Earlier this week, incoming Harvard freshman Ismail B. Ajjawi found himself blocked from entering the US. Ajjawi, a Palestinian resident of Lebanon, had landed in Boston before the start of classes. But The Harvard Crimson reported that after hours of questioning, US Customs and Border Protection agents revoked his visa. Ajjawi said a CBP agent searched his phone and laptop while asking questions about his friends’ social media activity. Then, she “started screaming at me,” Ajjawi said. “She said that she found people posting political points of view that oppose the US on my friend[s] list.”

CBP hasn’t revealed what actually got Ajjawi’s visa revoked. “Specific information on individual travelers cannot be released due to the Privacy Act requirements and for law enforcement purposes,” an agency spokesperson told The Verge. “This individual was deemed inadmissible to the United States based on information discovered during the CBP inspection.”

Social media posts might be public, but surveillance still has a chilling effect

But his case is just one incident in a troubling and well-established trend of expanding social media surveillance at the border. The Obama-era Department of Homeland Security initially suggested an “online presence” field for people requesting visa waivers, and the Trump administration quickly forged ahead with asking for social media data. Some border agents have aggressively pushed visitors to disclose their account handles, even when the practice was optional. Earlier this year, the State Department started requiring most visa applicants to list their social media accounts.

This week has offered a nightmare scenario for this vetting process. Ajjawi’s account suggests that digital surveillance goes far beyond checking whether a potential immigrant is a criminal threat — and that border officials are treating tenuous social media connections like close, meaningful relationships.

In some ways, checking social media posts isn’t as invasive as looking through private files on a device, something the CBP has done for years to find child pornography or other illegal material. Even so, it can have a chilling effect on speech, making people afraid to express their political views online — or say anything at all, since social media posts can be easily misinterpreted. “There are lots of free speech and freedom of association issues with looking at someone’s social media, even to vet them to come to the US,” says Sophia Cope, senior staff attorney at the Electronic Frontier Foundation.

While people have been detained or physically assaulted for refusing to unlock electronic devices, there have been relatively few major incidents involving social media specifically. It’s not clear that monitoring visa applicants’ posts is very helpful either. The DHS proposed social media rules after reports that San Bernardino shooter Tashfeen Malik had openly posted about jihad online. But the FBI said those reports weren’t true. A 2019 Brennan Center for Justice report noted that DHS pilot programs involving social media surveillance were “notably unsuccessful” at finding national security threats. Instead, co-author Faiza Patel argued on Twitter, it’s most useful for “targeting political and religious views — or even assumptions about them based on what your friends say.”

‘We need to know what structure is in place to ensure that travelers don’t face abuse.’

So is CBP really judging visa applicants on their Twitter feed or Facebook friend list? Cases like Ajjawi’s — where someone was apparently punished for things they didn’t even say — certainly seem to be rare. But we’re also relying on very incomplete data, and more vulnerable visitors could be far more hesitant to tell their stories. “I think there’s something very unique about this set of circumstances,” says Center for Democracy and Technology policy counsel Mana Azarmi, because the incident involves a student at a prestigious university with a prominent university paper that could pick up the story. “That kind of high visibility — we shouldn’t expect that of every interaction with CBP.”

A CBP spokesperson emphasized to The Verge that device searches affect “less than one-hundredth of one percent of travelers arriving to the United States.” But Azarmi points out that we don’t really know how these travelers are chosen — including whether they’re singled out for unfair reasons, and whether they’re regularly asked about troubling details like their friends’ opinions. “Are CBP personnel instructed to do that? Is that something that they’re looking out for?” she says. “We need to know what structure is in place to ensure that travelers don’t face abuse. And we don’t have that kind of information.”

Civil liberties advocates aren’t even sure how border agents might have found Ajjawi’s friends’ posts. Per a rule from 2017, officers are supposed to avoid accessing any data that’s stored outside the device, which includes full social media feeds on a phone or laptop. In this case, an officer could have seen cached posts, they could have looked his friends up on a separate computer, or they could have simply broken the rules — but there’s little outside oversight that would help us figure out which of those scenarios is most likely. The Verge asked CBP to confirm that it would have put devices in airplane mode before searching them; a spokesperson referred us to an information sheet that doesn’t mention the policy.

Unlike texts or emails, it’s hard to make social media truly private without defeating some of its purpose. And other many other law enforcement agencies use publicly available data for surveillance; police, for example, have scraped Facebook and Twitter data to monitor protests. There’s still no consensus on how deeply the government can mine this kind of data. But when there’s so much of it easily accessible, it can be used in deeply troubling ways.

Right now, the best way to protect social media data at the border is simply to uninstall apps and close browser tabs — but that doesn’t settle the question of when the government should be able to look up your friends online. “We should only expect that stories like this will become more common,” says Azarmi of this week’s events. “Because this collection has become more routine.”