“Terrorism.” “Drug War.” “Bomb.” “Social Media.”
If we were playing a game where you had to choose which word doesn’t belong, the answer would be “social media.” But in fact, all of the above words are related…at least according to the Department of Homeland Security (DHS).
According to the Electronic Privacy Information Center (EPIC), a DHS subcontractor was hired to monitor online forums, blogs, message boards, public websites and social media sites like Facebook and Twitter for specific keywords. In DHS terminology, these keywords are referred to as “Items of Interest” or “IOIs”. The DHS has divided the targeted IOIs into a series of categories, ranging from “terrorism” and “H1N1” to “domestic security” and “cyber security.” (You can view the complete list of keywords here; note that new search terms may be added as natural or manmade disasters occur). Based on this data, real-time IOI reports are then generated.
Reuters reports that “the purpose of the monitoring, says the government document, is to ‘collect information used in providing situational awareness and establishing a common operating picture.’” Government responses, such as to “the 2010 earthquake and aftermath in Haiti and security and border control related to the 2010 Winter Olympics in Vancouver, British Columbia” are supposed to be made easier via IOI-monitoring.
EPIC, however, believes the monitoring is unjustified, and in December 2011, began suing the DHS over covert surveillance of Facebook and Twitter. As a result of this initial Freedom of Information lawsuit, EPIC obtained more than 300 pages of documents detailing the DHS’ surveillance program. Then EPIC proposed that the DHS suspend the program, “warning that this activity violates First Amendment rights.” Eventually, Congress got involved, and a hearing on ‘DHS Monitoring of Social Networking and Media: Enhancing Intelligence Gathering and Ensuring Privacy’ called.
In fact, this hearing called into question further agencies, such as the FBI, which began circulating a six-page RFI, or “Request for Information,” that details a “social media application” they are trying to build. According to the RFI, this application would “improv[e] the FBI’s overall situational awareness” by monitoring “user updates on social sites such as Facebook and Twitter, along with news reports from Fox News, CNN and MSNBC.” (You can read the complete RFI here).
As everyday internet users we may ask ourselves: how effective is this uncovering of IOIs? And how is our privacy ensured?
Consumer advocate Christopher Elliott argues that “there is no evidence I'm aware of that any terrorist or criminal has been caught through social media.” In fact, non-criminals, such as barman Leigh Van Bryan, have been arrested for tweeting “destroy” and “America” in that order.
To be exact, Leigh Van Bryan (@leighbryan) tweeted: “@MelissaxWalton free this week for a quick gossip/prep before I go and destroy America? x”. that, according to Van Bryan, the “term 'destroy' was British slang for 'party'.” Despite that, it was not enough to convince the officials at the LAX airport; “on suspicion of planning to 'commit crimes',” Van Bryan was detained and had his passport confiscated. After 12 hours in custody, Van Bryan and his friend Emily Blunt, also detained, “returned to the airport where they were handed documents which stated they had been refused entry to the US. Emily's charge sheet stated: 'It is believed that you are traveling with Leigh-Van Bryan who possibly has the intentions of coming to the United States to commit crimes.',” the Daily Mail reports. Both of them now have to apply for visas at the U.S. embassy if they wish to re-enter the United States.
Others have questioned the effectiveness of social media monitoring, responding to the DHS’ approach with sarcasm. Joel Johnson of Animal New York, for example, wrote: “Yes, the Department of Homeland Security is searching social media for…‘social media’.” The Daily Mail, too, characterized the DHS’ choice of IOIs as ‘broad, vague and ambiguous’ – and thus ineffective.
Adam Montella, who has 27 years of direct homeland security and emergency management experience in government and private industry, in contrast speaks in favor of the IOI tracking:
“Prior to 9/11, intelligence agencies had some knowledge that terrorists were planning some sort of attack with airplanes. However, even at the federal level, intelligence and law enforcement agencies kept very compartmentalized (need to know) information and the pieces were not put together fast enough to paint the entire picture. Since then, there is more a more coordinated flow of this type of information, partially due to the very creation of the Department of Homeland Security where 22 separate agencies were brought together under one umbrella. Dozens, if not hundreds of potential acts of violence or terrorism have been stopped by the DHS and other national defense agencies employing this practice.”
According to Montella, intelligence agencies have been using similar techniques for years to listen for “chatter” from suspected terrorists and anarchist groups. “Social media sites are now the electronic bulletin board of today,” and are therefore subject to monitoring, he explains.
But according to Elliott, IOI monitoring is “no more [ethical] than listening to any conversation we have in private with our friends. And just because they can do it doesn't make it right.”
There are several additional factors to keep in mind, like how the DHS is obtaining the data and how privacy is ensured.
Forbes writer Revuen Cohen, notes that “reading through the Desktop Binder, I discovered the DHS Twitter account is @dhsnocmmc1 and DHS appears to be using tweetdeck to monitor the various keywords.” EPIC, however, argues that monitoring goes beyond Tweetdeck: “The program would be executed, in part, by individuals who established fictitious usernames and passwords to create covert social media profiles to spy on other users.”
With regards to ensuring privacy, Johnson says, “To be fair, the DHS does have an internal privacy policy that attempts to strip your ‘PII’–Personally Identifiable Information–from the aggregated tweets and status updates, with some broad exceptions,” he writes, citing specific clauses pertaining to PII use here. According to Mashable, “the FBI’s RFI [request for information] [also] specifically targets “publicly available information” — rather than anything users keep private.”
Gordon Hull, who teaches courses in ethics and technology at the University of North Carolina Charlotte, disagrees: “if they [the DHS] are really stripping the data of personally identifiable information, that seems a lot better. Privacy basically is secured when you separate an identity from an action – so if all they are doing is looking at patterns of word use, the privacy risk is less obvious.”
As individual users, we ultimately need to protect ourselves and our privacy. “We need to be aware that we're being watched. We need to watch what we say, even to our friends,” says Elliott. Montella concurs:
“Too many social media users utilize Facebook, Twitter, and other sites as an ‘online diary.’ One should not have any expectation of privacy when it comes to potential matters of national or homeland security. Freedom of speech can be argued, but the argument goes out the window much like it does when someone yells fire in a crowded theater when there is no fire, or someone phones in a bomb threat. Once you hit the “post” button, you are publishing a document in cyberspace.”
Elliott adds, “There is no such thing as privacy.”
On the one hand, Hull suggests that you can be “proactive in complaining when companies like Facebook [sic] abuse [your] privacy.” More than just protecting our own privacy, however, Montella believes that, “as users, we have an ethical obligation to report any suspected acts of violence or terrorism.” As a rule of thumb, he advises: “Ask yourself would a reasonable person believe this to be terrorism or worth reporting? If the answer is yes, you could help prevent the unthinkable from happening.”
As with numerous other cyber security and ethics issues, the problem is that social networking sites and other internet phenomena are still relatively new, and the appropriate laws have either not been established, or are just in the process of being established. Until an organization like EPIC is able to prevent DHS or FBI from monitoring our interactions online, all we as individual users can do is act with caution and common sense. Whit McGhee comments on a Mashable article: “If you’re not looking to threaten the United States, then you have nothing to worry about.” Daniel J. Solove, author of Nothing to Hide: The False Tradeoff between Privacy and Security, would disagree:
“One can usually think of something that even the most open person would want to hide. As a commenter to my blog post noted, ‘If you have nothing to hide, then that quite literally means you are willing to let me photograph you naked? And I get full rights to that photograph—so I can show it to your neighbors?’”
Add new comment