Now more than ever, it is apparent that U.S. Customs and Border Protection (CBP) and its parent agency, the Department of Homeland Security (DHS), are embarking on a broad campaign to invade the digital lives of innocent individuals.

The new DHS secretary, John Kelly, told a congressional committee this week that the department may soon demand login information (usernames and passwords) for social media accounts from foreign visa applicants—at least those subject to the controversial executive order on terrorism and immigration—and those who don’t comply will be denied entry into the United States. This effort to access both public and private communications and associations is the latest move by a department that is overreaching its border security authority.

In December 2016, DHS began asking another subset of foreign visitors, those from Visa Waiver Countries, for their social media handles. DHS defended itself by stating that not only would compliance be voluntary, the government only wanted to access publicly viewable social media posts: “If an applicant chooses to answer this question, DHS will have timely visibility of the publicly available information on those platforms, consistent with the privacy settings the applicant has set on the platforms.”

As we wrote last fall in comments to DHS, even seeking the ability to view the public social media posts of international travelers implicates the universal human rights of free speech and privacy, and—importantly—the comparable constitutional rights of their American associates. Our objections are still salient given that DHS may soon mandate access to both public and private social media content and contacts of another group of foreigners visitors.

Moreover, as a practical matter, such vetting is unlikely to weed out terrorists as they would surely scrub their social media accounts prior to seeking entry into the U.S.

Such border security overreach doesn’t stop there.

There have been several reports recently of CBP agents demanding access to social media information and digital devices of both American citizens and legal permanent residents. Most disturbing are the invasive searches of Americans’ cell phones, where CBP has been accessing social media apps that may reveal private posts and relationships, as well as emails, texts messages, browsing history, contact lists, photos—whatever is accessible via the phone.

Such border searches of Americans’ digital devices and cloud content are unconstitutional absent individualized suspicion, specifically, a probable cause warrant. In light of the DHS secretary’s statements this week, we fear that DHS may soon take the next step down this invasive path and demand the login information for American travelers’ online accounts so that the government can peruse private, highly personal information without relying on access to a mobile device.

These policies and practices of DHS/CBP must be chronicled and opposed.

Please tell us your border search stories. You can write to us at borders@eff.org. If you want to contact us securely via email, please use PGP/GPG. Or you can call us at +1-415-436-9333.

We also encourage you to contact your congressional representatives in the Senate and House of Representatives.

You may also contact the DHS Office of Civil Rights and Civil Liberties (crcl@dhs.gov) and the DHS Inspector General (dhs-oig.officepublicaffairs@oig.dhs.gov).

Join the fight for online privacy and free expression.