Skip to content
by
  • Products
  • Free Tools
  • Search
  • Free Sophos Home
XG Firewall
Next-Gen Firewall
Intercept X
Next-Gen Endpoint
  • Sophos Cloud Optix
  • Sophos Central
  • Sophos Mobile
  • Intercept X for Server
  • Secure Wi-Fi
  • Phish Threat
  • SafeGuard Encryption
  • Secure Email
  • SG UTM
  • Secure Web Gateway
For Home Users

Sophos Home protects every Mac and PC in your home

Learn More
Free Security Tools
Free Trials
Product Demos
Have you listened to our podcast? Listen now

US to make social media checks compulsory for some visas

27 Mar 2017 2 Law & order, Privacy, Social networks

Post navigation

Previous: LastPass steps up quickly to fix vulnerabilities spotted by researchers
Next: Politicians call – again – for backdoors into encrypted messages
by Lisa Vaas

US Secretary of State Rex Tillerson has ordered a “mandatory social media check” for any visa applicants who’ve ever visited territory controlled by the Islamic State (IS).

Reuters has obtained and published four diplomatic cables sent by Tillerson to American diplomatic missions over the past two weeks, with the most recent issued on March 17.

The memos are examples of the “extreme vetting” of foreigners that President Donald Trump has promised since his campaign days, Reuters notes. Making promises a reality is going to be tough, though: two former US officials told the news outlet that the mandatory checks will present logistical and administrative hurdles, as they’ll constitute a “labor-intensive expansion” of the fairly rare social media screening that consular officials are already doing.

Anne Richard, assistant secretary of state in the Obama administration, said:

There’s so much social media out there. It’s not something you can do on a timely basis.

Broadening the screening could also lead to profiling visa applicants on the basis of nationality or religion as opposed to their actual potential for threatening the US, advocates and immigration lawyers told Reuters.

24/7 threat hunting, detection, and response delivered by an expert team as a fully-managed service.
Learn More

Jay Gairson, a Seattle-based immigration attorney who represents clients from countries covered by Trump’s travel ban, said:

Most [consular] posts already have populations that they look at for fraud and security issues.

What this language effectively does is give the consular posts permission to step away from the focused factors they have spent years developing and revising, and instead broaden the search to large groups based on gross factors such as nationality and religion.

The series of memos issue edicts that Tillerson has had to subsequently dial back as the courts have blocked Trump’s travel bans. That includes a set of questions for visa applicants from Iran, Libya, Somalia, Sudan, Syria and Yemen, as well as members of populations identified as security risks. Trump’s first travel ban had included Iraq on that list, but a revised ban exempted the country.

The set of new vetting questions, set out in a March 15 memo, would have required visa applicants to provide prior passport numbers and all phone numbers, email addresses and social media handles used in the previous five years.

Tillerson’s March 16 and March 17 cables told consular posts to disregard those questions, pending approval from the Office of Management and Budget (OMB).

But while it backpedalled on those questions, Tillerson’s memo left in place the requirement for a “Mandatory social media check for applicants present in a territory at the time it was controlled by [IS]”.

If post determines the applicant may have ties to [IS] or other terrorist organizations or has ever been present in an [IS]-controlled territory, post must/must refer the applicant to the Fraud Prevention Unit for a mandatory social media review.

We’ve already seen US Customs and Border Patrol (CBP) demanding access to travelers’ social media accounts. According to the American Immigration Lawyers Association (AILA), border agents have been doing it for several years, despite doubts over whether it’s constitutional.

While it seemed to have ramped up within hours of Trump’s initial travel ban, it was reportedly still being done ad hoc, on a case-by-case basis, as if agents didn’t have much in the way of guidelines. Tillerson’s March 17 memo apparently provides at least the start of guidelines on who to demand social media accounts from.

The Department of Homeland Security’s (DHS) Customs and Border Protection (CBP) agency in June 2016 had concocted a plan to collect travelers’ social media details: a plan that was quietly enacted in December, in spite of scathing criticism from tech giants and advocates for human and civil rights.

The CBP’s program was supposed to be opt-in, as opposed to mandatory, but as critics pointed out at the time, not many travelers would likely know that they had the right to refuse such a request. Nor would they be likely to have the confidence to deny anything to US officials who hold their fate in their hands.

Now, at least if you’re a visa applicant who’s traveled to one of the White House’s list of six countries that require extreme vetting, the answer is here: it’s mandatory… at least, it is until any ensuing or ongoing court battle plays out.


  • Follow @NakedSecurity on Twitter for the latest computer security news.

  • Follow @NakedSecurity on Instagram for exclusive pics, gifs, vids and LOLs!

Free tools

Sophos Firewall Home Edition

Boost your home network security.

Sophos Scan & Clean

Free second-opinion scanner for PCs.

Sophos Cloud Optix

Monitor 25 cloud assets for free.

Post navigation

Previous: LastPass steps up quickly to fix vulnerabilities spotted by researchers
Next: Politicians call – again – for backdoors into encrypted messages

2 comments on “US to make social media checks compulsory for some visas”

  1. j herman says:
    March 28, 2017 at 2:11 pm

    I don’t have any social media accounts. Really, I don’t. I wonder what will happen when I tell some government organization that I don’t have any accounts. They will presume that I am lying, but I’m not. How can anyone prove that I don’t have any accounts, including me. How can I prove that I don’t have any accounts under *any* name(s). Will I have to create an account to get the Visa? And what’s to stop a terrorist from opening NEW accounts to disguise themselves? Has anyone thought about this? It’s STUPID!

    Reply
    • maztec says:
      April 4, 2017 at 8:31 am

      Your response here may potentially be considered a social media account. Furthermore, the relevant policies allow them to search for your account if fraud is suspected. In which case, if using one of the many automated systems they find an account that appears to be yours . . . and you did not reveal it . . . you have done an act of misrepresentation that may make you permanently inadmissible to the U.S. Good times, eh?

      Reply

What do you think? Cancel reply

Recommended reads

Feb20
by Paul Ducklin
6

Twitter tells users: Pay up if you want to keep using insecure 2FA

Feb10
by Paul Ducklin
0

Reddit admits it was hacked and data stolen, says “Don’t panic”

Feb02
by Paul Ducklin
3

S3 Ep120: When dud crypto simply won’t let go [Audio + Text]

  • About Naked Security
  • About Sophos
  • Send us a tip
  • Cookies
  • Privacy
  • Legal
  • Intercept X
  • Intercept X for Server
  • Intercept X for Mobile
  • XG Firewall
  • Sophos Email
  • Sophos Wireless
  • Managed Threat Response
  • Cloud Optix
  • Phish Threat
© 1997 - 2023 Sophos Ltd. All rights reserved. Powered by WordPress VIP