Don’t want the spooks spying on your Facebook or Twitter accounts? Don’t diss the Department of Homeland Security – or really, any Federal agency – in public.
Last year, the DHS acknowledged it was scanning social media as well as mainstream media for “operationally relevant data” – in order to detect, say, the next Arab spring or Japanese tsunami or SARS outbreak before they see it on CNN. But according to the Electronic Privacy Information Center, the spooks are also on the lookout for people being openly critical of the government.
In testimony before Congress last month, Richard Chavez, a senior DHS executive, strongly denied using the agency’s social media monitoring tools to identify speech critical of the government.
The guidelines the DHS issues for monitoring, however – obtained by EPIC via a Freedom of Information Act request -- tell a different story. Among the criteria for creating an Incident of Interest report are “identifying media reports that reflect adversely on DHS and response activities,” as well as “policy directives, debates, and implementations related to DHS.”
It goes on:
“Reports that pertain to DHS and sub agencies - especially those that have a negative spin on DHS/Component preparation, planning, and response activities should be reported to management before being sent to the distribution list. Senior TSI personnel will decide whether the information should be reported through normal channels.”
So even if your post dissing the DEA or the FAA never makes it into the official incident report, it will be seen by the top brass at the agency (identified only as “Brad, Mitch, or Ray” in that doc).
That 39-page document [PDF] also lists more than 300 keywords the DHS monitors to search news reports, tweets and updates. Included among them are the names of every US Federal enforcement agency and many popular recreational drugs, as well as common words like “cops,” “threat,” “exercise,” “initiative,” “power,” “smart,” “pork,” and “social media.”
DHS agents are allowed to include the text of a post in their incident reports, but not the personally identifiable information of the person who posted it. However, they’re also encouraged to include Web links back to the original source – making it extremely trivial to find out who said what. And even if they didn’t include a link – because, for example, the URL contained the name of the speaker, as with Twitter -- searching on the text itself will usually lead back to the source.
You can do this very easily yourself via Openbook, a search engine that pulls results from people who’ve made their Facebook status updates available to everyone. (If you’ve got a few hours to kill, search the phrase “CIA sucks.” Don’t blame me if you fall down into a rabbit hole of tin foil hat conspiracy theorists.)
The rationale the DHS uses for this kind of self-protective monitoring is that agency officials need to be aware of criticism of their departments and be able to respond to the media when questioned about it. But the potential for abuse is obvious. It’s a short hop skip and jump to the formation of an enemies list. For all we know, we are already there.
Got a question about social media? TY4NS blogger Dan Tynan may have the answer (and if not, he’ll make something up). Visit his snarky, occasionally NSFW blog eSarcasm or follow him on Twitter: @tynanwrites. For the latest IT news, analysis and how-to’s, follow ITworld on Twitter and Facebook.