by Kimberly McCullough, Legislative Director
As we’ve previously written about, analysts at the Oregon Department of Justice (DOJ) used a tool called Digital Stakeout to surveil people who used over 30 hashtags on social media, including #BlackLivesMatter and #fuckthepolice. Erious Johnson, director of the Oregon DOJ’s own Department of Civil Rights, was scooped up in this illegal dragnet and targeted for a threat assessment which included a review of hundreds of his personal tweets; a memo to Attorney General Ellen Rosenblum flagging him as a potential threat to law enforcement; and an internal investigation into the matter which found that the search was “not in compliance” with state law and revealed a culture of self-reinforcing bias in the Criminal Justice Division of the Oregon DOJ.
Today, I want to take a closer look at Digital Stakeout, the tool the DOJ used to conduct these searches. Digital Stakeout is social media monitoring software (SMMS) that can be used to covertly monitor, collect, and analyze our social media data from Twitter, Facebook, Instagram, etc. It is part of a rapidly expanding industry that the public knows little about. The goal here is to answer a few basic questions about SMMS: What can the technology do? How widespread is the use of SMMS by law enforcement in Oregon? What privacy concerns does it raise? And how we can protect free speech and privacy moving forward?
What is SMMS?
SMMS is a booming industry. Products like XI Social Discovery, Geofeedia, Dataminr, Dunami, and SocioSpyder (to name just a few) are being purchased in droves by Fortune 500 companies, politicians, law enforcement, federal agencies, defense contractors, and the military. Even the CIA has a venture fund, In-Q-Tel, that invests in SMMS technology.
This isn’t just about searching for key words. Instead, SMMS performs highly-sophisticated fishing expeditions across the Internet, using complex algorithms to analyze and organize data into much more than a set of search results.
Social media monitoring software can be used to geographically track us as we communicate. It can chart out our relationships, networks, and associations. It can monitor protests, identify the leaders of political and social movements, and measure our influence. It is also promoted as a predictor of future events, including threat assessment, and as an instrument for manipulating public opinion. In summary, SMMS is a high-tech tool for surveilling and engineering our future world.
By its very nature, SMMS improperly blankets a whole range of innocent people in suspicion. Instead of specific criminal activity prompting an investigation, investigators use SMMS to cast nets so wide they encompass the entire internet.
What are the risks?
This type of government surveillance raises many privacy concerns. Rather than accepting its use by law enforcement as our inevitable future, we should consider the serious implications for our society.
It should give us great pause to hear that SMMS is being used to politically profile, track activists, and target ordinary people who express political opinions online. People like Erious Johnson, and who knows how many more.
A recent study revealed what really happens when we know we are being constantly watched –voices are silenced. Professor Elizabeth Stoycheff of Wayne State University has shown that people who support surveillance and say they have nothing to hide are actually the most likely to avoid sharing unpopular opinions when they know government is watching. We lose the ability to discuss ideas openly when we fear we will be punished for them.
Even innocent people who know they are being watched are intimidated into self-censorship. Yet robust public conversations and debates about controversial and difficult topics make us stronger as a nation. That is exactly why our founders enshrined strong protections for a broad marketplace of ideas in the First Amendment.
TARGETING INNOCENT SPEECH
When everything and everyone is potentially suspect, innocent people become targets. Despite claims to the contrary by the companies that market this technology, we can’t accurately predict the future by measuring sentiment and profiling people on the internet. Internet speech is often hyperbolic and inflammatory, but that doesn’t necessarily mean a person or group is dangerous. Internet speech can also be easily misunderstood, particularly when it is interpreted by a system that relies on the biases of its users and programmers.
MAKING DEVASTING MISTAKES
False alarms and mistakes (i.e.; mistaking the Public Enemy logo as a threat to law enforcement) can be devastating—even when we are innocent. Unjustly becoming a target can be frightening, feel like an intrusive violation, result in embarrassing and uncomfortable public exposure, and threaten our civil liberties.
MISUSE AND ABUSE
SMMS can easily be aimed at anyone who threatens existing power, whistleblowers, people who have reported misconduct, or someone an agent personally dislikes. In a country with a long history of targeting dissent, often in communities of color, we should be wary anytime a tool of this nature is wielded.
Which Oregon law enforcement agencies are using SMMS?
Like many of the ever-evolving and new forms of technological surveillance, it is hard to know just how many law enforcement agencies in Oregon are using SMMS. In fact, when a reporter asked Attorney General Ellen Rosenblum whether the public would have ever learned about the DOJ’s tracking of the hashtag Black Lives Matter and many more with DigitalStakeout had it not ensnared their own director of civil rights, she said she didn’t know.
If national trends are any indication, it is likely there are other agencies in Oregon using this type of powerful surveillance tool. Since we don’t know exactly who is using it, we also don’t know how SMMS is being used, what policies and training (if any) are being implemented or followed, and who all is being watched.
What can we do to protect to our privacy?
As technology gets more and more sophisticated, it is a critical time to protect privacy. It is not about putting blinders on law enforcement or binding their hands, but rather about setting appropriate limits that protect our rights and liberties. Oregon law enforcement and policy makers should consider the following guidelines:
The public needs to know about digital surveillance tools like SMMS and the extent of their use by the government. Ultimately, this comes down to transparency and accountability. Without knowing what our government is doing, we cannot ensure that our rights will be protected or that wrongdoing will be corrected.
The public should have an opportunity to provide input on if, when and how surveillance tools like SMMS are used. We should understand the risks and benefits and be involved in the conversations and decision making before government starts using new technologies to watch us. If the risks are too great, particularly if innocent people are bound to get caught up in intrusive government surveillance, we should be allowed to say no, or at the very least, to set strict limits.
Government should take a hard look at itself and its use of surveillance technology and regularly report on its use. More specifically, government should be required publicly assess privacy risks, adopt strict privacy policies and training, and be proactive to mitigate potential risks before new technology is used. Government should also be required to routinely audit surveillance systems and regularly report to the community about whether technology is achieving its public safety purpose and whether civil liberties protections are being followed.
- There must be clear consequences for violations of rules and policies for surveillance. This should include exclusion of evidence in criminal prosecutions, potential termination of anyone engaged in misconduct, fines against the offending agency, and civil rights actions.
We can be safe and free, and we must insist on it now.
This post is part of a series exploring what we have learned about the DOJ surveillance of Black Lives Matter in Oregon. Click here to see all of our posts on this topic.