Exactly what is Homeland Security watching for on Facebook, Twitter, YouTube?

The idea that any number of federal institutions are watching your every move on social networks like Facebook, Twitter is unnerving at best. The Department of Homeland Security is one of those agencies and today it testified before a House subcommittee to define and defend its role in social media monitoring.

Rep. Patrick Meehan (R-Pa.), the House Committee on Homeland Security, Subcommittee on Counterterrorism and Intelligence subcommittee's chairman, opened the hearing by saying it was reported that DHS had instituted a program to produce short reports about threats and hazards.

More: From Anonymous to Hackerazzi: The year in security mischief-making 

"However, in something that may cross the line, these reports also revealed that DHS had tasked analysts with collecting intelligence on media reports that reflect adversely on the U.S. Government and the Department of Homeland Security. In one example, DHS used multiple social networking tools — including Facebook, Twitter, three different blogs, and reader comments in newspapers to capture resident's reactions to a possible plan to bring Guantanamo detainees to a local prison in Standish, Mich.

In my view, collecting, analyzing, and disseminating private citizens' comments could have a chilling effect on individual privacy rights and people's freedom of speech and dissent against their government," Meehan stated.

Meehan went on to say if an individual willingly and publicly uses Facebook, Twitter, or the comments section of a newspaper website, they, in effect, forfeit their right to any expectation of privacy. "However, other private individuals reading public Facebook status updates or Twitter feeds is different than the Department of Homeland Security reading them, analyzing them, and possibly disseminating them. My worry — and the worry of many Americans — is what else the government may be doing with the information collected. What safeguards are in place to ensure the online activity of innocent Americans is not being monitored and stored by their government?" Meehan asked.

In response, DHS officials said the agency currently has a presence on many of the major social networking platforms, including Facebook, Twitter, and YouTube. In addition, FEMA launched a FEMA app for smartphones that contains preparedness information for different types of disasters. Similarly, the Transportation Security Administration has MyTSA Mobile Application, which enables the traveling public access to relevant TSA travel information, such as types of items that may be carried through TSA security checkpoints, or estimated wait times, DHS stated.

Mary Ellen Callahan, DHS chief privacy officer, told the hearing that it may be appropriate for the government, including DHS, to use social media for a variety of reasons.

"DHS recognizes that the use of social media by government actors must occur with appropriate privacy, civil rights, and civil liberties protections; whether DHS is disclosing its information and press releases via social media platforms like Twitter and Facebook, reviewing news feeds for situational awareness, or researching identified, discrete targets for legitimate investigatory purposes," she said.

DHS has created department-wide standards designed to protect privacy, civil rights, and civil liberties in each category of its use. There are three general ways in which DHS utilizes social media, and each has associated privacy protections:

•External communications and outreach between the department and the public.

•Awareness of breaking news of events or situations related to homeland security, known as "situational awareness."

•Operational use, when DHS has the appropriate authorities, such as law enforcement and investigations.

In each category, the department has set standards that incorporate privacy protections, create standards across the components and department, and are transparent with regard to the scope of our activities, Callahan stated.

Callahan said by examining open source traditional and social media information, comparing it with many other sources of information, and including it where appropriate in DHS National Operations Center NOC reports, the NOC can provide a more comprehensive picture of breaking or evolving events.

More: All hail: Inside the museum of nonsense

Following the three discrete social media monitoring pilots by the NOC in 2010, the Privacy Office did a thorough (and public) Privacy Compliance Review of the NOC's implementation of the privacy protections. The Privacy Office's review found that the NOC's social media monitoring activities did not collect private information, did not monitor or track individuals' comments, and complied with the stated privacy parameters set forth in the underlying privacy impact statements, Callahan stated.

The DHS NOC does not: 1) actively seek private information except for the narrow exceptions; 2) post any information on social media sites; 3) actively seek to connect with internal/external social media users; 4) accept internal/external personal users' invitations to connect; or 5) interact on social media sites. The NOC is, however, permitted to establish user names and passwords to form profiles and follow relevant government, media, and subject matter experts on social media, Callahan stated.

Callahan testified that after conducting a Privacy Compliance Review, the Privacy Office determined that regulations should be updated to allow for the collection and dissemination of private information in a very limited number of situations. After January 2011, private information on the following categories of individuals may be collected when it lends credibility to the report or facilitates coordination with federal, state, local, tribal, territorial, and foreign governments, or international law enforcement partners:

1) U.S. and foreign individuals in extremis, i.e., in situations involving potential life or death circumstances;

2) Senior U.S. and foreign government officials who make public statements or provide public updates;

3) U.S. and foreign government spokespersons who make public statements or provide public updates;

4) U.S. and foreign private sector officials and spokespersons who make public statements or provide public updates;

5) Names of anchors, newscasters, or on-scene reporters who are known or identified as reporters in their posts or articles, or who use traditional and/or social media in real time to provide their audience situational awareness and information;

6) Current and former public officials who are victims of incidents or activities related to homeland security; and

7) Terrorists, drug cartel leaders, or other persons known to have been involved in major crimes of homeland security interest.

DHS workers cannot review individuals' information unless they have appropriate underlying authority and supervisory approval. Moreover, Office of Operations Coordination and Planning and Office of Intelligence and Analysis have additional specific policies on the use of social media for operational purposes. One of DHS' responsibilities is to confirm our work is being done under the appropriate legal framework for federal law enforcement activities, Callahan stated.

However, with increased access to individuals' personal information posted on the Internet and social media sites, these DHS components have been reminded that they must also be conscious of privacy considerations, Callahan stated.

Read more about wide area network in Network World's Wide Area Network section.

Join the CSO newsletter!

Error: Please check your email address.

More about FacebookFEMALANTransportation

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Michael Cooney

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place