recommended reading

DHS program to monitor social media users draws lawsuit

Privacy advocates are suing the Homeland Security Department to obtain information on a program that monitors the social media interactions of citizens following a federal vendor's private sector plans to sabotage certain groups' online activities with similar technology.

Homeland Security officials have expanded an ongoing initiative that tracks public online communications in the interests of public safety, according a February DHS notice.

The Electronic Privacy Information Center on Tuesday filed a lawsuit under the Freedom of Information Act that seeks all government communications with contractors related to the program. The request was prompted by a leak of planning emails from government contractor HB Gary describing project proposals for a private firm to monitor and discredit the online activities of Americans, such as labor union leaders. Other emails in the cache showed that an HB Gary executive was planning a special training session with Homeland Security officials. Hacker activists from the loosely organized collective Anonymous released the communications.

EPIC is demanding records on contracts and communications between DHS and HB Gary that mention the use of social media monitoring, according to the group's FOIA request. The privacy organization also is asking for information on the technical capabilities of tools Homeland Security uses to scan social media networks. And EPIC officials want to see DHS personnel training materials for the project.

At the time DHS announced the data collection, department officials intended to follow online forums, blogs, public websites and message boards for data that would be kept on record for five years.

Government officials can create user accounts on these sites "for monitoring that supports providing situational awareness and establishing a common operating picture," the February announcement said. The notice, however, stated the DHS program would not "actively seek to connect" with social network users, accept invitations to befriend or otherwise interact with users on sites.

Routine uses of the program include sharing data with contractors that are supporting DHS projects, as well as "an agency, organization or individual when there could potentially be a risk of harm to an individual," Homeland Security officials said.

Typically, DHS staff will strike any information that can identify an individual by name when exchanging it with others. Exceptions include potential life and death situations, when it is necessary to disclose the name and location of a person who, for example, claims to be buried under rubble or hiding in a hotel overtaken by terrorists.

The DHS program can observe American and foreign private sector officials who make statements online, as well as government officials who communicate publicly, according to the notice. The gleaned information also can be shared with the Justice Department for litigation, or other governmental agencies to respond to disasters and track the spread of disease or other health threats.

Homeland Security officials declined to comment.

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security


When you download a report, your information may be shared with the underwriters of that document.