Australians travelling to the United States would have to provide five years’ worth of social media history, family members’ details, and other personal data under proposed changes to its screening system that also include scrapping its “vulnerable” website.

Electronic System for Travel Authorisation, or ESTA, is a pre-screening program that lets residents of 42 countries participating in the Visa Waiver Program (VWP), including Australia and New Zealand, register for travel to the US before they depart.

Applicants have lodged applications through the ESTA website since the program began in 2008, but this is set to change under changes proposed by US Customs and Border Patrol (CBP) that will see visitors required to use the ESTA Mobile app instead.

The proposal also flags the potential collection of biometric information including “face, fingerprint, DNA, and iris” – although it provides no details as to how DNA might be collected, under what circumstances, and the policy's standing under the UN Universal Declaration on the Human Genome and Human Rights.

Applicants will also be required to provide a range of additional personal information – including providing “their social media from the last 5 years” and “high value data fields” including personal and family phone numbers for the past 5 years.

The social media requirement – presumably requiring social media handles rather than the actual content – reflects the mandate of Executive Order 14161, which was among a flurry of orders issued after US President Donald Trump’s January inauguration.

Border authorities in the US, Australia and elsewhere have increasingly moved to scrutinise the social-media posts of visitors, with new information-sharing orders recently found to have fast-tracked Australian authorities’ access to US users’ data.

The ESTA Mobile app was introduced in 2023 and would become mandatory for travellers to use under a proposal floated by US Customs & Border Patrol (CBP). Source: Supplied

Proposed high value data elements also include personal and business email addresses used in the past 10 years; business phones numbers for the past 5 years; and names, dates and places of birth, phone numbers, and residences of family members.

ESTA weaknesses prompt a system overhaul

With US foreign tourism numbers slipping – and international visitor spending set to decline 22.5 per cent this year compared with the previous peak – the ESTA overhaul comes amidst a range of changes to US visa policy.

This includes the imposition of a “catastrophic” $150,000 ($US100,000) fee for H-1B visas that are widely used in the tech industry, and the new Trump Gold Card enabling foreigners to purchase US permanent residency “in record time” for $US1 million.

ESTA policy changes, and the requirement for incoming travellers to exclusively use the mobile app, are part of efforts to “enhance security and improve efficiency” of a website whose weaknesses, CBP says, have been repeatedly manipulated by “bad actors”.

All ESTA applicants must upload photos of passport biographical pages, but an audit by the National Targeting Center (NTC) Traveler Application Security Unit (TASU) found over 2,400 cases where applicants had uploaded poor quality photos.

Over 8,000 photo comparison screenings were sabotaged by invalid passport photos, CBP said, warning that ill-intentioned travellers “are aware of this vulnerability and have begun to exploit it by purposely uploading poor quality images to avoid detection.”

In addition, CBP “continues to struggle with fraudulent third-party websites” that purport to process travellers’ ESTA applications on their behalf – but charge “exorbitant fees” to handle applications that are never actually submitted to CBP.

Apart from its inadequate photo processing, CBP said the current ESTA system cannot validate the authenticity of the passport images uploaded through its website, since there is no way to read the NFC chip embedded in ePassports issued by 178 countries.

Australians travelling to the US, like visitors from 41 other Visa Waver Program countries, could soon be required to enter social media and other personal details into a mobile app when applying for permission to travel there. Source: Supplied

This enabled lodgement of “hundreds of fraudulent ESTAs,” CBP said, “created by facilitators [who] uploaded fraudulent passport bio pages to obtain approved ESTAS… then presented official ESTA printouts, falsely claiming the ESTA holder was a spouse.”

Mobile offers a more secure alternative

Switching all travellers to the ESTA Mobile app will address these issues, CBP said, by tapping a range of “superior identity verification methods” that are readily available through the familiar smartphone interface.

These include built-in facial recognition and liveness detection – in which the phone takes a selfie and looks for features confirming that it is not a still photo – as well as the ability to scan an ePassport’s NFC chip using the phone’s built-in NFC reader.

Using that chip, biographical data from the ePassport can be compared to the information provided in the ESTA application to immediately flag any anomalies for review.

Phones’ built-in location capabilities can also confirm whether I-94 visa holders – those entering the US via land borders or ferries – are actually outside its borders when they check in via the app to notify CBP that they have left the country.