“This is the kind of policy we ordinarily associate with authoritarian states, not open societies. It does a disservice to our democratic values.”

For the past several years, millions of foreign visitors and potential immigrants entering the US have divulged the contents of their social media accounts to the US Department of Homeland Security (DHS). This requirement is part of the Visa Lifecycle Vetting Initiative (VLVI) that began in 2014.

When the VLVI was founded, the disclosure of one's social media information was voluntary. Then, in 2019, this information was made mandatory under certain circumstances. For example, travelers who requested electronic visa-free access to the US were asked to still voluntarily provide this information. 

To date, up to 15 million people have been involved in the VLVI program each year. The account information that they're required to share with authorities is wide-ranging and includes photos, locations, account names, birth dates, and other data that most of us don’t think twice about sharing across our social media channels. The program requests information from across 20 different networks and up to five years’ worth of data. This disclosure has now become an integral part of the US visa application process.

Social media vetting isn't heading in the right direction

In September 2019, an expansion to the VLVI program was proposed to widen its scope to other applicants, including individuals applying for visa waivers and seeking asylum. This expansion would double the potential number of applications covered. When Biden came into office in January 2021, he requested a review of the program and its proposed expansion. That review was conducted, and the expansion was rejected by the executive branch office that said that DHS failed to demonstrate the policy’s usefulness and justify associated costs. 

The expansion is also facing legal challenges. For an in-depth look at the developments, check out this timeline from The Brennan Center for Justice at NYU's School of Law. The latest lawsuit includes one from the Electronic Frontier Foundation, who sued the DHS in March to obtain more transparency about the VLVI program. The foundation, along with other groups, opposes the program, which was also originally and now popularly known as “extreme or enhanced vetting.” Their claims are that it invades applicants’ privacy and violates their First Amendment rights.

“We’re disappointed that the Biden administration has decided to double down on this Trump-era policy of mass surveillance of visa applicants’ social media,” said Carrie DeCell, senior staff attorney with the Knight First Amendment Institute. In a recent Washington Post op-ed, she also writes,  “This is the kind of policy we ordinarily associate with authoritarian states, not open societies. It does a disservice to our democratic values.” 

The risks associated with social media vetting

Social media vetting programs like VLVI are insidious in nature, since an individual's data can be retained indefinitely, shared broadly across multiple federal agencies, and could even be disclosed to foreign governments. There's no “right to be forgotten” clause included in the program, something that is part of many of the European data privacy laws that have been enacted over the past several years, including GDPR. 

As we explored last year, the Brennan Center also has investigated the Los Angeles Police Department, uncovering the fact that the police have been collecting social media account data on people stopped by the police but not necessarily arrested or detained. This could be the digital equivalent of “stop and frisk.”

Both the actions of the LAPD and the DHS are yet more examples of how your digital information can be collected. This underscores the fact that protecting digital freedom is now more important than ever before.