DHS Oversight Says Social Media Scanning Program Is Badly Implemented And Agency Doesn't Even Know If It Works

from the 'do-something:'-the-algorithm dept

The DHS and CBP have both taken a healthy interest in travelers' social media posts. The DHS head even suggested withholding this information would no longer be an option -- that demands for account passwords were on the way. (Considering the government can search every person and their electronic devices at the border, demands for social media info would seem to be mostly redundant...) The underlying premise is this would give the US a jump on incoming terrorists by checking travelers' posts against a list of troublesome terms.

This isn't a welcome development, but the federal government continues to be its own worst enemy. You can't fear what can't be deployed competently. The DHS isn't going to stop trying to hoover up social media posts as part of the vetting process, but as a just-released Inspector General's report [PDF] points out, it may be several years before this vetting program operates in any sort of useful fashion. (via The Register)

[T]hese pilots, on which DHS plans to base future department-wide use of social media screening, lack criteria for measuring performance to ensure they meet their objectives. Although the pilots include some objectives, such as determining the effectiveness of an automated search tool and assessing data collection and dissemination procedures, it is not clear DHS is measuring and evaluating the pilots’ results to determine how well they are performing against set criteria.

It appears the DHS has only a vague grasp on what it's looking for in a social media harvesting program. Combining this with a lack of useful metrics means the agency has been throwing algos at the wall and hoping one sticks. Of course, deciding which one has "stuck" also appears to be out of the agency's technical reach.

USCIS started a pilot in December 2015 to screen the social media accounts of [REDACTED] and [REDACTED] applicants for [REDACTED] status. The pilot’s objective was to examine the feasibility of using social media screening with an automated search tool called [REDACTED] and determine whether useful information for adjudicating refugee applications could be obtained. Although the pilot had an objective, it did not define what would constitute a successful outcome…

As the OIG points out, the absence of any metric meant there was no way to know if the program was successful or not. All the DHS determined is that a redacted number of those screened had "confirmed social media accounts," something the agency could likely have achieved without deploying the unnamed "automated search tool." [Google?]

The next pilot program went live in April 2016. It, too, had the same lack of quantifiable results or stated goals.

The applicants were asked to voluntarily give their social media user names. USCIS then screened the user names against [REDACTED] using the [REDACTED] tool; USCIS also manually screened the user names against [REDACTED]. USCIS assessed identified accounts to determine whether the refugees were linked to derogatory social media information that could impact their eligibility for immigration benefits or admissibility into the United States. Using the tool and manual screening, USCIS identified [REDACTED] individuals with confirmed social media accounts and [REDACTED] individuals with unconfirmed accounts. In reviewing the pilot, USCIS concluded that the tool was not a viable option for automated social media screening and that manual review was more effective at identifying accounts.

USCIS said this tool delivered results with "low match confidence," but did not bother measuring the program's success or lack thereof against anything that might have helped choose an algorithmic successor. Meanwhile, ICE was testing its own search tool. Like the rest of the agencies, it also failed to implement anything that might have quantified the tool's usefulness. While it did draft up some prerequisites and metrics, it failed to develop a plan for moving the program forward or even apply the metrics to the pilot program's results. ICE's tool, however, sounds more invasive than the others discussed in the report. Not only would this be used to screen applicants, but would provide post-screening "monitoring" of flagged accounts.

The OIG recommends these agencies do all the things they're not currently doing, instead of wasting time and money deploying software solutions without any apparent attempt to determine if they're capable of solving the government's social media "problem." This doesn't mean social media snooping is on hold. Lord no. It just means it's being done badly by multiple agencies, all of them more interested in the snooping than the snooping's usefulness.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: cbp, dhs, social media, social media scanning


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. icon
    Chris-Mouse (profile), 17 Mar 2017 @ 4:14am

    It's the government's way of keeping people out of the country.
    Giving someone your password is a violation of Facebook's TOS. The DOJ says violating the TOS is a felony under the CFAA. So if you give them your password, you've committed a felony, which is grounds for refusing you entry to the country.

    link to this | view in thread ]

  2. icon
    Ninja (profile), 17 Mar 2017 @ 4:21am

    These agencies are a cancer. A cancer is nothing but cells gone rogue due to mutations that slowly kill the host. Take your conclusions.

    Anyway, just make your name unsearchable on said social platforms (and don't use your full name for added security). When the agent asks for handlers say you don't like social platforms because they make connections superficial. At the very least we can defend against it.

    If you are a foreigner... Don't go to the US.

    link to this | view in thread ]

  3. icon
    Jeff Green (profile), 17 Mar 2017 @ 4:23am

    Healthy interest?
    I can't say I've often seen a better example of an unhealthy interest!

    link to this | view in thread ]

  4. identicon
    Anonymous Coward, 17 Mar 2017 @ 4:51am

    Why bother with the password, they could simply demand the platform provide them what they seek. With all their supposed scrapping capabilities one would think they already know who has made posts to social platforms where the contents of said post falls outside of what they consider to be acceptable chatter.

    What's next ... all must heil Trump or face the consequences. Sounds like Kim from Korea.

    link to this | view in thread ]

  5. identicon
    Yes, I know I'm commenting anonymously, 17 Mar 2017 @ 4:57am

    standard security model

    Don't know what to look for.
    Don't know how to look for it.
    Don't know how to figure out how to look for it.
    Don't do anything with what we grab.

    And somehow this makes anyone safer?

    link to this | view in thread ]

  6. identicon
    Anonymous Coward, 17 Mar 2017 @ 4:58am

    Re: standard security model

    That is what happens when you put idiots in charge.

    link to this | view in thread ]

  7. identicon
    Anonymous Coward, 17 Mar 2017 @ 5:29am

    Re:

    There are two reason why the TSA would not be able to get the data from governments sources.

    1) Departments protecting their turf and not sharing data, even if it means other departments have to duplicate their work.

    2) The government is not able to buy the hardware necessary to keep up with all the activity on the Internet, as it would require at least the same computing power and storage capacity as the systems they wish to duplicate.

    link to this | view in thread ]

  8. identicon
    Anonymous Coward, 17 Mar 2017 @ 5:45am

    Post-screening "monitoring" of flagged accounts

    What do you want to bet that 99.9% are "flagged"?

    link to this | view in thread ]

  9. identicon
    Anonymous Coward, 17 Mar 2017 @ 5:52am

    Re: standard security model

    And somehow this makes anyone safer?

    No, but that's not really the objective.

    link to this | view in thread ]

  10. identicon
    I.T. Guy, 17 Mar 2017 @ 7:55am

    Re:

    And if you are from here, don't leave. Or at least don't come back.

    link to this | view in thread ]

  11. icon
    TechDescartes (profile), 17 Mar 2017 @ 8:17am

    Redacted 2.0

    "an automated search tool called [REDACTED]"

    Isn't that the same tool used by the FOIA-request-processing group?

    link to this | view in thread ]

  12. identicon
    Personanongrata, 17 Mar 2017 @ 9:53am

    News Flash

    As the OIG points out, the absence of any metric meant there was no way to know if the program was successful or not.

    The worthless tax feeding wonders at DHS/CBP/USCIS/ICE are not concerned if the program was successful or not.

    They are only concerned with keeping the gravy train running and their rice bowls full not the squandering of billions upon billions of US dollars on boondoggles.

    The OIG recommends these agencies do all the things they're not currently doing, instead of wasting time and money deploying software solutions without any apparent attempt to determine if they're capable of solving the government's social media "problem." This doesn't mean social media snooping is on hold. Lord no. It just means it's being done badly by multiple agencies, all of them more interested in the snooping than the snooping's usefulness.

    As far as the tax feeders are concerned the system is working perfectly.

    Boondoggles away!

    link to this | view in thread ]

  13. identicon
    Anonymous Coward, 17 Mar 2017 @ 10:37am

    Re: Redacted 2.0

    Isn't that the same tool used by the FOIA-request-processing group?

    Maybe, but we won't know unless we win a FOIA lawsuit to have the redaction removed. However, there's a decent chance that the name of the tool needs to be withheld in the name of national security.

    link to this | view in thread ]

  14. icon
    ECA (profile), 17 Mar 2017 @ 1:17pm

    A department

    https://www.dhs.gov/operational-and-support-components

    A department that is responsible to NO ONE..
    FOR some reason this agency is above MOST others..
    As well as it has the MOST employees..
    1/4 million Employee..

    ANd for some reason, I dont know if this is a REAL gov. agency..or PRIVATE..

    link to this | view in thread ]

  15. icon
    Not an Electronic Rodent (profile), 17 Mar 2017 @ 3:59pm

    Ummmm?

    The DHS head even suggested withholding this information would no longer be an option -- that demands for account passwords were on the way.

    Isn't sharing your password with anyone technically a violation of the terms of service of most social media sites? Meaning that anyone crossing the US border and complying with this is liable to have their account disabled? Wow, what a plan! "Give me your tired, your poor, Your huddled masses yearning to breathe free... and tell them to f*ck right off!"

    link to this | view in thread ]

  16. identicon
    Anonymous Coward, 18 Mar 2017 @ 1:44pm

    Re: Ummmm?

    Meaning that anyone crossing the US border and complying with this is liable to have their account disabled?

    Not just that, but courts have said that violating the terms of service is a felony under the Computer Fraud and Abuse Act. So, right after you provide them the password they can turn around arrest you for doing so. Ain't it beautiful?

    link to this | view in thread ]

  17. identicon
    Anonymous Coward, 20 Mar 2017 @ 2:53pm

    Re: Re: Ummmm?

    I think they like to call that a "sting" operation.

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.