The Executive Orders issued by the US Government for immigration and subsequent statements by the administration indicate that the Department of Homeland Security is starting a process of “extreme vetting” of prospective immigrants, refugee claimants and non-immigrant visa applicants. From a terrorism perspective, here is a Q&A about “extreme vetting.”
What is “extreme vetting”?
Extreme vetting is not in place yet. In the weeks to come, what extreme vetting will involve is that when a person from those 7 countries, and any other situation that may be determined to be high risk, attends a US Embassy for an interview to visit or immigrate to the US, according to what we know so far, they will be required to provide:
- A list of the websites they have visited;
- A list of social media they are members of with their passwords for access;
- A review of those people who the applicant follows, and who follows the applicant on all social media platforms, together with checking of those followers and followed persons against global security databases for risks and such;
- The contact list on their cellular phone which will be vetted as against those lists maintained in the global security database;
- The telephone numbers the applicant has called or received calls from, again which will be vetted as against global security databases; and
- The same type of vetting for emails, as for telephone numbers.
It is going to be a person’s cellular phone that is key in extreme vetting and an applicant who has no cell phone, or has a wiped-out cell phone will probably be denied entry because that would be suspicious.
Social media apps like WeChat in China, for example, are already monitored and linked in databases to identify and monitor certain people – the US proposition is to do the same with multiple sources and larger data points as part of its immigration screening process.
In the years to come, who you know will become much more important in immigration and will work for and against applicants. Names that result in red flags will harm applicants and those that result in neutral or “prominent person” flags, will assist an applicant’s immigration process.
Is there a danger in the extreme vetting process?
Yes. The most immediate danger is the protection, control and sharing of personal information.
Extreme vetting will create what I call: “extreme data.”
Extreme data will include our whole lives, including photos, conversations, contacts, relationships, residences, personal experiences and such. It will require extreme protection. There is a risk of the private sector attempting to convince the US government that it should provide services for extreme data collection, maintenance, analysis and such. The enormity and sensitivity of the data, from a terrorism and national security perspective, means that it will never be appropriate for the private sector to be involved. Take for example, information in respect of prominent persons, diplomats, prime ministers and other world leaders which, if in the hands of the private sector, would create greater risks of exposure of prominent people to leakage of the data and to risks of physical harm from terrorists. The public sector has legal and constitutional duties to the population whereas a private sector actor in this scenario would only has contractual obligations to the public sector.
The second danger is in respect of what will happen when names, connections, telephone numbers, emails and social media followers are connected in a growing database. Given that this is a counter-terrorism exercise, it may link people to suspected terrorists who have no link whatsoever except that they followed someone on social media who, unbeknownst to them, had links to terrorists.
Another danger is that applicants may be denied for no reason other than their social media profiles suggested they would not be best suited for immigration to the US, which may not be the best basis for such decisions.
What are the 7 countries that will be subject to extreme vetting?
They are Iran, Iraq, Syria, Libya, Somalia, Sudan and Yemen.
Did the President Trump decide what the 7 countries were?
No. The US Congress had earlier identified those seven countries under a previous government administration. And four of them were also identified as part of HR158 by the Obama Administration a year ago when the Visa Waiver Program was changed to revoke visa waivers for Iran, Iraq, Syria and Sudan on the basis that foreign nationals from those countries, or who had traveled to those countries, pose a terrorist risk.
Will some countries stay on the banned list?
Yes – probably two will come off and the rest will stay on. Those that remain on the list will remain because it means that their government is not able to provide US immigration officials with comfort that their passport system, and identity documents of their nationals are sound, secure and reliable. It is likely that Syria and Iraq will remain on the banned list for some time. They have documents that pose security risks (see below) and they lack the passport control infrastructure to operate a passport and identity system that is reliable.
Do those 7 countries pose a terrorist risk?
Yes and no.
ISIS is present in six of the seven countries and very active in Syria, Iraq and Libya. In Syria and Iraq, ISIS ran fairly sophisticated operations and controlled swaths of the population, performing many government functions such as education, training, supply of essential services and food, landlord, employment and tax collection. The two concerns with respect to Iraq, Syria and Libya are that ISIS has promised to send its people to the US disguised as fake refugees to cause death and destruction and they have also promised to bring a weapon of mass destruction to the US via Mexico that would have originated from Pakistan. These are the visible large-scale terrorism threats that we know of because they came directly from ISIS but there are thousands of others known only to intelligence agencies that may be more serious.
For Syria and Iraq, the Director of Frontex, the EU border agencies has said that it is not possible to ascertain the identity of foreign nationals from Syria or Iraq entering the EU in all cases because of the prevalence of false passports. Many journalists have gone to the Middle East to test out the ability of obtaining fake passports – a journalist with the Guardian, for example, reported last year that two separate transnational criminal organizations in Iraq offered him fake (but authentically made) Syrian passports, ID card and birth certificate, with the help of a Syrian official in the Embassy, for $2,500.
The problem of fake passports lies primarily in the security of the issuing process. Transnational criminal organizations, such as ISIS, have access to a large number of blank Syrian passports that they then personalize for a price, the end result of which is a real, but fake, passport that cannot be easily detected even by experts (more here where Frontex’ Director says that with the fake passport issue, the EU does not know who exactly, has entered the EU).
Iran is a different story. You can read our article here in Quartz as to why Iranians are not a threat in respect of ISIS. The previous administration included Iran not because of individual terrorism threats of its citizens but because of what the US calls state-sponsored terrorism, meaning support of organizations such as Hezbollah. This is a different type of terrorist financing that has no relevance to ISIS.
What will the future of extreme vetting hold?
Extreme vetting will, in a few years time be done by artificial intelligence. The social media and connections of applicants will be analyzed to determine their risk profile by machines and those machines will also be able to predict the likelihood that the person is a terrorist or a threat to national security. There is already predictive AI that can assess whether a person is an employment risk, or at risk of breaking the law based on their Instragram posts. It is not too much of a leap to using that technology to predict a terrorism risk.