Monitoring Social Media Warfare Threats
Security agencies and criminal justice investigators in the United States and several countries around the world monitor social media under specific circumstances. In addition, political campaigns, corporations, and special interest groups monitor social media regarding issues that threaten them. They also monitor their known adversaries’ use of social media. This chapter reviews some monitoring trends and tools to monitor social media warfare activities.
Monitoring Social Media for Security and Intelligence Purposes
The Department of Homeland Security (DHS) Office of Operations Coordination and Planning (OPS), including the National Operations Center (NOC), launched the Social Networking/Media Capability (SNMC) to assist DHS and its components involved in the response, recovery, and rebuilding effort resulting from the earthquake and after-effects in Haiti as well as the security, safety, and border control associated with the 2010 Winter Olympics. These limited purposes were expanded in June 2013 to meet the operational needs of DHS. Since then, and to meet its statutory requirements, OPS, through SNMC analysts, monitors publicly available online forums, blogs, public websites, and message boards to collect information used in providing situational awareness and establishing a common operating picture.
The DHS Privacy Office (PRIV) and OPS/NOC decided to further broaden the program’s capability to collect additional information, including limited instances of personally identifiable information (PII). As such, a Publicly Available Social Media Monitoring and Situational Awareness Initiative Privacy Impact Assessment (PIA) Update and new DHS/OPS-004 Publicly Available Social Media Monitoring and Situational Awareness Initiative System of Records Notice (SORN) were issued on January 6, 2011 and February 1, 2011, respectively.
The OPS/NOC will only monitor publicly available online forums, blogs, public websites, and message boards to collect information used in providing situational awareness and a common operating picture. OPS/NOC is permitted to collect PII on the following categories of individuals when it lends credibility to the report or facilitates coordination with federal, state, local, tribal, territorial, foreign, or international government partners:
- ? U.S. and foreign individuals in extremis situations involving potential life or death circumstances
- ? Senior U.S. and foreign government officials who make public statements or provide public updates
- ? U.S. and foreign government spokespersons who make public statements or provide public updates
- ? U.S. and foreign private sector officials and spokespersons who make public statements or provide public updates
- ? Names of anchors, newscasters, or on-scene reporters who are known or identified as reporters in their post or article or who use traditional and/ or social media in real time to keep their audience aware and informed of situations
- ? Current and former public officials who are victims of incidents or activities related to homeland security
- ? Terrorists, drug cartel leaders, or other persons known to have been involved in major crimes of homeland security interest
According to policy, PII inadvertently or incidentally collected outside the scope of these discrete set of categories of individuals shall be redacted immediately before further use and sharing. In accordance with the retention schedule and disposal policy that was established and approved by the OPS/NOC records officer and NARA (NARA: N1-563-08-23), the NOC will retain information for no more than five years. OPS/NOC will share Media Monitoring Reports (MMRs) with departmental and component leadership, private sector, and international partners where necessary, appropriate, and authorized by law to ensure that critical disaster-related information reaches government decision makers.
OPS/NOC must maintain a log of social media monitoring Internet-based platforms and information technology infrastructure that SNMC analysts visit under this initiative. Additionally, OPS/NOC will implement auditing at the router level for all outbound http(s) traffic and generate audit reports that will be available for each compliance review and upon request. SNMC analysts are required to take annual privacy training and specific PII training .
Several foreign governments have been known to monitor social media, websites, and e-mails for security and legal purposes. Those countries are identified annually by the U.S. Department of State. A summary of the worst offenders is provided in Chapter 2: “Civilian Government Use of Social Media to Attack, Defend, or Control.”
The U.S. Department of State sought to hire social media warfare monitors for the Iraqi Political and Social Media Monitoring Project. The project sought a Virtual Fellow to serve with the Office of Iraq Affairs, Bureau of Near Eastern Affairs (NEA/I) as a consultant on Iraqi press and social media coverage of Iraqi political, economic, and security developments. The Virtual Fellow was to monitor Iraqi media and social media outlets in order to provide up-to-the-moment summaries of important developments to NEA/I decision makers. The Virtual Fellow was to be responsible for combing Iraqi media and social media outlets for breaking political, military, and economic news. In particular, the Fellow would closely follow news related to important Iraqi figures, political parties, militias, as well as government ministries and agencies in Baghdad and the Iraqi provinces in order to provide a summary of the most relevant information and, where appropriate, analysis based on the Fellow’s own knowledge and experience related to Iraq and Iraqi politics. The position required native fluency in Arabic (preferably Iraqi), along with an in-depth knowledge and understanding of Iraqi politics, history, culture, and society . Restrictions on the use of personally identifiable information of those being monitored were not discussed in the announcement.