How the Government Decides to Track You Online
CREDIT: Shutterstock: boscarelli
It didn't take long for Twitter users to make light of the shocking news that the National Security Agency monitors social media sites, combing the billions of updates for data related to national security.
For example, Twitter user @mattdizwhitlock wrote "#NSACalledtoTellMe that after 4 trial memberships on eHarmony I probably should just give up."
Beyond providing much-needed comic relief, the hashtag "NSA Called to Tell Me" points out just how much our online activities reveal about what we do and how activities can be pieced together to make conclusions that may be accurate or off-base.
What we know
At this time, the public does not know exactly what information the NSA is collecting through its PRISM program, although it does include photos, chats and login times, according to an NSA slideshow published by the Washington Post.
Further, its intelligence gathering is supposed to be limited to foreign targets outside of the United States, but the nature of communication is two-sided and U.S. citizens could easily find themselves involved in an investigation if they happen to be communicating with foreign targets.
A class-action lawsuit in response to the publication will be filed today (June 12), against government officials and PRISM participants AOL, Apple, Facebook, Google, Microsoft, PalTalk, Skype, Yahoo! and YouTube — which means details could eventually be revealed.
Meanwhile, the Department of Homeland Security, which operates inside the U.S., recently published its updated guide to social media collection and impact on privacy. The DHA routinely collects and analyzes information from social media sites, including Twitter , Facebook, Flickr and YouTube.
(Instagram and Vine are not included on the list, nor is Reddit, which may indicate that the security team is not altogether plugged into where a lot of citizen journalism happens.)
What the government seeks
So-called items of interest (IOI) are used to generate a report providing situational awareness and establish a common operating picture among government agencies and law enforcement officials. In its guide for analysts, the DHS includes eight broad categories to be monitored, including terrorism , domestic security and cybersecurity.
It also offers keywords for analysts to use when searching social media sites, which are, for the most part, clearly related to the category. For instance, the phrases "weapons cache" and "dirty bomb" likely relate to terrorism, but others on the list, such as "pirates" and "target," could simply be a mom looking for a good deal on her child's Halloween costume.
The guidebook states that no personally identifiable information should be gathered for these reports, which should make those nervous about data collection more comfortable. But there are several exclusions to this rule: government officials and reporters . For Jacob Applebaum, an outspoken activist and computer security researcher, government monitoring is a severe threat to privacy.
"There is nearly no way to promise protection to a source, no way to keep our social graph private — even if we choose to keep it private, the state will have it," Applebaum told TechNewsDaily.
The DHS disagrees. It said its analysts access only public data and therefore, privacy is in the hands of Internet users.
"Users determine their level of involvement and decide how 'visible' they wish their presence on any given service to be," the DHA states in its guide.
The only real solution is to avoid social media altogether. Alternately, some sites provide better protection than others. For instance, you can make your Facebook and Twitter posts visible to a select few. But even that may not be enough protection.