Surveillance

Outrage Over Police Social Media Surveillance Falls on the Wrong Parties

Hold law enforcement responsible for snooping, not the tech platforms.

|

Protests
John Orvis / Splash News/Newscom

By now everybody must be hip to the fact that social media companies make a good chunk of their money not off us users tweeting about the latest outrage, Instagramming our lunches, or Facebooking political memes with completely inaccurate or made up information. It makes money by taking what we voluntarily reveal about ourselves, packaging it up (or allowing software developers to package it up), and selling it to customers.

It has also become increasingly obvious that governments—local, national, and international—understand social media as an organizational and tracking tool and have adjusted their information-gathering techniques accordingly. This is not inherently a negative—it helps police and emergency responders map out how to react to a crisis, for example.

But that's also the problem. Governments have a noted trend toward seeing anything from its own citizenry that disrupts its own precious order as a "crisis," including groups of people gathering in public to loudly express opinions that their government sucks.

We already know full well that local police and the FBI have been using surveillance tools to snoop on its own citizens, particularly during protests. The American Civil Liberties Union (ACLU) has discovered as a result of records requests that American law enforcement agencies are social media datamining tools to keep tabs on protesters and activists.

Specifically, law enforcement agencies have been using tools by a company called Geofeedia to keep track of location-based social media trends in real time. It was doing so via its access to Twitter, Facebook and Instagram user data, and according to the ACLU, it was marketing itself to law enforcement specifically for easier surveillance purposes.

Based on what the ACLU was able to gather, it doesn't appear Geofeedia had access to private information. Rather it had access to database info of what people publicly choose to share on social media and was able to use the same tools marketers use to try to promote products to you based on what you talk about on social media.

The ACLU here is taking an approach that I personally find a little unusual and a bit concerning. They are pressuring the social media outlets to be accountable to how developers and customers use the data. They're putting out a list of recommendations for tech companies:

Beyond the agreements with Geofeedia, we are concerned about a lack of robust or properly enforced anti-surveillance policies. Neither Facebook nor Instagram has a public policy specifically prohibiting developers from exploiting user data for surveillance purposes. Twitter does have a "longstanding rule" prohibiting the sale of user data for surveillance as well as a Developer Policy that bans the use of Twitter data "to investigate, track or surveil Twitter users." Publicly available policies like these need to exist and be robustly enforced. Here is what we're asking of the social networks:

No Data Access for Developers of Surveillance Tools:Social media companies should not provide data access to developers who have law enforcement clients and allow their product to be used for surveillance, including the monitoring of information about the political, religious, social views, racial background, locations, associations or activities of any individual or group of individuals.

Clear, Public & Transparent Policies:Social media companies should adopt clear, public, and transparent policies to prohibit developers from exploiting user data for surveillance purposes. The companies should publicly explain these policies, how they will be enforced, and the consequences of such violations. These policies should also appear prominently in specific materials and agreements with developers.

Oversight of Developers:Social media companies should institute both human and technical auditing mechanisms designed to effectively identify potential violations of this policy, both by the developers and end users, and take swift action for violations.

The government should not have preferred access to social media speech for surveillance purposes. We are confident the companies agree. Facebook and Instagram have already cut off access to Geofeedia and Twitter should do the same. It's also time for all three of the companies to live up to their words by taking the additional concrete steps outlined in our letters.

Why does this bother me? It feels as though the ACLU wants to make private companies responsible for overseeing how governments interact with information rather than holding police and officials themselves responsible.

I realize that's not an entirely fair evaluation. The ACLU certainly does not shy away from holding authorities responsible for inappropriate government surveillance and is not afraid to fight in the courts to restrain this behavior.

Nevertheless there's something about this pressure on social media companies to take responsibility for keeping data out of the hands of law enforcement that feels like a surrender. It feels like an acknowledgment that we cannot expect our police to respect our privacy and we can't expect that they will be held accountable for violations. Instead the ACLU is demanding that these companies employ more resources, both human and technological, to keep authorities at bay. This is not a task without costs for Twitter or Facebook or other companies.

There is the larger picture that these tech companies also have to worry about what happens to data in autocratic countries where governments more harshly crack down on citizens who defy authority. Certainly the increased push for data encryption is in part an effort to help prevent not just criminal hackers and identity thieves, but it's also an understanding that governments are trying to secretly access our personal, private data.

Perhaps I'm overreacting. But my larger fear is that somehow these suggestions will eventually lead to attempts to legally obligate social media companies to be responsible for government behavior, with possible large civil fines as penalties for failures. The idea may sound absurd, but keep in mind the "ban the box" movement to discourage companies from immediately discounting potential employees on the basis of criminal records is moving from a voluntary shift to a government order in some cities. That means that companies could be penalized by the government for declining to hire people who had a criminal background caused by government enforcement of the law itself. Instead of changing the enforcement of drug and vice laws, government is simply telling employers when they're allowed to care about these laws.

Read more about the ACLU's complaint to social media companies here.