Some of the reporting I’ve seen lately in the wake of the San Bernardino shootings about DHS’s failure to check the social media posts of visa applicants prompted me to send a short email to the Homeland Security Committee.   As this is an important issue now under public scrutiny and debate, I thought I’d share it here as well:

Dear Hon. Representative King or To Whom It May Concern:

I’m writing in response to a couple of news reports I noticed over the past few days, criticizing DHS in general, and CIS in particular, for failing to examine the social media posts of visa applicants (particularly K-1 applicants like Tashfeen Malik).  The news reports brought two DHS initiatives to mind: (a) the Social Media Monitoring Center/Media Monitoring Initiative (and associated projects) operated by contractors under the supervision of the National Operations Center, and (b) a “Radical Rhetoric” project under the Science & Technology Directorate.  It also brought to mind a policy statement concerning the treatment of records of non-U.S. persons under the Privacy Act, and prior Congressional testimony on the subject.  Also, there was a FOIA lawsuit about it.

I’m not expressing an opinion as to how CIS should evaluate applicants, whether it should be using such DHS resources, or whether review of social media posts would have been useful in any case so far.  The news reports I’ve seen seem to assume that Tashfeen Malik publicly posted radical statements that implied or telegraphed a specific intent to participate in a violent act before even arriving in the US.  They also seem to assume, incorrectly, in my view, that DHS has not even considered social media monitoring in the immigration context.  I’m simply writing to make sure your committee has all of the information it needs to fully evaluate the issues.  To that end, I am simply directing you to publicly available documents on DHS’s website (links embedded supra).

Thank you for your attention.

Charles J. Borrero

The potential privacy issue here arises under subsection (e)(7) of the Privacy Act of 1974, which forbids the maintenance of records on the exercise of First Amendment rights.  (The history of this prohibition is pretty interesting–but I’ll save that for another post.)  Of course, there is a law enforcement exception to that prohibition, and the Privacy Act protects only U.S. citizens and lawful permanent residents; not visa applicants.  The nature of social media is such that the records collected in the process of, e.g., investigating a visa applicant, would likely include those of covered persons–but that can still work within the Privacy Act framework.  (Of course, this might be a good opportunity to update it regardless.) Anyhow, as indicated in the Chief Privacy Officer’s testimony, these issues were addressed in the Privacy Impact Assessments of the programs cited in the letter.  So a restriction on the review of publicly viewable social media posts would presumably have been grounded in policy considerations, as opposed to a legal legal prohibition.  (Also, it bears noting that one of the reasons social media monitoring was conducted by contractors was that the Department generally forbids access to social media sites from its offices.)

I thought the television coverage of this issue has been way off, which is why I figured it was worth explaining.   I’m not weighing in on whether USCIS should be using DHS’s Social Media Monitoring resources to vet visa applicants or whether DHS should monitor social media at all.  There are lots of cost/benefit considerations to such policy decisions.  I’m just saying that, contrary to what many pundits and reporters have been saying in the past week, DHS has already publicly considered the legality of social media monitoring (probably not as extensively as the NSA, but still), figured out how to make it work within the law, engaged in it, and testified about it to Congress.