EU tourists to US may get asked to hand in passwords or be denied entry

The Trump administration’s plans for “extreme vetting” put a new spotlight on how we manage our sensitive personal data, as the Guardian describes in today’s article.

Using secure cloud services like BitsaboutMe is part of a mitigation strategy, if this law becomes reality. In any case it is a firm reminder that we must start to take control over our personal data and manage it much more proactively.

Tourists from the EU and other countries visiting the US could be forced to reveal mobile phone contacts, social media passwords and financial data under “extreme vetting” practices being considered by the Trump administration, according to the Wall Street Journal.

From a European privacy perspective such practices seem unthinkable, but the Trump administration is pushing ahead nevertheless.

Homeland security secretary John Kelly told a House homeland security committee hearing in February: “We want to say for instance, ‘What sites do you visit? And give us your passwords,’ so that we can see what they do on the internet. If they don’t want to give us that information then they don’t come.”

Mitigation efforts may help limit the exposure of individual travellers. The EFF recommends travellers minimise the data they carry across the border, by not carrying non-essential devices, deleting sensitive information before travelling, and shifting some data to cloud services. Changing any passwords after they have been handed over, and securely resetting devices after they have been accessed and potentially compromised by CBP, can also prevent long-term data insecurity. Wessler adds: “The best protections will be practical ones rather than legal ones, and travellers should think about how much data and what devices they’re carrying with them.”