The DHS has made traveling in and out of the US an experience worth sharing. Not so much with your fellow travelers or friends and family back home, but with CBP officers and other DHS employees, who are demanding access to social media accounts under its “extreme vetting” program.

While DHS components have stepped up the intrusiveness of their border screenings, they haven’t been able to show all these manhours and infringed rights are actually doing anything to keep the country safer. More and more information is being gathered, but it’s either of little to no use, or the agencies engaging in these searches can’t be bothered to tally up the wins and losses of the border security game.

The Brennan Center, however, has compiled a report on the DHS’s screening programs and their various enhancements. It isn’t just about what has been done by DHS components, but the side effects of these efforts. The Fourth Amendment might be the noticeable victim, but these programs — especially the social media monitoring — have adverse effects on other rights as well.

[S]ocial media monitoring — like other forms of surveillance — will impact what people say online, leading to self-censorship of people applying for visas as well as their family members and friends. The deleterious effect of surveillance on free speech has been well documented in empirical research; one recent study found that awareness or fear of government surveillance of the internet had a substantial chilling effect among both U.S. Muslims and broader U.S. samples of internet users. Even people who said they had nothing to hide were highly likely to self-censor online when they knew the government was watching. As Justice Sonia Sotomayor warned in a 2012 Supreme Court case challenging the warrantless use of GPS tracking technology, “[a]wareness that the Government may be watching chills associational and expressive freedoms. And the Government’s unrestrained power to assemble data that reveals private aspects of identity is susceptible to abuse.”

“Susceptible to abuse” is the DHS’s middle name. Going beyond the dubious wisdom and Constitutionality of demanding travelers and visa applicants hand over passwords for social media accounts, there’s the CBP’s recent surveillance of journalists, immigration lawyers, and activists. The DHS wields a lot of power, but doesn’t handle much of it responsibly.

The report [PDF] shows the DHS collects a lot of social media information but doesn’t do a great job matching accounts to applicants and detainees. These social media-reliant searches act more like dragnets than targeted investigations, sweeping up information on friends, family members, and social media contacts who interact with targeted accounts. This excess info is often retained under the theory it may, someday, be “relevant” to an ongoing investigation.

These problems are made worse by the DHS’s reliance on third-party analytic software and data harvesting. The tools may be great at collecting data, but they’re of little use when it comes to making informed decisions about the risk level of travelers and visa applicants. As is the case with any analysis done at this scale, nuance and context are lost as analysts zero in on phrases and keywords, discarding relevant info that could lead to better risk assessments.

The DHS’s haystacks — gathered en masse with minimal restraints — are then fed to law enforcement agencies across the US and around the world. What was gathered for the purpose of vetting immigrants and travelers can now be used for any purpose whatsoever by a number of government agencies.

Unfortunately, DHS programs generally have low standards for sharing highly personal information, such as that found on social media, and the standards do not differentiate between Americans’ information and that of people from other countries. This information can easily be shared with entities ranging from the Department of State, the FBI, and congressional offices to foreign governments and Interpol. For example, data obtained from CBP searches of travelers’ electronic devices at the border, which can include the full contents of these devices, can be shared with federal, state, tribal, local, or foreign governmental agencies or multilateral government organizations when CBP believes the information could assist enforcement of civil or criminal laws. ICE, too, can disseminate any device information “relating to national security” to law enforcement and intelligence agencies. Information from ICE’s LeadTrac system, which is used to vet and manage leads of suspected overstayers and status violators and includes social media information, can be shared with any law enforcement authorities engaged in collecting law enforcement intelligence “whether civil or criminal.”

Through its massive data-sharing program, the DHS could conceivably gain access to any information it has walled itself off from with internal policies. Since this sharing is usually two-way, other agencies could unwittingly (or wittingly) launder off-limits data for the DHS, sending it back in the form of “relevant” info for use in its vetting/investigations.

That’s just the social media end of it. The Brennan Report also discusses the CBP’s warrantless and suspicionless device searches, and the fact that the information pulled from devices can be stored for up to 75 years if it’s related to an arrest, detention, or removal. If it isn’t, the CBP will only hold onto it for 20 years. This includes everything pulled from social media accounts, much of which is fed to ICE, which has its own social media monitoring program.

ICE’s monitoring program was going to be automated but that was shelved after the agency sustained some public and Congressional backlash. Instead, it has turned this over to contractors — 180 people who keep an eye on social media posts from the 10,000 foreign visitors ICE has declared to be “high risk.”

The DHS is awash in social media posts but hasn’t shown it can do anything useful with all of this information. The only thing guaranteed is incursions on rights, self-censorship by those who’ve been targeting by this vetting, and a whole lot of people targeted solely because of their religion or national origin.

Permalink | Comments | Email This Story

Techdirt.