computer Internet laptop photo

Surfing the InternetBrian Lane Winfield Moore/Flickr

A little-known privacy office in the Department of Homeland Security has given its stamp of approval to an ongoing initiative aimed at monitoring social media sites for emerging threats.

Congress created the department’s privacy office in 2003 to review major initiatives and databases and make certain those initiatives respected the rights of Americans, while also enabling homeland security officials to better collect and share information about possible terrorism and criminal suspects.

The department first began experimenting with the possibility of social media monitoring in 2010 with pilot programs that targeted public reactions to the earthquake in Haiti, the Winter Olympics in Vancouver and the Deepwater Horizon oil spill. The privacy office has since conducted compliance reviews every six months, with the most recent assessment [PDF] published last week.

Although the pilot programs were narrow in focus, privacy and civil liberties groups have long worried that the department’s monitoring would expand to all online speech with no reasonable suspicion that a crime had occurred.

As Americans turn to social media sites like Twitter and Facebook to communicate with one another, intelligence officials are looking for ways to harness that ocean of data and convert it into actionable information.

The Homeland Security Department’s National Operations Center signed up for a Twitter profile with the handle @DHSNOCMMC1 as part of its initiative. The account is locked, and it’s not possible to know who or what the department is following.

According to the privacy office, however, the Twitter profile “does not engage with other users by posting ‘tweets,’ nor does it have ‘followers,’ ” according to the report issued last week. “The DHS profile does not ‘follow’ other Twitter users who are individuals.”

Program employees instead hunt for dozens of keywords in the social media landscape using relatively simple and widely available tools like TweetDeck. For that reason, it’s unclear how words like “burn,” “cocaine” or “collapse” can be analyzed effectively enough to reveal truly useful information among the hundreds of millions of tweets that course across the Web every day.

In a six-month period alone this year, the operations center generated more than 9,300 “item-of-interest” reports from its social media monitoring program. Samples included in the privacy compliance review describe news stories about tornado damage in Louisiana, a suspicious package at an airport, Border Patrol apprehensions in Texas and power outages. Among the Twitter sources were CBS Philadelphia, The Current, the Michigan Department of Transportation and Pacific Gas & Electric. 

While those simple searches turned up innocuous information, there are no assurances that down the road, homeland security officials won’t seek much more sophisticated tools that can automatically mine the Web for what they determine to be a threat or use secret tactics that alarm privacy rights advocates.   

The Electronic Frontier Foundation in 2010 obtained documents showing that federal investigators from U.S. Citizenship and Immigration Services were taught to deceptively “friend” people who were applying to become citizens and snoop for marriage details. 

Foundation attorney Mark Rumold said the recent sex scandal involving now-resigned CIA chief David Petraeus and the emails that unraveled it show how even the nation’s most senior intelligence officials are vulnerable to 21st-century digital transmissions. It’s not just the tweet itself, but metadata behind it, such as a computer’s unique identifying number, that reveals much about who’s communicating, from where and when, he said.    

The FBI currently is seeking a tool to alert agents of developing threats on social media, scrape historical data from the Web that can be searched later and display messages coming from a defined geographical area.

The Defense Advanced Research Projects Agency, part of the Department of Defense, is exploring how to “forecast dynamic group behavior in social media.” It wants a system that can simultaneously scan more than 1,000 groups, more than 100,000 postings per day and more than 1 million people.

“While collaborations in social media have been researched extensively, little attention has been paid to how groups compete with each other for members and influence on opinions of other teams and communities,” the research projects agency wrote in a solicitation this year. “Understanding what affects such online behavior is needed for trend forecasting.”

The Center for Investigative Reporting revealed in September that a growing number of private tech firms are marketing tools to law enforcement agencies that are capable of automatically analyzing vast segments of the Internet and make simple keyword searches elementary by comparison.

“If indeed DHS is just looking at the Weather Channel’s tweets and The New York Times and monitoring media responses, I don’t necessarily know that there’s a civil liberties threat to the public in that,” Rumold said. “But it’s when the monitoring is done behind closed doors in ways the public doesn’t understand I think is the real problem.”

One company in North Carolina shows police how they can scrape and analyze massive volumes of data from Facebook and Twitter and process it for keywords and geographic locations that reveal “patterns of interest.” A text miner tool can determine if words like “bomb” are being used as an adjective or noun.

Another company called 3i-MIND in Switzerland marketed its OpenMIND product at a law enforcement conference in San Diego last year. The tool was designed specifically for police and intelligence agencies and “automatically finds suspicious patterns and behaviors” across the Web – not just on social media sites, but also on blogs and online forums.

DigitalStakeout promises to “unlock the value of social media and big data to discover risks, threats and actionable intelligence” and enables police to not only prioritize hundreds of target terms, but also discover new ones across Twitter, Facebook and YouTube.

Former law enforcement and special operations personnel created a product called TACTrend that they say focuses only on publicly available Internet data that online users choose to share.

“The system also does not target individuals or private U.S. citizens,” TACTrend’s maker wrote in a July white paper [PDF]. “It focuses on key word searches associated with activities, threats, events and actions.”  

Creative Commons License

Republish our articles for free, online or in print, under a Creative Commons license.

G.W. Schulz is a reporter for Reveal, covering security, privacy, technology and criminal justice. Since joining The Center for Investigative Reporting in 2008, he's reported stories for NPR, KQED,, The Dallas Morning News, the Chicago Tribune, the San Francisco Chronicle, Mother Jones and more. Prior to that, he wrote for the San Francisco Bay Guardian and was an early contributor to The Chauncey Bailey Project, which won a Tom Renner Award from Investigative Reporters and Editors in 2008. Schulz also has won awards from the California Newspaper Publishers Association and the Society of Professional Journalists’ Northern California Chapter. He graduated from the University of Kansas and is based in Austin, Texas.