Perhaps if George Orwell were writing today, he’d include an addendum to his iconic line, “Big Brother is watching you.” Because, if you’re a US immigrant, Big Brother is serving notice that he will also be reading you – reading your social media posts and tracking your online activities.
The notice came with the Department of Homeland Security’s (DHS) publication of a new rule to “modify a current DHS system of records.” And the key phrase in a document of nearly 9000 words is that the department intends to:
expand the categories of records to include … social media handles, aliases, associated identifiable information, and search results.
It also vastly expands the number of people to which the new rule would apply, from those seeking immigrant status to include naturalized citizens and legal permanent residents. And, as security guru and IBM Resilient CTO Bruce Schneier put it in a blog post, “it seems to also include US citizens (who) communicate with immigrants.”
The rule is set to take effect in less than a month – 18 October – which leaves a pretty small window for privacy advocates to comment. But there is escalating debate not only about the impending change itself, but whether it is a change at all.
According to DHS itself, it is not a change – it simply restates a policy that has been in effect for more than five years. Gizmodo reported that an email from DHS stated:
The notice did not announce a new policy. The notice simply reiterated existing DHS policy regarding the use of social media. In particular, USCIS (US Citizenship and Immigration Services) follows DHS Directive 110-01 for the Operational Use of Social Media. This policy is available on DHS’s public website and was signed on 6/8/2012.
But privacy advocates contend that while past policy has allowed trained USCIS officers to search publicly available social media to see if a person is eligible for an immigration benefit, it hasn’t applied to legal residents or naturalized citizens, and didn’t demand things like their social media handles and aliases, or to search their internet history.
A former DHS senior official, who declined to be identified because of a current employment situation, agreed that the policy does not go back to 2012. Social media collection by immigration began, she said, after the December 2015 shooting in San Bernardino by a husband and wife who killed 14 and wounded 22 before they were later killed in a shootout.
She noted that the new rule, while it does include social media handles and aliases, does not include passwords. But, she agreed that it is “a significant expansion.”
“It is not a nothing-burger,” she said.
The continuing stance of DHS – and the FBI and other agencies that are part of the US intelligence community – is that they must have access to social media accounts to be able to find people who are becoming radicalized and/or may be planning or involved in terrorist activity.
Former FBI director James Comey, speaking in Boston earlier this year, said while he loves privacy, the “bargain” necessary to protect both privacy and safety is that, “there is no such thing as absolute privacy.”
But privacy advocates counter that this kind of collection is too invasive, discriminates against immigrants and wouldn’t improve national security anyway.
The American Civil Liberties Union (ACLU) issued a statement saying the rule would, “single out a huge group of people to maintain files on what they say (and) have a chilling effect on the free speech that’s expressed every day on social media.” It added that the, “collect-it-all approach is ineffective to protect national security …”
Adam Schwartz, a senior staff attorney at the Electronic Frontier Foundation (EFF), noting that the information collected will be held, probably indefinitely, in so-called “Alien Files” or “A-Files,” called it, “a new form of invasive social media surveillance.”
It is especially troubling, he added, when added to, “all manner of high tech surveillance, including facial recognition and cell site simulators,” used to monitor immigrants.
The former DHS official added that US immigration is not equipped to do this kind of screening effectively. “Now that they’re collecting it, they’re going to be responsible for it,” she said, “and they don’t have the bandwidth to screen and clear every malcontent who tweets something. It’s classic security theater.”
She said DHS should limit itself to collecting social media information, “when they have probable cause or reasonable suspicion. But not everybody from students to green card holders. They’re putting a bigger target on themselves when they miss something – and they will.”
All of which means, as privacy experts have long said, that the best way individuals can limit this collection is to place some limits on themselves. Which would mean modifying the classic political advice from a Boston politico decades ago: “Never write when you can speak, never speak when you can nod, never nod when you can wink.”
Disgraced former New York governor Eliot Spitzer added to that nine years ago, after he had left a trail of online communications implicating himself in a prostitution ring: “Never put it in email.”
To which, he would probably now add: “Never put it on social media.”Follow @NakedSecurity