EFF recently received new documents as a result of our FOIA lawsuit on social network surveillance, filed with the help of UC Berkeley’s Samuelson Clinic, that reveal two ways the government has been tracking people online: surveillance of social networks to investigate citizenship petitions and the Department of Homeland Security’s use of a “Social Networking Monitoring Center” to collect and analyze online public communication during President Obama’s inauguration. This is the first of two posts describing these documents and some of their implications.
Of the two disclosures, the citizenship verification initiative is perhaps the most disconcerting, both for its assumptions about people who use social networking sites and for its potentially deceptive and unethical approach to collecting information. Specifically, the disclosure contains a May 2008 memo by the U.S. Citizenship and Immigration Services (USCIS) entitled Social Networking Sites and Their Importance to FDNS [Office of Fraud Detection and National Security] which states:
Narcissistic tendencies in many people fuels a need to have a large group of “friends” link to their pages and many of these people accept cyber-friends that they don’t even know. This provides an excellent vantage point for FDNS to observe the daily life of beneficiaries and petitioners who are suspected of fraudulent activities.
This social networking gives FDNS an opportunity to reveal fraud by browsing these sites to see if petitioners and beneficiaries are in a valid relationship or are attempting to deceive [United States Citizen and Immigration Services] about their relationship. Once a user posts online, they create a public record and timeline of their activities. In essence, using MySpace and other like sites is akin to doing an unannounced cyber “site-visit” on a [sic] petitioners and beneficiaries.
In other words, USCIS is specifically instructing its agents to attempt to “friend” citizenship petitioners and their beneficiaries on social networks in the hope that these users will (perhaps inadvertently) allow agents to monitor their activities for evidence of suspected fraud, including evidence that their relationships might not live up to the USCIS’ standard of a legitimate marriage.
Of course, there are good reasons for government agencies and law enforcement officials to use all the tools at their disposal, including social networks, to ferret out fraud and other illegal conduct. And while one might just chalk this up to another case of “caveat friendster," it does raise some questions about the agency’s conduct.
First, the memo makes no mention of what level of suspicion, if any, an agent must find before conducting such surveillance, leaving every applicant as a potential target. Nor does the memo address whether or not DHS agents must reveal their government affiliation or even their real name during the friend request, leaving open the possibility that agents could actively deceive online users to infiltrate their social networks and monitor the activities of not only that user, but also the user’s friends, family, and other associates. Finally, the memo makes several assumptions about social networking users that are not necessarily grounded in truth and reveal the author’s lack of understanding of the ways people use social networking sites. First the memo engages in armchair psychology by assuming a large friend network indicates “narcissistic tendencies.” Second, and perhaps more disturbing, the memo assumes a user’s online profile always accurately reflects her offline life. While Facebook and MySpace would like their users’ profiles to always be current and accurate, users may have valid reasons for keeping some of their offline life out of their online profiles (for example, many users still feel their relationship status is private). Unfortunately, this memo suggests there’s nothing to prevent an exaggerated, harmless or even out-of-date off-hand comment in a status update from quickly becoming the subject of a full citizenship investigation...