As noted in our first post, EFF recently received new documents via our FOIA lawsuit on social network surveillance, filed with the help of UC Berkeley’s Samuelson Clinic,
that reveal two ways the government has been tracking people online:
Citizenship and Immigration’s surveillance of social networks to
investigate citizenship petitions and the DHS’s use of a “Social
Networking Monitoring Center” to collect and analyze online public
communication during President Obama’s inauguration. This is the second
of two posts describing these documents and some of their implications.
In addition to learning about surveillance of citizenship
petitioners, EFF also learned that leading up to President Obama’s
January 2009 inauguration, DHS established a Social Networking
Monitoring Center (SNMC) to monitor social networking sites for “items
of interest.” In a set of slides
outlining the effort, DHS discusses both the massive collection
and use of social network information as well as the privacy principles
it sought to employ when doing so.
While it is laudable to see DHS discussing the Fair Information Practice Principles
[PDF] as part of the design for such a project, the breadth of sites
targeted is concerning. For example, among the key “Candidates for
Analysis” were general social networking sites like Facebook, MySpace,
Twitter, and Flickr as well as sites that focus specifically on certain
demographic groups such as MiGente and BlackPlanet, news sites such as
NPR, and political commentary sites DailyKos. According to the slides,
SNMC looks for “‘items of interest’ in the routine of social networking
posts on the events, organizations, activities, and environment” of
important events. While the slides indicate that DHS scrutinized the
information and emphasized the need to look at credible sources,
evidence, and corroboration, they also suggest the DHS collected a
massive amount of data on individuals and organizations explicitly tied
to a political event.
In addition, while the slides do emphasize the minimization and
elimination of “Personally Identifiable Information” (PII) from the
public data, the slides note that “[o]penly divulged information
excluding PII will be used for future corroboration purposes and trend
analysis during the Inauguration period.” Thus, it is unclear whether or
not the information was deleted permanently after the inauguration
proceedings were complete. Moreover, there have been several recent studies
and papers showing how, even without PII, comments and information
about people online can be “re-identified” through the use of
sophisticated computational techniques and thus create privacy concerns.
Finally, while there have been some reports
in the past year of similar social network monitoring for large-scale
public events, to date the public has not seen such detailed information
about the government’s approach to monitoring, especially on its data
preservation practices. As our FOIA lawsuit continues, we hope to learn
more about such activities and help bring further transparency and
accountability to the ways in which government agencies and law
enforcement officials collect and analyze information about us online.