A chilling new proposal from US Customs and Border Protection threatens to redefine the boundaries of international travel, potentially granting authorities unprecedented access to the personal lives of visitors.
Travellers from 42 countries, including the United Kingdom, could soon be compelled to surrender five years of their digital history – social media posts, phone numbers, email addresses, and even details about their families – as a condition of entry.
The proposal, rooted in Donald Trump’s Executive Order 14161 focused on national security, casts a wide net, seeking to identify potential threats and those who might “exploit the immigration laws.” But experts warn the implications extend far beyond legitimate security concerns.
The sheer scope of data requested is alarming. Beyond social media handles, applicants may need to provide business and personal email addresses spanning a decade, phone numbers used over five years, IP addresses linked to submitted photos, and comprehensive details about family members – names, dates of birth, places of birth, and current residences.
Even biometric data – facial recognition, fingerprints, DNA, and iris scans – could be included in the required submission. This level of scrutiny raises profound questions about privacy and the potential for misuse.
“Under most data protection laws, consent is key,” explains Paul Bernal, Professor of Information Technology Law at the University of East Anglia. “By applying for a visa, you’re effectively consenting to its terms. If an ESTA includes this requirement, the US could argue they have your consent.”
However, Bernal cautions that this consent is not without its dangers. He points out the potential for selective enforcement, where individuals critical of the US government on social media could face visa denial or deportation.
The proposal isn’t simply about identifying immediate threats; it appears to be a broad data collection effort. Experts fear the information gathered will not be limited to visa assessments and will be retained for future, undefined purposes.
“Will they delete the data once you’re approved?” Bernal asks skeptically. “I doubt it. We have to question *why* they’re collecting this information, not just *what* they say they’ll do with it.”
This data grab echoes concerns about free speech, ironically mirroring criticisms leveled by Trump himself regarding censorship in Europe. Bernal argues the proposal is “every bit as bad” as the issues Trump has highlighted, emphasizing that the implications extend far beyond US borders.
Professor Muttukrishnan Rajarajan, director of the Institute for Cyber Security, acknowledges that law enforcement agencies globally already analyze social media for counter-terrorism efforts. However, he stresses that collecting five years of data without anonymization constitutes a significant privacy violation.
“Sharing this personal social profile with other agencies would definitely be an intrusion on our privacy,” Rajarajan warns, noting that national security justifications often allow broad access to personal data.
The proposal is currently under review, with a 60-day public comment period offering a crucial opportunity for objection. The future of international travel, and the privacy of millions, hangs in the balance.
The 42 countries currently utilizing the ESTA program for travel to the United States include: Australia, Andorra, Austria, Belgium, Brunei, Chile, Croatia, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Israel, Italy, Japan, Latvia, Liechtenstein, Lithuania, Luxembourg, Malta, Monaco, Netherlands, New Zealand, Norway, Poland, Portugal, Qatar, San Marino, Singapore, Slovakia, Slovenia, South Korea, Spain, Sweden, Switzerland, Taiwan, and the United Kingdom.