notice
The Electronic Visa Update System (EVUS) is an online enrollment form which travelers on Chinese passports containing 10-year B1/B2 (visitor for business or pleasure) visas are required to complete prior to boarding a plane to the United States. CBP plans to expand EVUS coverage to travelers of other nationalities who hold long-term visas.
According to the Feb. 21 notice, CBP proposes to add an “optional” question to EVUS, asking what social media platforms the traveler uses and the associated “identifier” (i.e., username).
CBP’s stated goal is to review travelers’ social media to “vet” whether they are security or law enforcement risks. Officers will be able to review whatever information users makes publicly available through their privacy settings on the platform.
According to the CBP notice, “Respondents who choose not to answer this question can still submit an EVUS enrollment without a negative interpretation or inference.”
CBP rolled out similar social media questions in Dec. 2016 for travelers filling the Electronic System for Travel Authorization (ESTA) in order to enter the United States through the Visa Waiver Program, which includes travelers from many European countries and other developed nations.
The ESTA question features a drop-down menu including platforms such as Facebook, Twitter, Google+, Instagram, LinkedIn and YouTube, and additional space for applicants to fill in their account names on those sites. Presumably the EVUS question drop-down will include platforms more commonly used in China, such as WeChat (微信) and Weibo (微博).
Providing social media identifiers is not truly optional. While the CBP notice states that no negative inference will be drawn from failing to answer the “optional” social media question on the EVUS form, CBP has shown interest in requiring disclosure of social media usernames and passwords.
Homeland Security Secretary John Kelly told a Congressional hearing on Feb. 7: “If they come in, we want to say, what websites do they visit, and give us your passwords. So, we can see what they do on the internet…. If they really want to come to America, they will cooperate. If not, next in line.”
In fact, that’s already taking place. If a CBP officer asks a foreign national for their social media account usernames or passwords, and they refuse to cooperate, that is a basis to refuse admission to the country.
The CBP proposal is inconsistent with the U.S. government’s promotion of Internet freedom around the world. Secretaries of State Condoleezza Rice, Hillary Clinton, and John Kerry all have espoused the cause of global internet freedom. But leading tech companies contend that the CBP’s social media questions could “have a chilling effect on use of social media networks, online sharing and, ultimately, free speech online.” The ACLU, the Electronic Frontier Foundation and the New America Foundation said in joint comments: “This program would invade individual privacy and imperil freedom of expression … [and] lead to a significant expansion of intelligence activity.”
A person’s social media activity also reveals information about people in their social networks, including family members, friends, and “followers.” CBP could subject those persons to invasive scrutiny and exposure without their consent. CBP could even cast suspicion on a traveler based on messages in their social media account left by third parties–even complete strangers–without the traveler’s knowledge or consent.
If CBP knows a traveler’s password, CBP can also access private messages and even draft posts–a recording of a person’s thoughts never shared with anyone.
CBP may misinterpret social media posts. CBP already scours the social media accounts of some travelers. Sometimes, CBP has trouble differentiating jokes from threats. For example, a pair of British tourists seeking to enter the U.S. were detained and deported due to posting on Twitter they planned to “destroy America,” which the investigator didn’t recognize as British slang meaning they intended to “party hard” during their visit. See Richard Hartley-Parkinson, British Pair Arrested in U.S. on Terror Charges over Twitter Jokes, Mail Online (Jan. 31, 2012).
If you think CBP has a nuanced understanding of Chinese, then consider this: CBP says its website is written in “Mandarin Chinese.” Although “Mandarin” is a spoken dialect of Chinese (as are Cantonese, Shanghainese, etc.), there is no such thing as a “Mandarin” written language. Probably, CBP means that their website is written in simplified Chinese characters as used in mainland China, not traditional characters as used in Hong Kong, Macau, and Taiwan. But my point here is that such mistakes don’t inspire confidence in their ability to correctly interpret the trove of personal information they seek to access.
Other countries will demand reciprocity, leading to violations of Americans’ civil liberties overseas. U.S. requests for social media profiles will almost certainly lead to similar requests from other countries. “So many countries around the world grant visas or visa waiver on a reciprocity basis, if the U.S. starts demanding greater information from different countries or different groups of travelers, we should not be surprised at all if other governments do the same thing,” says Emma Llanso of the Center for Democracy and Technology.
For example, China is currently rolling out a requirement that foreign nationals provide biometric data such as fingerprints when entering the country. The Ministry of Public Security justifies the policy by stating that “A number of countries have already implemented such measures.”
How many Americans are willing to release their social media usernames and passwords as a condition for entering China?
Submit Your Comment to CBP
CBP is accepting public comments through Apr. 24, 2017. To submit a comment, go to the CBP notice and then click on “Submit a Formal Comment.”