cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
rslade
Influencer II

US visas now need five years of your social media ...

Well, I don't think it's any secret that I am of the opinion that social media isn't exactly important.

 

Which makes the US decision to require "five years" of social media account information when applying for a visa all the more bizarre.

 

First: sorry, "five years"?  What five years?  Five years of postings?  (Given it's an online form, that's unlikely.)  Accounts I've started in the past five years?  (Does that mean my Twitter account is exempt because it's older than that?)  Accounts I've used in the past five years?  (Does that mean that my Facebook account, which I haven't posted to in the past five years, is exempt?)  Or do you want the Facebook account because I've had to use it occasionally because people who posted what they thought was a public message couldn't figure out Facebook's byzantine aggregation of rights and permissions?

 

What's considered social media?  The Facebook I don't use?  The Twitter I do?  The extra Twitter account that I only use for posting notices for our local chapter?  The extra, extra Twitter account that I use (professionally) for noting and researching spam, malware, and other unsavoury Twitter accounts?  The Whatsapp account that I created in order to test Whatsapp, and now use, infrequently, to send update notices to Gloria because that phone account has limited text messages?

 

Should I include the Instagram that's in my name, but which Gloria uses because she likes to keep up with the kids, but she didn't want to create her own account, and I only look at when she tells me about something worthwhile?

 

How about the Flickr account which I created more than five years ago, and last posted anything on more than five years ago, but which I send publishers to when they demand a photo to put next to something they are going to publish?

 

Or should I create a number of new, sanitized social media accounts for applying for visas when I go the the States?  (Don't tell me that all kinds of people aren't going to be doing this ...)  OK, so far they aren't demanding passwords, so it's only public postings that they can look at, but, after all, this is supposed to be "social" media ...

 

Do I get to tell whoever is processing my visa application that anything referring to "Friday" is not to be taken seriously?  (Come to think of it, that wouldn't do any good anyway, since anyone in a civil service job is bound to have had their sense of humour surgically removed, and wouldn't get any of the infosec jokes anyway ...)

 

Is the "community" a social media site?

 

Are the Amish forbidden from applying for visas?

 

Is this the thin edge of the wedge for "Total Information Awareness" again?

 

Do you really think terrorists are going to post their plans on the same social media accounts that they are going to give the government?  (Yeah, yeah, but the really dumb ones can be caught in other ways, like adding a question to the form that says, "Are you planning on carrying out any terrorist attacks while in the United States?")  Do you think that DHS has people or AI skilled enough to identify fake accounts given on the forms and use forensic linguistics to link those to actual accounts really used by the applicant?  (Honestly?  You think that's likely?)

 

Oh, and everything I've said here is private, right?


............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
6 Replies
Steve-Wilme
Advocate II

Raises the question what is and isn't social media.

Is a closed professional forum social media?

Would the UKs KTAC and CiSP; which are InfoSec incident response fora, social media?

Oh, no I can't tell the US government about those, as I'd be in breach of their Ts & Cs!

 

-----------------------------------------------------------
Steve Wilme CISSP-ISSAP, ISSMP MCIIS
MikeGlassman
Contributor II

It's pretty obvious that whomever thought up the scenarios regarding this issue in the State Department, or wherever, did not really put too much thought into it, and based the decisions on the fact that a few idiots posted their threats on the one and only social media they had, on the one and only profile they had.

 

Anyone with more than a few years in the field of social media security, knows that although it's good to follow theses small fish, they are small fish and the major players won;t be caught even if they were to give 5 years of data in printed format (with pictures) when applying for a visa.

 

This is also nice and good for people applying for a visa, but has absolutely no effect on those people in countries which are exempt from having to get a visa. But then, maybe there are no haters of the American regime in those countries.

 

As a whole, I like your sarcastic analysis of things, and agree that this is a silly, stupid move, which will likely not bring them anything.

 

I would love to know, on a side note, how the European Union will take this, as it touches directly on the GDPR.

Sincerely,

Mike Glassman, CISSP
Iguana man
dcontesti
Community Champion


@rslade wrote:

Well, I don't think it's any secret that I am of the opinion that social media isn't exactly important.

 

Which makes the US decision to require "five years" of social media account information when applying for a visa all the more bizarre.

 


Sits and shakes head.....with all the new privacy laws coming into affect how will or will they by-pass those laws.

 

I have obtained VISAS to several countries (China, Brazil, Australia, Russia) and NEVER had to provide much more information then why I was going to the country in question.

 

Will they simply say that the Data Care Act of 2018 ( https://www.congress.gov/bill/115th-congress/senate-bill/3744 ) overrides all other laws?  or not address it and see who complains?

 

Glad that for now, I don't need a VISA to go to the US, but then I will soon need one to go to Europe (Schengen countries) or at a minimum a Waiver from ETIAS. 

 

Agrees with others, this is not going to catch the big fish......

 

Grabs popcorn, sits back and waits for the first challenge on this one Woman LOL

 

Regards

 

d

 

vt100
Community Champion

The course of action that US is pursuing in regards to privacy is really getting grimmer by the day. Furthermore, making immigration into US more difficult will have adverse effect on country's future.

According to https://data.worldbank.org/indicator/SP.POP.GROW the rate of population grows in North America is 0.7 vs. China's 0.6.

To me, the sheer difference in size of the population means that for each exceptional engineer, scientist, teacher and thinker in US, there are five in China, likely similar number in India, etc..

If we are to continue competing on the world arena, instead of cooperating, the size of the population should theoretically matter.

Specific to the social media requirements, what exactly is expected of people? Are they to give out their credential for the services that they are using on daily bases? And what then, not change the passwords until their applications are processed?

What a joke. Unfortunately, its our elected representatives or those appointed by them that are coming up with it. Which speaks volumes about us, the people.

 

AppDefects
Community Champion

I agree with @vt100.on the state of representation. I have to also say that it is ludicrous to ask for accounts when all they have to do is require the tech firms to give them direct access to their data pipelines. 

MikeGlassman
Contributor II

Ummmm,

 

They may be able to require that for US citizens, but they can't require that for foreign citizens.

 

Accessing data pipelines without a persons knowledge or permission is kind of illegal...

Sincerely,

Mike Glassman, CISSP
Iguana man