• United States



Social Media Monitoring on Gov’t Steroids: Anything might come back to bite you

Jan 31, 20128 mins
Cloud ComputingData and Information SecurityData Center

With all the data hoarding that happens since the DOJ, DHS, FBI have jumped on the social media data-mining bandwagon -- you never know when that comment might be considered dissent and come back to bite you. It's like we are all potential terrorists or cybercrooks which will eventually come to light after hovering up and storing our digital communications. It's a difficult area, but the EFF says to fight for transparency about government social media monitoring.

Although OSINT (open-source intelligence) has been around for a very long time, people continue to over-share photos, info, everything on social media which I believe lowers a reasonable expectation of privacy for society as a whole. Social media is not private; it’s fair game. And all the feds have jumped on the social media data-mining bandwagon. The FBI wants a data-mining social media app, but InformationWeek pointed out that the CIA, DHS, and “the Intelligence Advanced Research Projects Agency (IARPA)–also are interested in mining the Web for picking up clues about public opinion or world events for use in their respective missions.”

To be fair, it is publicly available info, long used by wise social engineers, yet it’s a bit unnerving to ponder your ‘dissent’ could be misconstrued and dumped into a government database such the massive DHS database of secret watchlists. It’s not new since even back in 2010, the ACLU reported that spying on free speech was nearly at Cold War levels. Also in 2010, the EFF warned that Big Brother wants to be your friend on social media. The data gobbling, spying and e-hoarding is at epidemic levels. Just this week, in DHS Napolitano’s speech to the press, she said, “Think of it this way–if we have to look for a needle in a haystack, it makes sense to use all of the information we have about the pieces of hay to make the haystack smaller.”

Sophos Naked Security called social media “the ultimate career squasher.” According to a Microsoft survey, plenty of people suffer negative consequences like losing a job or health insurance after posting unwisely. Yet even if you are very private and very careful, a “friend” (perhaps frenemy) might take something privately shared with them and re-share it on social media. Let’s say you don’t post pictures, or if you do that you strip out the geo-tagged data first, don’t tweet, Google+ or otherwise tell ‘the world’ what is happening offline or about your life. So if you are not trolling and not doing anything illegal, do you think your comments on websites don’t matter? Well Homeland Security must think those comments are important, as seen in records from EPIC’s FOIA request. As part of a $11 million contract with General Dynamics, DHS said “to monitor public social communications on the Internet. The records list the websites that will be monitored, including the comments sections of [The New York Times, The Los Angeles Times, the Huffington Post, the Drudge Report, Wired, and ABC News.]” With the data hoarding that happens, you never know when that comment might come back to bite you.

As reported back in December, EPIC is suing DHS for social media monitoring. EPIC’s FOIA lawsuit resulted in 285 pages of agency records about how Homeland Security monitors social media [PDF]. One such revelation was that DHS told General Dynamics “to monitor for ‘[media] reports that reflect adversely on the U.S. Government, DHS, or prevent, protect, respond government activities’.” DHS spokesman Matt Chandler said social media monitoring is “for situational awareness purposes only.”

Recently the EFF reported the Department of Justice is using misdirection to put a spin on monitoring the treasure trove of cloud computing and privacy. “Perhaps the most disingenuous comment came when (Deputy Assistant Attorney General) Swartz said, ‘the US government is as committed to privacy and civil liberties as much as or more so than any nation on the planet’.” When I read that I’d just taken a drink of coffee and choked so hard that it nearly came out of my nose. If the database is on U.S. soil, then the government can get hold of it. Period. The DOJ might even consider you a felon for clicking on a link!  “The US government believes that when you use a US-based cloud service, you have no ability to prevent the government from having access without a warrant under either the Stored Communications Act or the constitution,” the EFF wrote. “Until this problem is fixed, US DOJ officials’ reassurances about the privacy protections of US cloud computing services should be met with strong skepticism, both internationally and here at home.”

But hey, that’s nothing, because thanks to the EFF’S FOIA request about social media monitoring, the DOJ also wants to know who’s rejecting your friend requests. Who pokes you and who do you poke? If you caught the government’s attention, then it could tell you. The EFF stated, “The draft search warrants are particularly interesting because they show the full extent of data the government regularly requests on a person it’s investigating.” It includes your full profile, the Facebook pokes, “who rejects your friend requests, which apps you use, what music you listen to, your privacy settings, all photos you upload as well as any photos you’re tagged in (whether or not you upload them), who’s in each of your Facebook groups, and IP logs that can show if and when you viewed a specific profile and from what IP address you did so.”

Although Facebook “technically limited” its ability to provide some logs, “law enforcement may still be able to get this information for specific time periods by contacting Facebook directly,” the EFF wrote. The DOJ Draft Facebook Warrant, Affidavit, and Usage Notes also mentions Facebook Gifts and the personalized message which can be attached, as well Facebook posts including “Marketplace” where users may posts items for sale, housing, job listings and other items. “Facebook also provides its users with access to thousands” of apps with access to the user’s account — made available to — you guessed it! Johnny Law Officer.

The almost 100 pages of records the EFF acquired include a DOJ presentation of obtaining and using social networking evidence, an article about Investigating Child Exploitation, a much more detailed ICE/DOJ presentation on investigating online groups, a Draft MySpace Warrant, how to search MySpace and how to use MySpace Friend Mapper and Minnesota “More than MySpace” Presentation.

Social media is not going away, and people are not going to disconnect from the Internet or stop sharing. The data hoarding and monitoring (even censoring) is also not going away, in fact it seems like it’s only going to get worse (looking at you Twitter).  In the face of all of this surveillance and social network spying, when tech is turned against us, I worry about our civil liberties, freedom, and privacy. It’s depressing, but I’d like to offer you something positive, so I reached out to a group that I deeply respect. I spoke with the EFF’s Rebecca Jeschke who said:

You’re right that this is a difficult area here. There are tons of information that folks are voluntarily sharing publicly. On one level, it should not be a surprise that the government sees this information and is interested, and sometimes that’s good. For example, social media helped lawmakers understand they were going to pay a political price if they didn’t back off SOPA. Also, I’ve been concerned in the past about a general cluelessness around technology and how the world communicates coming from the government, so I’m glad that they are aware of these systems and their importance. However, you are right that data hording isn’t going to go away any time soon. Storage is so cheap and so why not stash it? I have concerns about the kinds of digital dossiers the government may build on citizens, and what those files might reveal — or what investigators believe they might reveal — about their subjects. I don’t think there are easy answers here. Fighting for transparency about government procedures around social media is the first step — it will give us the answers we need going forward.

Like this? Here’s more posts:

Follow me on Twitter @PrivacyFanatic

ms smith

Ms. Smith (not her real name) is a freelance writer and programmer with a special and somewhat personal interest in IT privacy and security issues. She focuses on the unique challenges of maintaining privacy and security, both for individuals and enterprises. She has worked as a journalist and has also penned many technical papers and guides covering various technologies. Smith is herself a self-described privacy and security freak.