• United States



Social media exploitation key in Trump’s ‘extreme vetting’ program

Aug 08, 20175 mins

Trump administration seeks help from tech firms to create an 'extreme vetting' immigration program. Documents indicate IBM is interested. Watchdog group asks the company to pull out.

social media ts
Credit: Thinkstock

An Immigration and Customs Enforcement (ICE) and Homeland Security Investigations (HIS) federal project is trying to make President Trump’s “extreme vetting” program for immigrants to the U.S. a reality. It is seeking help from tech firms to create a program that can “determine and evaluate an applicant’s probability of becoming a positively contributing member of society, as well as their ability to contribute to national interests” as well as predict “whether an applicant intends to commit criminal or terrorist acts after entering the United States.”

The background information posted with the ICE/HSI solicitation explained that Homeland Security’s Counterterrorism and Criminal Exploitation Unit (CTCEU) is the only national unit “dedicated to the enforcement of nonimmigrant visa violations.” It says it reviews “the immigration status of known and suspected terrorists, by combating criminal exploitations of the Student and Exchange Visitor Program (SEVP), and by leveraging HSI’s expertise with partnering agencies in identifying national security threats.”

Of the more than one million violator leads annually, CTCEU sends about 8,400 cases to HIS for investigation. The current system has numerous pitfalls, such as a lack of continuous vetting process on people with immigration visas, as that supposedly creates “significant risk in ICE’s ability to identify emerging risks, such as radicalization, that may occur after an individual arrives in the United States.” CTCEU also says the screening and vetting process fails to “conduct in-depth analysis or to permit the development of richer case files that would provide high-value derogatory information to further investigations or support any prosecution.”

Part of this new “extreme vetting” program is aimed at getting rid of the backlog, but what the government is seeking breaks down into six tasks: vetting and screening, lead generation, social media exploitation, providing training to the government, statistical and data review support, and additional CTCEU reports. The vendor must be able to screen visa electronic applications, “over 1.5 million records annually,” at high speeds.

Social media exploitation

Some of the more interesting aspects of what the government is seeking is found via the question and answer documents. Quite a few of the interested vendors’ questions centered around the task of social media exploitation, as contractors are to be able to “analyze and apply techniques to exploit publicly available information, such as media, blogs, public hearings, conferences, academic websites, social media websites such as Twitter, Facebook, and LinkedIn, radio, television, press, geospatial sources, internet sites, and specialized publications with intent to extract pertinent information regarding targets, including criminals, fugitives, nonimmigrant violators, and targeted national security threats and their location.”

The answer to an emailed question lists 19 government databases currently used by CTCEU/VSP during the vetting process. One of those, TECS, has seven specific databases that are queried.

The government said it would provide keywords, terms and criteria for criminal and background information searches. Although this new system would mine only publicly available information, the government said — in response to a question about mining info from the dark net and closed forums — it did “have an interest in exploring those areas.”

Sometimes what is not said is nearly as interesting as what is said. For example, responses will be “discussed later” as to whether or not the government wants to conduct continuous vetting on lawfully admitted permanent residents (LPRs).

The presolicitation announcement was posted in June, industry day meetings occurred in July, and vendors were to submit their responses by August 1.

Tech firms interested in developing ‘extreme vetting’ system

The Interceptlooked at the tech firms interested in building President Trump’s “extreme vetting” program. Sign-in sheets from a recent ICE “industry day” for companies interested in building a new tool for the program indicate both large and small firms were interested, including IBM, Booz Allen Hamilton, LexisNexis, SAS and Deloitte.

The revelation created ripples, including corporate watchdog group SumOfUs bashing IBM. The publicly released statement reads:

IBM’s enthusiasm in building an advanced computer system to operationalize Trump’s ‘extreme vetting’ policy is a sick display of moral bankruptcy and corporate greed.

IBM is no stranger to aiding oppressive regimes — let us not forget the company’s role in helping Nazi Germany create systems that helped in the atrocities of the Holocaust. The irony, it seems, is lost on IBM’s executives, as the company quite literally signs up to partner with Trump to make the civil rights violations of his wildly racist ‘extreme vetting’ policy a reality.

Trump is not a normal president, and this is not a business-as-usual moment. By seeking to build technology systems that bring Trump’s ugly ‘extreme vetting’ agenda to life, IBM is complicit in endangering our communities and our democracy. We urge IBM to pledge to not partner with the Trump administration and help execute his troubling ‘extreme vetting’ agenda. IBM must to learn from its ugly past and take a side.

Mission creep after vetting system is developed

Not everyone may see the interest in digging into Trump’s hard-line agenda for immigration and what the vetting of immigrants is to include. However, while the private system the government is seeking may be pointed at extreme vetting today, all agencies are affected by mission creep. Someday the system might be pointed at other individuals or groups that make the government feel threatened. If for no other reason, knowing the capabilities of what is being developed should interest you … someday it might be pointed at you.

ms smith

Ms. Smith (not her real name) is a freelance writer and programmer with a special and somewhat personal interest in IT privacy and security issues. She focuses on the unique challenges of maintaining privacy and security, both for individuals and enterprises. She has worked as a journalist and has also penned many technical papers and guides covering various technologies. Smith is herself a self-described privacy and security freak.