EFF recently received new documents as a result of our FOIA lawsuit
on social network surveillance, filed with the help of UC Berkeley’s
Samuelson Clinic,
that reveal two ways the government has been tracking people online:
surveillance of social networks to investigate citizenship petitions and
the Department of Homeland Security’s use of a “Social Networking
Monitoring Center” to collect and analyze online public communication
during President Obama’s inauguration. This is the first of two posts
describing these documents and some of their implications.
Of the
two disclosures, the citizenship verification initiative is perhaps
the most disconcerting, both for its assumptions about people who use
social networking sites and for its potentially deceptive and unethical
approach to collecting information. Specifically, the disclosure
contains a May 2008 memo by the U.S. Citizenship and Immigration
Services (USCIS) entitled Social Networking Sites and Their Importance
to FDNS [Office of Fraud Detection and National Security] which states:
Narcissistic tendencies in many people fuels a need to
have a large group of “friends” link to their pages and many of these
people accept cyber-friends that they don’t even know. This provides
an excellent vantage point for FDNS to observe the daily life of
beneficiaries and petitioners who are suspected of fraudulent
activities.
This social networking gives FDNS an opportunity to reveal fraud by
browsing these sites to see if petitioners and beneficiaries are in a
valid relationship or are attempting to deceive [United States Citizen
and Immigration Services] about their relationship. Once a user posts
online, they create a public record and timeline of their activities.
In essence, using MySpace and other like sites is akin to doing an
unannounced cyber “site-visit” on a [sic] petitioners and beneficiaries.
In other words, USCIS is specifically instructing its
agents to attempt to “friend” citizenship petitioners and their
beneficiaries on social networks in the hope that these users will
(perhaps inadvertently) allow agents to monitor their activities for
evidence of suspected fraud, including evidence that their relationships
might not live up to the USCIS’ standard of a legitimate marriage.
Of course, there are good reasons for government agencies and law
enforcement officials to use all the tools at their disposal, including
social networks, to ferret out fraud and other illegal conduct. And
while one might just chalk this up to another case of “caveat
friendster,” it does raise some questions about the agency’s conduct.First, the memo makes no mention of what level of suspicion, if any, an
agent must find before conducting such surveillance, leaving every
applicant as a potential target. Nor does the memo address whether or
not DHS agents must reveal their government affiliation or even their
real name during the friend request, leaving open the possibility that
agents could actively deceive online users to infiltrate their social
networks and monitor the activities of not only that user, but also the
user’s friends, family, and other associates. Finally, the memo makes
several assumptions about social networking users that are not
necessarily grounded in truth and reveal the author’s lack of
understanding of the ways people use social networking sites.
First the
memo engages in armchair psychology by assuming a large friend network
indicates “narcissistic tendencies.” Second, and perhaps more
disturbing, the memo assumes a user’s online profile always accurately
reflects her offline life. While Facebook and MySpace
would like their users’ profiles to always be current and accurate,
users may have valid reasons for keeping some of their offline life out
of their online profiles (for example, many users still feel their
relationship status is private). Unfortunately, this memo suggests
there’s nothing to prevent an exaggerated, harmless or even out-of-date
off-hand comment in a status update from quickly becoming the subject of
a full citizenship investigation.