Focusing public attention on emerging privacy and civil liberties issues

FOIA Note #19 (August 4, 2011)

Department of Homeland Security Reveals Entities that Could Receive Information From Social Media Monitoring

Snapshot

[click for full document]

The Disclosure

In response to an EPIC Freedom of Information Act ("FOIA") request, the Department of Homeland Security ("DHS") disclosed a single heavily redacted three-page document listing public and private entities to which DHS could disclose information about social media users. The disclosed document contains a list of 230 e-mail addresses. 190 were redacted under a claim of FOIA exemption b(6), a "clearly unwarranted invasion of personal privacy."

The Issue

The Department of Homeland Security's Publicly Available Social Media Monitoring and Situational Awareness Initiative

The Background

The "Publicly Available Social Media Monitoring and Situational Awareness Initiative" ("the Initiative") is a program operated by the National Operations Center ("NOC") under the Office of Operations Coordination and Planning ("OPS") as a part of DHS. The program consists of NOC monitoring social media services and acquiring publicly available information without any direct interaction, which would then be stored and used by the agency. DHS has provided a representative, but likely not exclusive list of the social media services that will be monitored.

The original Privacy Impact Assessment ("PIA") for the Initiative was released on June 22, 2010 and stated that the program would generally avoid collecting "Personally Identifiable Information" ("PII"). The updated PIA, released on January 6, 2011, however, stated that the Initiative would now be able to acquire and release PII that falls into certain categories. DHS plans to retain individuals' personal data for five years. The acquisition and disclosure of information by DHS raises questions about its compliance with the Privacy Act, as well as the privacy risks raised by the program's broad scope.

EPIC filed a FOIA request with DHS in June 2011 seeking: 1) any list of those federal, state, local, and foreign governmental entities which DHS plans to or may choose to disclose information that is procured through social media monitoring 2) any list of those private sector entities which DHS plans to or may choose to disclose information that is procured through social media monitoring and 3) any records setting out DHS's legal authority to disclose information that is procured through social media monitoring, including memos, communications, and reports.

The Significance

DHS will be able to disclose individuals' personal social media information to at least twenty different public and private entities. This includes nine other federal departments and agencies including the Department of Treasury, the Nuclear Regulatory Commission, the Department of Health and Human Services, and the Federal Bureau of Investigation. The list also includes three entities that are a part of the Executive Office of the President, including the National Security Council. DHS may also disclose to military services such as the Coast Guard. The list includes two private entities, one of which is a DHS contractor involve in a new "Media Analysis Center." Of the five other entities, mostly state governmental, two are notable in that they are fusion centers. This raises further privacy risks, as fusion centers disseminate information to parties that are not on the list that DHS provided.

About the Freedom of Information Act

The Freedom of Information Act establishes a legal right for individuals to obtain records in the possession of government agencies. The FOIA is critical for the functioning of democratic government because it helps ensure that the public is fully informed about matters of public concern. The FOIA has helped uncover fraud, waste, and abuse in the federal government. It has become particularly important in recent years as the government has tried to keep more of its activities secret.