Skip to Content

Government Surveillance, Privacy & Data

The Secure and Succeed Act Is [Still] Bad For Immigrants and Americans Alike

Senator Chuck Grassley (R-Iowa) recently introduced The Secure and Succeed Act of 2018 (“Secure Act”), an almost 600-page omnibus immigration bill. The Secure Act has many co-sponsors, including Senator John Cornyn (R-TX), whose impact on the bill is readily apparent. The Secure Act mirrors Cornyn’s Building America’s Trust Act which was introduced in August 2017. Cornyn’s bill has since been duplicated in multiple legislative proposals, including this recent Grassley addition to the immigration debate. The White House endorsed the Secure Act on February 14. The bill addresses the future of Dreamers, limitations on legal immigration, new immigration enforcement measures and border security.

This blog focuses on border security. CDT would welcome measured proposals to address border security challenges, but this legislation fails to deliver. Two of the more troubling types of provisions include: 1) discriminatory and invasive screening of visa applicants and visa holders and 2) inflexible and intrusive border security mandates. Yesterday, this was one of the four immigration bills that received a vote in the Senate, and thankfully it failed 39 to 60. As Congress goes back to the drawing board, legislators should avoid returning to the Secure Act or the Building America’s Trust Act for inspiration.

Discriminatory and Invasive Screening of Visa Holders and Applicants
Social Media Screening
The Secure Act calls on the Department of Homeland Security (DHS) to, “to the greatest extent practicable, and in a risk-based manner and on an individualized basis, review the social media accounts of visa applicants who are citizens of, or who reside in, high-risk countries.” High-risk countries are identified by their level of cooperation to combat terrorism with the United States and “any other criteria the [Secretary of Homeland Security] determines appropriate.” Sec. 1736. Targeting individuals on the basis of nationality is discriminatory, an ineffective means of identifying security threats, and will likely burden nationals of Muslim countries.

CDT has strenuously and repeatedly argued against the collection of social media identifiers. As a matter of security, this type of screening will fail to yield desired results. Wrongdoers would simply abstain from engaging with social media, or provide sanitized accounts for review. Instead of bolstering security this type of screening would waste resources, and burden travelers. Reviewing the social media information of visa applicants would be invasive, chill free speech and association, and would burden the right to anonymity. Social media information is idiosyncratic and context-dependant and the risk of drawing negative, mistaken inferences from the data is great. This screening would also implicate Americans’ freedoms. Americans’ social media information could get swept up in a visa review, and they may find themselves facing similar scrutiny when they travel abroad if this practice proliferates.

Finally, while social media review of this kind is unfortunately already taking place, this language is particularly troubling because it could be interpreted to authorize DHS to demand social media passwords, an alarming departure from existing practice. This conclusion is drawn for two reasons. First, this section fails to specify that the review is of public social media information. Second, in the subsequent section of the bill, DHS is called to complete ‘open source screening’ of visa applicants. If DHS were to only review public social media information, this would surely qualify as ‘open source’ and there would therefore be no need for a separate social media section. It’s not clear if this is simply a case of poor drafting, or an intentionally vague provision. Regardless, the collection of social media passwords would be incredibly invasive, create a significant cybersecurity threat, and if adopted by the US would certainly be adopted by other countries and applied to Americans seeking entry. Under either interpretation, Congress should not adopt social media screening of visa applicants and holders.

Continuous Screening
Sec. 1733 calls for U.S. Customs and Border Protection (CBP) to, “in a risk-based manner, continuously screen individuals issued any visa and [nationals of Visa Waiver countries] who are present, or expected to arrive within 30 days, in the United States, against the appropriate criminal, national security, and terrorism databases maintained by the Federal Government.” Because this Administration has repeatedly singled out nationals of Muslim countries, it’s unfortunately all too likely to apply this provision in a discriminatory manner. This section authorizes continuous screening once individuals are in the United States, inviting monitoring simply because these individuals are not U.S. persons. The United States has long supported legal immigration because immigrants have been shown to be on the whole law-abiding members of society and do not deserve ongoing and unwarranted scrutiny. Foreign status is not an appropriate justification for constant surveillance of individuals in the U.S and this is not activity Congress should endorse.

Inflexible and Intrusive Border Security Mandates
Mandated Increase in Hours of Drone Surveillance
The Secure Act demands air and marine operations consisting of no fewer than 24 hours of drone flight operations, five days a week. There are three major problems with this plan. First, CBP asserts that its border enforcement authorities extend as far as 100 miles from the physical border, a geography that contains over 200 million Americans. Expanding CBP’s drone program absent severe geographic restrictions would subject millions of Americans to invasive, continuous drone surveillance. Second, this program is vulnerable to mission creep. CBP has demonstrated a willingness to loan its drones to local law enforcement, and an internal review of the CBP drone program revealed that CBP uses its drones “in support of other federal, state, or local law enforcement activities.” Third, mandating a specific number of flight hours is an ineffective strategy. It fails to take into consideration the fact that mission needs and technologies change, and it ignores the troubled history of CBP’s existing drone program. A 2015 review of the program by the DHS Inspector General determined that “CBP drones are dubious achievers” and they are very expensive. This history strongly cautions against relying on drones.

Mandated Deployment of Capabilities to Specific Locations
The Secure Act details the types of capabilities that must be used at the various divisions of the border. For example, for the Yuma Sector, the bill demands that “mobile vehicle-mounted and man-portable surveillance capabilities” and “man-portable unmanned aerial vehicles” be deployed. Prematurely committing specific capabilities for particular regions of the border is bad strategy because the needs on the ground will change. It is cumbersome to change laws, and a plan this specific shouldn’t be legislated.

Further, some of the capabilities described are invasive and their use shouldn’t be mandated absent use restrictions. For example, unmanned aerial vehicles, or drones, will be deployed to more sectors of the border. The associated problems were discussed above. In addition, stingrays, which trick cell phones into connecting to a device rather than to a cell tower, qualify under the bill as “vehicle-mounted and man-portable surveillance capabilities,” and are a capability to be deployed to several regions of the border. Stingrays are a powerful and controversial piece of surveillance technology. Once a device connects to a stingray, the operator can determine the device’s location and identifying data, and can review the content of phone calls and text messages. CBP has in its possession 33 stingrays, and a recent Congressional review of the technology recommended that “Congress [] pass legislation to establish a clear, nationwide framework for when and how geolocation information can be accessed and used.” Regulation of CBP’s use of Stingrays consists of a DHS policy, which only informs CBP practice during criminal investigations. For criminal investigations, there is a presumption that the operator first needs to get a warrant based on probable cause. However, this guidance does not apply during immigration enforcement or border patrol activities, which again extend 100 miles from the border. Arming CBP with surveillance technologies like drones and stingrays, and endorsing their continued use, invites invasive surveillance of Americans and immigrants. CBP’s use of these technologies without restrictions poses a huge threat to the civil liberties of immigrants and Americans alike.

Given the scope of these problems, Congress should not adopt any of these ineffective and invasive programs.