If you are thinking about tweeting about clouds, pork, exercise or even Mexico, think again. Doing so may result in a closer look by the U.S. Department of Homeland Security.
In a story appearing earlier today on the U.K’s Daily Mail website, it was reported that the DHS has been forced to release a list of keywords and phrases it uses to monitor various social networking sites. The list provides a glimpse into what DHS describes as “signs of terrorist or other threats against the U.S.”
The list was posted by the Electronic Privacy Information Center who filed a request under the Freedom of Information Act, before suing to obtain the release of the documents. The documents were part of the department’s 2011 ’Analyst’s Desktop Binder‘ used by workers at their National Operations Center which instructs workers to identify ‘media reports that reflect adversely on DHS and response activities’.
The information sheds new light on how government analysts are instructed to patrol the internet searching for domestic and external threats. The Daily Mail’s article noted the Electronic Privacy Information Center wrote a letter to the House Homeland Security Subcommittee on Counter-terrorism and Intelligence, describing it’s choice of words as ‘broad, vague and ambiguous’.
What wasn’t disclosed is how the agency actually gains access to the various search engines and social networks to monitor the specified keywords. My guess is the DHS has a “special arrangement” with companies like Google, Facebook, Microsoft, Yahoo and Twitter to gain secure direct API access. This type of access would allow it to use distributed cloud technologies to monitor the daily flow of social media and search activity in something close to real time.
I would love to learn more about the technologies used to accomplish this type of social / web monitoring. The applications for monitoring trends and social statics are fascinating when applied to other industry sectors. Given the extent of the monitoring, I’m sure this post itself is now coming up on the DHS radar, so please feel free to leave a comment with any insights.
(Update 1: Reading through the Desktop Binder, I discovered the DHS Twitter account is @dhsnocmmc1 and DHS appears to be using tweetdeck to monitor the various keywords. See Page 38 – Also interesting to note they seem to be using a Mac Mini as a server, and no password vaults. All Passwords appear to be shared in a plain text word document.)
(Update 2: On page 37, DHS instructs analysts to accept invalid SSL certificates forever without verification. Although invalid SSL warnings often appear in benign situations, they can also signal a man-in-the-middle attack. Not a good practice for the security conscience. Thanks to @obraon twitter for the tip.)
The complete DHS Analyst’s Desktop Binder is available here. See entire key word list starting on page 20.