When the gods dance...

Saturday, September 8, 2012

Department Of Homeland Security Tells Congress Why It's Monitoring Facebook, Twitter, Blogs

Department Of Homeland Security Tells Congress Why It's Monitoring Facebook, Twitter, Blogs

The House of Representatives' Subcommittee on Counterintelligence and Intelligence was not pleased. (Insert "angry" emoticon here.)

At a Congressional hearing this morning that veered into contentious arguments and cringe-worthy moments, the Department of Homeland Security (DHS) spilled the beans on their social media monitoring project.

DHS Chief Privacy Office Mary Ellen Callahan and Director of Operations Coordination and Planning Richard Chavez appeared to be deliberately stonewalling Congress on the depth, ubiquity, goals, and technical capabilities of the agency's social media surveillance. At other times, they appeared to be themselves unsure about their own project's ultimate goals and uses. But one thing is for sure: If you're the first person to tweet about a news story, or if you're a community activist who makes public Facebook posts--DHS will have your personal information.

The hearing, which was held by the Subcommittee on Counterintelligence and Intelligence headed by Rep. Patrick Meehan (R-PA), was highly unusual. Hacktivist collective Anonymous (or at least the @AnonyOps Twitter feed) sent a sympathizer to the visitor gallery to liveblog the proceedings under the #spyback hashtag.

Interactions between the DHS officials and representatives were often strained--both Chavez and Callahan were scolded and chastised by Representatives from both parties. Reps. Billy Long (R-MO), Meehan, Jackie Speier (D-CA), and Bennie Thompson (D-MS) all pointed out issues relating to what they variously saw as potential First Amendment violations, surveillance of citizens engaged in protected political speech, the fact that an outside contractor handles DHS' social media monitoring, DHS' seeming inability to separate news monitoring from disaster preparedness, and a massively unclear social media monitoring mandate on the DHS' part.

Video footage of the hearing has already been made available on YouTube, and the written testimony of both DHS experts has been made publicly available. Privacy watchdog group EPIC also filed a formal disclosure to Congress on the results of a FOIA lawsuit. DHS appears to have also stonewalled EPIC regarding their social media monitoring project. The results are staggering.

According to testimony, the Homeland Security Department has outsourced their own social media monitoring program to an outside contractor, defense giant General Dynamics. General Dynamics was the sole party to the original DHS contract, which was not offered to any outside parties--and Chavez was caught misleading the Committee about General Dyamics' sole status.

General Dynamics employees responsible for the DHS social media monitoring contract are required to attend a training course in DHS privacy practices several times a year. If General Dynamics employees misuse the personal information of journalists, public figures or the general public (to include Twitter or Facebook users) in any way, their punishment is restricted to additional training classes or dismissal from the project.

General Dynamics and the Department of Homeland Security are primarily engaging in keyword monitoring of social media. Callahan admitted in sworn testimony that the bulk of the keywords used by DHS were chosen as the result of being included in commercially available, off-the-shelf bulk packages. These bulk keyword packages were later customized according to DHS specifications.

The DHS, meanwhile, is truly interested in breaking news tweets. The Twitter handles, Facebook names and blog urls of first witnesses to news events (the attempted assassination of Gabrielle Giffords and a January 2012 bomb threat at an Austin, Texas, school were specifically cited) are being recorded. Homeland Security claims this information is only used to verify reports, and that dossiers are not being assembled on private citizens and that personally identifying information is regularly scrubbed from their servers.

Another worrying tendency is the fact that DHS appears to be keeping tabs on individual American citizens engaged in community activism and hot-button political issues. EPIC's evidence package to congress included FOIA-obtained data on community reaction to the housing of Guantanamo detainees in a Standish, MI prison. Against the DHS' own guidelines, the agency compiled a report titled Residents Voice Opposition Over Possible Plan to Bring Guantanamo Detainees to Local Prison-Standish MI. This report contained sentiment gathered from newspaper comment talkbacks, local blogs, Twitter posts, and publicly available Facebook posts--something expressly forbidden by the DHS' own policies. Chavez and Callahan claimed that the report was not disseminated and that privacy policies forbid similar things from occuring; nonetheless the report was made and not obtained by EPIC until they sued the DHS.

In testimony, the DHS representatives appeared unclear on what the collected data would actually be used for and which agencies would be using it. Hurricane Katrina was constantly bought up as a talking point, but Committee members were constantly blocked when they asked how Homeland Security would be using their social media findings. In addition, barriers preventing other government agencies from obtaining sentiment information from DHS on individual journalists or private citizens is extremely flimsy; when Rep. Chip Cravvack (R-MN) asked Chavez what he would do if, say, the Attorney General was asking for information, Chavez simply answered that his agency's mandate forbid him from doing that. While that answer is fine and good, it also infers that the DHS has not put proper inter-agency data security safeguards in place.

The hearing was less Big Brother then sloppy-kid-down-the-block... only with a big fat government contract. When numerous Committee members, including Long, questioned Chavez about the existence of similar social media monitoring projects at other government agencies, Chavez said he didn't know of any. Meanwhile, the Associated Press--in a major story--reported on Monday about the FBI putting out a contract for an almost identical project. As a mid-ranking official responsible for analysis operations, it is assumed that Chavez would have a vested interest in knowing what other government agencies were up to in the same field.

At other times, neither Chavez nor Callahan could answer to the Committee's satisfaction why a contractor was hired for the job nor why the federal government was misled on the duration of General Dynamics' social media monitoring contract.

According to testimony, a second, classified, Committee meeting on the subject of DHS social media monitoring was held on February 15 as well.

For more stories like this, follow @fastcompany on Twitter. Email Neal Ungerleider, the author of this article, here or find him on Twitter and Google+.

No comments:

Post a Comment