The US State Department wants to expand its vetting of visa applicants in a move which could expose their social media and other data to hackers.
The proposals, published on Friday as part of the Trump administration’s immigration ‘crackdown’, will require all applicants for immigrant and non-immigrant visas to detail their social media handles for the past five years, as well as telephone numbers, email addresses and details of international travel.
They will expand the list of visa applicants forced to divulge these personal details from the relatively small number (around 65,000) currently required to do so on account of being a suspected national security threat, to virtually all travelers – nearly 15 million.
The new plan was published in the Federal Register and is now subject to a 60-day public comment process. It must also be approved by the Office of Management and Budget before taking effect.
The Department of State claimed that the new Electronic Application for Immigrant Visa and Alien Registration (DS-260) form “will be submitted electronically over an encrypted connection to the Department via the internet.”
However, many will be concerned about the prospect of handing over their personal data to the US government, especially given its track record on protecting the data of its citizens and employees.
A recent Office of Inspector General (OIG) report highlighted serious deficiencies in the department’s cybersecurity posture.
Hina Shamsi, director of the American Civil Liberties Union’s National Security Project, slammed the proposals as “yet another ineffective and deeply problematic Trump administration plan.”
“The government has failed to disclose how this information – accurate or not – may be shared across government agencies and have consequences for individuals living in America, including US citizens,” she argued. “There is also no evidence that such social media monitoring is effective or fair, especially in the absence of criteria to guide the use of social media information in the visa adjudication process.”
Evgeny Chereshnev, CEO and founder of Biolink.Tech, said the rules may even violate international privacy laws like the GDPR.
“Other countries, such as Singapore, Israel, Japan, Russia and China also have their own laws, so when the United States requires private information from foreign citizens, it's technically illegal as it is a violation of home policies from most countries,” he added.
“This is not just about people having to share their social media history; it's giving the government a set of tools to manipulate your behavior."