Earlier this month, we reported that an archive of tweets could be held indefinitely by the Library of Congress if they have any "long-term historical interest." But what about active monitoring of social media by the government? If you think the government is tracking your online movements, keywords in your tweets could be just what turns its eye onto you.
The Department of Homeland Security (DHS) announced its plans to monitor social media sites in the interest of public safety in February 2011. Now, the Electronic Privacy Information Center (EPIC), according to Courthouse News, says DHS could track words like "human to animal," "collapse," "infection," "outbreak" and "illegal immigrants" using fake accounts.
Fox News reports that EPIC has filed a lawsuit against DHS after a Freedom of Information Act request for documents of communications between DHS and its contractor over the proposed initiative went unanswered. The original request for data was filed in April and EPIC announced it would be suing DHS last week for information.
Fox has more:
The lawsuit filed [Dec. 20] expressed concern that information DHS gathers could be stored for up to five years and shared, noting that Internet users "routinely" post personal information in online communications and "have no reason to believe that the Department of Homeland Security is tracking their every post."
The document request was initially prompted in part by reports that a private company had floated proposals for tapping into social media and sabotaging certain activists. According to EPIC's original request, the company reportedly had set up a training session with DHS in 2010.
EPIC in April asked DHS for information about any contact with the company, but also records on "all contracts, proposals and communications" between DHS and other governments or private companies, as well as documents on training and software pertaining to the social media monitoring program.
The media monitoring initiative is still in development, and in November, the DHS released a privacy compliance review of its Publicly Available Social Media Monitoring and Situational Awareness Initiative Privacy Impact Assessment (PIA) Update and new DHS/OPS-004 – Publicly Available Social Media Monitoring and Situational Awareness Initiative System of Records Notice (SORN), which were issued on January 6, 2011, and February 1, 2011, respectively.
According to the review of the initiative, the Office of Operations Coordination and Planning (OPS), including the National Operations Center (NOC), would have the authority to collect "personally identifiable information" and hold said information for up to five years. It will "monitor publicly available online forums, blogs, public websites, and message boards to collect information used in providing situational awareness and a common operating picture." The OPS/NOC was found complaint in its plans to share its media monitoring reports with federal employees, contractors and international partners who "need-to-know." The review states that the privacy risk of sharing the information is minimal because the information gleaned was made available on public sites.
The Homeland Security Newswire reported DHS undersecretary Caryn Wagner as saying that the department is still continuing to create guidelines for how to use social media in its security efforts, especially in light of how Facebook and Twitter were used in recent events like Arab Spring:
We’re still trying to figure out how you use things like Twitter as a source,” she said. “How do you establish trends and how do you then capture that in an intelligence product?”
To that end, Wagner said DHS is in the midst of creating guidelines to gather information from these sites for law enforcement purposes. She was careful to note that the agency is mindful of strict privacy laws that prohibit the government from spying on U.S. citizens and DHS was working to develop rules to protect privacy like establishing the length of time the information can be stored and differences between domestic and international surveillance.
DHS proposed revisions to its “Department of Homeland Security/ALL—017 General Legal Records System of Records" on Nov. 23 with public comment ending on Dec. 23. To this, EPIC responded with several comments against the revisions (Download the PDF here.):
EPIC opposes many of the proposed system of records provisions and the lack of meaningful opportunity for DHS to review public comments. The system of records notice (“SORN”) greatly expands permissible “routine use” disclosures of personal information in DHS’ possession. Additionally, because the system of records applies literally to every person — “members of the public” — the expansion of “routine use” would significantly undermine privacy safeguards set out in the Privacy Act and would unnecessarily increase privacy risks for individuals whose records are maintained by the federal government. Pursuant to the SORN listed in the Federal Register, EPIC submits these comments to address the substantial privacy risks that the agency’s proposals raise.
EPIC says that DHS' legal authority to routinely monitor sites like Facebook and Twitter remains unclear. NextGov reports that in February's announcement DHS stated that it would not actively seek out friendships under false identities with users on sites and notes that it, in sharing information with other parties, would strike out a name or other information that could identify the person, expect in a life or death situation.