Photo: Joe Raedle/Getty Images

Prospective U.S. immigrants will be required to turn over their social-media handles and profile information to the Department of Homeland Security, per a new policy outlined by the agency.

First reported by BuzzFeed News, the new rule was published in the Federal Register last week, and grants the DHS and U.S. Citizenship and Immigration Services (USCIS) the ability to access the “social media handles, aliases, associated identifiable information, and search results” of any and all immigrants — including both permanent residents and naturalized citizens. While this announcement on its own raises a whole host of serious privacy concerns, perhaps one of the most insidiously alarming parts of the new policy is its total lack of specificity.

The announcement contains 12 addendums that each expand the breadth of the original rule, with No. 5 and No. 11 coming in as by far the most worrying:

(5) expand the categories of records to include the following: country of nationality; country of residence; the USCIS Online Account Number; social media handles, aliases, associated identifiable information, and search results; and the Department of Justice (DOJ), Executive Office for Immigration Review and Board of Immigration Appeals proceedings information;

[…]

(11) update record source categories to include publicly available information obtained from the internet, public records, public institutions, interviewees, commercial data providers, and information obtained and disclosed pursuant to information sharing agreements

In other words, if you’re an immigrant — or even just applying for the chance to be one — not only will you have to worry about the U.S. government combing through your various social-media profiles, but that they will also be able to obtain information on you through basically any and all digital means available. The unnervingly vague nature of the term “information sharing agreements” used in No. 11 speaks to this, as it could conceivably grant the DHS access to any information collected by surveillance agencies the U.S. has a partnership with, not to mention the wealth of personal data stored by companies like Google and Facebook.

News like this comes after a tumultuous year for privacy and security advocates, in the U.S. and abroad: In the U.K., NGO director Muhammad Rabbani was convicted on terrorism charges earlier this week for refusing to hand over his passwords to airport security. On our side of the Atlantic, the Trump administration has been trying to push a policy of (social-media-based) “extreme vetting” through for months. And though there are many unanswered questions regarding this new addition to the vetting process, it’s difficult to predict how it will be implemented until the policy officially goes into effect on October 18th.