FOIA Note #19 (August 4, 2011)
Department of Homeland Security Reveals Entities that Could Receive Information From Social Media Monitoring
In response to an EPIC Freedom of Information Act ("FOIA") request, the Department of Homeland Security ("DHS") disclosed a single heavily redacted three-page document listing public and private entities to which DHS could disclose information about social media users. The disclosed document contains a list of 230 e-mail addresses. 190 were redacted under a claim of FOIA exemption b(6), a "clearly unwarranted invasion of personal privacy."
The Department of Homeland Security's Publicly Available Social Media Monitoring and Situational Awareness Initiative
The "Publicly Available Social Media Monitoring and Situational Awareness Initiative" ("the Initiative") is a program operated by the National Operations Center ("NOC") under the Office of Operations Coordination and Planning ("OPS") as a part of DHS. The program consists of NOC monitoring social media services and acquiring publicly available information without any direct interaction, which would then be stored and used by the agency. DHS has provided a representative, but likely not exclusive list of the social media services that will be monitored.The original Privacy Impact Assessment ("PIA") for the Initiative was released on June 22, 2010 and stated that the program would generally avoid collecting "Personally Identifiable Information" ("PII"). The updated PIA, released on January 6, 2011, however, stated that the Initiative would now be able to acquire and release PII that falls into certain categories. DHS plans to retain individuals' personal data for five years. The acquisition and disclosure of information by DHS raises questions about its compliance with the Privacy Act, as well as the privacy risks raised by the program's broad scope.
EPIC filed a FOIA request with DHS in June 2011 seeking: 1) any list of those federal, state, local, and foreign governmental entities which DHS plans to or may choose to disclose information that is procured through social media monitoring 2) any list of those private sector entities which DHS plans to or may choose to disclose information that is procured through social media monitoring and 3) any records setting out DHS's legal authority to disclose information that is procured through social media monitoring, including memos, communications, and reports.
DHS will be able to disclose individuals' personal social media information to at least twenty different public and private entities. This includes nine other federal departments and agencies including the Department of Treasury, the Nuclear Regulatory Commission, the Department of Health and Human Services, and the Federal Bureau of Investigation. The list also includes three entities that are a part of the Executive Office of the President, including the National Security Council. DHS may also disclose to military services such as the Coast Guard. The list includes two private entities, one of which is a DHS contractor involve in a new "Media Analysis Center." Of the five other entities, mostly state governmental, two are notable in that they are fusion centers. This raises further privacy risks, as fusion centers disseminate information to parties that are not on the list that DHS provided.
About the Freedom of Information Act
The Freedom of Information Act establishes a legal right for individuals to obtain records in the possession of government agencies. The FOIA is critical for the functioning of democratic government because it helps ensure that the public is fully informed about matters of public concern. The FOIA has helped uncover fraud, waste, and abuse in the federal government. It has become particularly important in recent years as the government has tried to keep more of its activities secret.
EPIC relies on support from individual donors to pursue our work.
Subscribe to the EPIC Alert
The EPIC Alert is a by-monthly newsletter highlighting emerging privacy issues.