President Trump’s plan for “extreme vetting” of travelers coming to the United States puts a lot of emphasis on screening social media profiles. The administration has even floated the idea of asking visa applicants for the passwords to their online accounts, a possibility that drew swift condemnation from free speech and privacy advocates.
But border security officials on a panel at an industry conference in San Antonio last week described ambitions to aggressively mine social media accounts using technology that would work with or without passwords.
“I feel like its incumbent upon us to really do as much or more than we’re doing today in the social media space and in open-source research intelligence,” said Jim McLaughlin, Executive Director of U.S. Customs and Border Protection’s Targeting and Analysis Systems Programs Directorate.
The panelists honed in on some specific techniques they wanted the government to adopt, including an improved approach to analytics and artificial intelligence.
“One of the big ticket items is big data, how to automate the process [of]…taking selectors, emails, phone numbers, and mirroring them up to social media profiles quickly,” said Ted McNelis, a consultant with Deloitte who works on counterterrorism screening at CBP.
Albert Davis, who leads screening efforts at U.S. Citizenship and Immigration Services, didn’t just want to be able to use Twitter or Facebook information as part of an extended background check. Really useful, he said, would be automated tools that could use object recognition to identify profiles with ISIS flags in them, or that were “able to characterize the sentiment” of a post.
“They’re using emojis, you know,” Davis said.
The point of the conference, known as the Border Security Expo, was for companies to hawk services to Homeland Security, and the event’s organizer, Thomas Winkowski, a former high-ranking official at CBP and at U.S. Immigration and Customs Enforcement who now runs a border security consultancy, reminded the audience that “extreme vetting” offered “lots of opportunities” for helping agencies scrape and sift data.
Social media, he said, was a “huge opportunity there that we need industry’s help with.”
The panelists were divided on how effective it would be to ask passengers outright for their handles or passwords. McNelis said that asking for social media handles on forms — which the CBP started doing last year — or requiring that travelers turn over their passwords was unlikely to thwart many terrorists, and could even be counterproductive.
“While you might get some short wins in the beginning,” he said, “I’m worried that if it becomes required for everybody to submit their social media on forms that they’ll just start deleting them, or they’ll get better at virtual tradecraft.”
McLaughlin defended the decision to ask for social media handles, though he said he would “sidestep the passwords” issue.
“It’s sort of silly for us not to ask for it,” McLaughlin said. “If you’re gonna have an online persona out there and you’re gonna be publishing things, we’re not doing our job if we don’t ask people to provide that information.”
On the Expo floor, companies offering social media analytics weren’t much in evidence, with the exception of Dataminr, which boasts of processing tweets into “actionable information” for government agencies and other users. Dataminr already has contracts with CBP; in 2015, the agency spent $250,000 on accounts for 50 users, and then renewed the software for $570,000 last year.
The Transportation Security Administration, FBI, and other intelligence agencies also use Dataminr, though last year, Twitter, which owns part of Dataminr, cut off the CIA’s access to the tool. And when the American Civil Liberties Union obtained documents showing that Dataminr provided a geospatial data analysis tool to the federally funded law enforcement hubs known as fusion centers, Twitter responded by limiting the data the fusion centers could access, and Dataminr pledged not to assist with “any form of surveillance.” The company also insisted that it did not provide law enforcement with direct access to the “firehose” of historical twitter data, despite the FBI’s contract containing language that suggests exactly that. A Dataminr spokesperson made similar statements to The Intercept, adding that the company’s only product for government agencies consists of “tailored breaking news alerts for first response.” CBP did not respond to a request for comment about how they use the product.