As noted in our first post, EFF recently received new documents via our FOIA lawsuit on social network surveillance, filed with the help of UC Berkeley’s Samuelson Clinic, that reveal two ways the government has been tracking people online: Citizenship and Immigration’s surveillance of social networks to investigate citizenship petitions and the DHS’s use of a “Social Networking Monitoring Center” to collect and analyze online public communication during President Obama’s inauguration. This is the second of two posts describing these documents and some of their implications.
In addition to learning about surveillance of citizenship petitioners, EFF also learned that leading up to President Obama’s January 2009 inauguration, DHS established a Social Networking Monitoring Center (SNMC) to monitor social networking sites for “items of interest.” In a set of slides [PDF] outlining the effort, DHS discusses both the massive collection and use of social network information as well as the privacy principles it sought to employ when doing so.
While it is laudable to see DHS discussing the Fair Information Practice Principles [PDF] as part of the design for such a project, the breadth of sites targeted is concerning. For example, among the key “Candidates for Analysis” were general social networking sites like Facebook, MySpace, Twitter, and Flickr as well as sites that focus specifically on certain demographic groups such as MiGente and BlackPlanet, news sites such as NPR, and political commentary sites DailyKos. According to the slides, SNMC looks for “‘items of interest’ in the routine of social networking posts on the events, organizations, activities, and environment” of important events. While the slides indicate that DHS scrutinized the information and emphasized the need to look at credible sources, evidence, and corroboration, they also suggest the DHS collected a massive amount of data on individuals and organizations explicitly tied to a political event.
In addition, while the slides do emphasize the minimization and elimination of “Personally Identifiable Information” (PII) from the public data, the slides note that “[o]penly divulged information excluding PII will be used for future corroboration purposes and trend analysis during the Inauguration period.” Thus, it is unclear whether or not the information was deleted permanently after the inauguration proceedings were complete. Moreover, there have been several recent studies and papers showing how, even without PII, comments and information about people online can be “re-identified” through the use of sophisticated computational techniques and thus create privacy concerns.
Finally, while there have been some reports in the past year of similar social network monitoring for large-scale public events, to date the public has not seen such detailed information about the government’s approach to monitoring, especially on its data preservation practices. As our FOIA lawsuit continues, we hope to learn more about such activities and help bring further transparency and accountability to the ways in which government agencies and law enforcement officials collect and analyze information about us online.