I’m sure you’re aware of the immigration controversy currently happening in the U.S. due to a recent executive order. Though the politics around that issue are outside the realm of information security, a recent development does affect our industry. In a recent Congress hearing, Department of Homeland Security (DHS) Secretary John Kelly said his agency was considering requiring immigrants from certain countries to hand over their social media passwords as part of a vetting process. In today’s video, I talk about why this is a horrible idea, not just for the obvious privacy violations, but security as well.
Episode Runtime: 3:49
Direct YouTube Link: https://www.youtube.com/watch?v=zUJrTd_JBsM
- Customs agents could demand your social network passwords – Engadget
- US border agents may want your password – CNET
- Executive branch immigration order explained – PBS
— Corey Nachreiner, CISSP (@SecAdept)
Why not just ask them for the account usernames and then use the legal process to gain access to the records?
Have the person sign an authorization form then send a NPR (Non-Party Request) for the information. In this way you can still gain access to all needed information and you don’t have to rely on insecure practices. Yes, I know they may not all be US based companies… but one would expect that would be the correct approach to handling this type of issue.
Tom Harger says
Obviously, someone in the government is not thinking clearly. Even if they can force people to give up their password, what’s to keep people from having two different FB accounts? One for family & friends, the other for “I’m a freaking terrorist”. They’d just give the “family” account info and the other would be a secret.
And people could always say, “I don’t do FB or Twitter. I don’t like social media sites.”
James B says
how about these places that use 2-Step authentication via Cellphone or other means?
How is Gov USA going to be able to ‘log-in’ to their social media without the other form.
Either way, the whole world has gone crazy over the last decade 🙁