Tech Groups Torch Password Policy Floated by DHS Secretary

Don't use this - photos of screens are dull and suck energy!

A group of technology industry groups representing companies including Facebook Inc., Google Inc. and Uber Technologies Inc. are pushing back on a policy floated by Department of Homeland Security Secretary John Kelly to require non-U.S. citizens to provide the passwords of their social media accounts before entering the country.

Demanding passwords without cause wouldn’t increase security for the United States and would be a “direct assault on fundamental rights,” the 51 groups said in a joint Tuesday statement. The policy would “expose travelers and everyone in their social networks, including potentially millions of U.S. citizens, to excessive, unjustified scrutiny.”

The proposal would also set a precedent that other governments would likely copy and would in turn demand passwords from U.S. citizens when they seek entry into foreign countries, the groups argue: “This would compromise U.S. economic security, cybersecurity and national security, as well as damage the U.S.’s relationships with foreign governments and their citizenry.”

Industry organizations such as the Computer and Communications Industry Association and the Internet Association joined tech advocacy groups, including the Center for Democracy and Technology and the Electronic Frontier Foundation, on the statement.

CCIA represents companies including Facebook, Google and Inc. Twitter Inc., LinkedIn Corp. and Snap Inc. are among the Internet Association’s members, as well as Facebook and Google.

“Setting up a system where the government routinely asks travelers, visa applicants, or refugees for online passwords is unprecedented and unwarranted,” Ed Black, president and chief executive of CCIA, said in a separate emailed statement Tuesday, adding that requiring passwords would create a “chilling effect on those trying to get to the U.S. to work or escape unsafe conditions, in addition to causing reciprocal demands of Americans traveling abroad.”

The backlash is aimed at comments Kelly made on Feb. 7 in a House Homeland Security Committee hearing, where he said the agency is considering requiring foreign travelers to give up their passwords to “see what they do on the internet.” Kelly added the proposal is still a “work in progress.”

Sen. Ron Wyden, one of Capitol Hill’s staunchest privacy hawks, wrote to Kelly on Monday calling reports that CBP agents pressured Americans to give up their smartphone PIN numbers “deeply troubling.”

The Oregon Democrat argued that there are “well-established legal rules” that dictate how agencies can obtain data from social media companies, namely obtaining a probable cause warrant. In the letter, Wyden said he plans to introduce a bill that would require law enforcement agencies to get a warrant before searching devices and would prohibit the “practice of forcing travelers to reveal their online account passwords.”

Morning Consult