Tweet With Caution

The government is watching.

Michele Grasso is a Sicilian drug dealer -- a fugitive who had evaded arrest since 2010. He had seemingly mastered the art of flying under police radar, until he made a simple mistake: He posted pictures of himself on his Facebook page, grinning in front of a wax model of U.S. President Barack Obama at London's famous Madame Tussauds museum. He also helpfully included the name and a photograph of the pizzeria where he was working, leading him to be snagged by British police this year. Grasso is now back in Italy, in prison.

Social media is profoundly affecting the work of security and law enforcement, even more than the invention of the telephone over a century ago. As more of us transfer details of our lives -- our whereabouts, interests, political views, friends, and so on -- online, it inevitably involves and interests the agencies tasked with keeping us safe. Facebook has been used to try to hire hit men, groom targets of pedophiles, violate protective orders, and steal identities. Al Qaeda's Somali affiliate, al-Shabab, runs a Twitter account while pirates operating in the Gulf of Aden use blogs, Twitter, and Facebook to plan and coordinate their attacks. In late 2010, British police reportedly received more than 7,000 calls from the public concerned with crimes linked to Facebook.

British law enforcement agencies are also developing more powerful methods to patrol this area of cyberspace. Some police forces are believed to be testing various types of automated social media collection and analysis tools to help criminal investigations and gauge the "temperature" -- the background levels of resentment and grievance -- of communities they work with. London's Metropolitan Police now has a social media hub to spot early signs of riots or demonstrations during this summer's Olympics. The United States is getting in on the game as well: This year, the FBI was seeking companies to help it build up social media monitoring apps for much the same purpose. Dozens of crimes -- most more complex than Grasso's indiscretions -- have already been solved by accessing social networks.

But law enforcement's involvement in the communications revolution carries risks as well as rewards. A number of ethical, legal, and operational challenges have yet to be resolved, and they threaten to derail the whole affair. In "#Intelligence," a recent paper for the British think tank Demos, we describe two conditions that must be met before law enforcement extends its work into the world of social media. Unfortunately, the laws and norms to satisfy these conditions remain embryonic even as monitoring technologies grow more pervasive.

Take condition one: There should be a broadly proportionate relationship between the degree of intrusion into someone's private life, and the necessity and authorization for that intrusion. But both Britain's Regulation of Investigatory Powers Act and the U.S. Patriot Act are more than a decade old -- signed into law before the existence of Facebook, YouTube, or Twitter. These pieces of legislation recognize citizens' fundamental but qualified right to privacy, and they define the occasions when and process by which this right can be transgressed.

The problem is that the meaning of "private," in the world of social media, is less obvious than a decade ago -- more a series of shifting shades of gray. This leads to obvious operational problems. Is entering a Facebook group covertly the same sort of intrusion as infiltrating an offline group? Is collecting tweets similar to listening and recording a person shouting in public? What are the mechanisms by which these steps can be accomplished, and when do they represent a violation of citizens' privacy? In truth, no one really knows.

A recent U.S. Supreme Court decision (United States v. Jones) carries significant ramifications on these questions. The court decided that the use of GPS tracking devices without a warrant breached the Fourth Amendment, which bars unreasonable searches and seizures. A car on a public highway is not necessarily private -- anyone can see it and potentially follow it -- but the court determined that Jones would reasonably have expected his movements to be private and not subject to government monitoring. This "expectation of privacy" test was a complex enough question in Jones's case, and it is only more contentious when it comes to social media, where public expectations of privacy are varied, confused, and constantly in flux.

The Jones decision is also important because of the potential of mass surveillance that technology now allows. As Justice Sonia Sotomayor noted in her concurring opinion on the Jones ruling, "[B]ecause GPS monitoring is cheap in comparison to conventional surveillance techniques and, by design, proceeds surreptitiously, it evades the ordinary checks that constrain abusive law enforcement practices: 'limited police resources and community hostility.'" But GPS monitoring is nothing compared with what law enforcement can learn from social media -- in fact, it is labor intensive next to what an individual police officer can learn about someone by spending a few minutes online. In Britain, a fairly senior police officer is required to authorize directed surveillance. None is required for Googling suspects.

Then there's condition two: Intelligence collected must make a decisive difference to public safety. This condition is also under strain. The standards of evidence required when making decisions relating to people's liberty are, rightly, very high. Turning social media data into something a police or intelligence agency would feel comfortable acting upon is not easy. Data collected from profile pages, chat rooms, or blogs -- especially when using automated programs -- is prone to numerous and serious weaknesses. Social media data collection is barely past its infancy and lacks the rigor of other statistical disciplines.

If you were reading Twitter during last August's riots in England, for instance, you might be forgiven for thinking a tiger was on the loose, that the London Eye (a famous landmark) was set on fire, and that the British Army had been deployed on the streets. Each of these (untrue) rumors spread like wildfire, and without a rigorous way to establish authenticity, it was hard to tell the factual from the fantastical.

More sinister traps await too. Rumors, lies, distortions, and intentional misinformation are ubiquitous on social media, and sifting the wheat from the chaff is extremely difficult. A leaked cache of emails allegedly belonging to Syrian President Bashar al-Assad indicated that an Assad supporter posted pro-regime commentary under an assumed Facebook identity that was mistaken as genuine and given international coverage by CNN. True, misinformation has always been a problem -- think German Funkspiel in World War II -- but the spread of technical know-how and free software makes it far more likely, and again, very difficult to spot.

The United States and Britain must start addressing these issues now, before their capabilities to monitor social media get too far out ahead of the norms that limit their use. A useful starting point is to draw a distinction between open-source and closed-source intelligence. Open-source, non-intrusive work is accessing information that is in the public domain, but is not used to identify individuals guilty of a crime or as a means of criminal investigation, and should not puncture the privacy wishes of any user. This would include activity such as openly crowdsourcing information through Twitter or Facebook to gain situational awareness in the event of public disorder or gauging general levels of community tension by analyzing online conversations. This ought to be conducted on a basis similar to actions of nonstate actors, such as universities and commercial companies.

Closed-source work is quite different: It uses data in ways that are not covered by the reasonable expectation or implied consent of the user. In other words, when someone is investigated in the course of a criminal investigation and her privacy settings are broken -- reading the person's private Facebook messages, say -- she has lost "data control." This breach of her privacy is termed intrusive surveillance.

The use of such techniques must be publicly argued and understood, taking into account other public goods, especially privacy, and informed by the principles of reasonable cause, necessity, authorization, and oversight. It is likely that this debate will initially be driven by a series of case-law examples, but ultimately the political authorities will have to respond by creating a legislative framework, just as they did with wiretap devices.

This will also require new categories of authorization because on social media it is very easy to identify individuals unintentionally. For example, creating profiles of individuals based on publicly available information about them on social media, even if easy, should probably not proceed unless at least some reasonable cause is demonstrated. True, it would probably require an exceptionally low-level authorization, resulting in a bit of extra paperwork, but that would be a price worth paying for public confidence.

At the same time, social media intelligence needs to become a new class of intelligence, something we call "SOCMINT." Just like human and signals intelligence, it needs its own experts, formula, and evolving techniques. This means new partnerships among academia, government, and technical experts; new training for analysts and law enforcement agencies on the norms of online behavior; and the development of techniques to sift through large data sets and spot misinformation.

The result will not be perfect. As technology continues to evolve, so will the ethical and operational challenges. It has ever been thus, but the speed of change is quickening. This all matters because, in the future, intelligence and law enforcement agencies will have to use social media to discharge their duty of public safety. But unless citizens stand up now and establish checks and balances to ensure what those agencies do is proportionate, necessary, effective, and limited with due oversight, it won't wash. The way ahead is to remain firm to our fundamental principles: Governments will sometimes need to invade citizens' space to ensure their safety, but when, why, and how that is done ultimately rests on our consent. Social media may be new, but the old rules are built to last.

Justin Sullivan/Getty Images


Sudan Needs a Revolution

The protest movement against Omar al-Bashir is growing -- fast -- and it needs the world’s support.

The past decade has been a roller-coaster ride for Sudanese citizens. From the humanitarian catastrophe in Darfur to the ethnic cleansing campaign targeting the Nuba people to the violent border clashes that accompanied the separation with South Sudan, this nation has witnessed hell. At least 200,000 people have lost their lives and 2 million more have been displaced in Darfur alone, according to conservative U.N. estimates. Hundreds more have died during the recent border clashes between the two Sudans, and thousands have been driven from their homes.

But now there is a glimmer of hope. Daily growing protests against President Omar al-Bashir's regime are spreading demographically and geographically, along with calls for strikes and civil disobedience. The spark was the government's June 18 announcement of a new round of austerity measures, including massively unpopular cuts to fuel subsidies. The most dramatic protests have so far occurred in Khartoum's al-Daim neighborhood, where police used extreme force and obscene amounts of tear gas in an attempt to suppress the demonstrators. In an example of the defiant mood taking over the streets, the protesters responded by burning a police truck.

As the fear barrier crumbles, Sudanese have a chance to topple Bashir and his National Congress Party (NCP) cronies -- and to build a better future for their country.

It is important to understand why Sudanese would risk their lives to oppose Bashir. The narratives peddled by some commentators about the country's recent conflicts -- that they are between "Arabs versus Africans," or "Muslims versus Christians" -- are not only unhelpful, they are wrong. These characterizations have neither benefited the international community nor the diverse citizens of Sudan -- including the Arabs and Afro-Arabs of the North who felt alienated by it, and who have also been violently oppressed for decades.

John Garang, the late southern Sudanese leader, made a crucial contribution to framing the situation as it actually is: A struggle between Sudan's diverse population and Omar al-Bashir's heinous dictatorship, which uses religion and tribalism to divide and control. "The Northerners are suffering too," Garang said in one speech. "This is the problem of governance in Khartoum."

The truth is that regardless of their background, Sudanese are suffering under Bashir's rule. Just take the case of Safia Ishaq, a member of the nonviolent youth resistance movement Girifna: In 2011, after the small Jan. 30 student-led protests inspired by Egypt and Tunisia, she was arrested for her activism and brutally gang-raped by three officers from Bashir's National Intelligence and Security Service (NISS), the well-financed and notoriously abusive enforcers responsible for suppressing dissent and protecting the ruling party.

It is no secret that Bashir's Islamist regime, which seized power in a military coup on June 30, 1989, and hosted Osama bin Laden in the early 1990s before kicking him out only under withering international pressure, has a long list of bloody failings. But it just may be the worsening economic situation, which seems to have been the last straw for a growing number of nonideological citizens of Khartoum, that could end his grip on power. The recent austerity cuts have been particularly painful in a country already suffering from inflation that hovers over 30 percent, and which lost more than 70 percent of its oil revenues upon South Sudan's independence.

The recent demonstrations in Sudan's capital are different than previous student-led protests. They have been strategically dispersed -- relatively small crowds have spread out in numerous locations throughout Khartoum, stretching and exhausting the security forces' resources. Demonstrations calling for the fall of the regime erupted in university campuses as well as in Wad Nubawi, al-Sajjana, Bahri, Jabra, al-Kalaakla, and Um Badda, among other neighborhoods and areas in the capital.

Unlike in the past, the protests were not just led by students but also by older folks, and Sudanese women and mothers. There were also coordinated protests in other towns and regions throughout Sudan such as Kosti, Sinnar, and the northern parts of the country.

As with neighboring countries, social media and on-the-ground citizen journalism has been absolutely critical in getting important footage, pictures, and stories out to the world. Under the Twitter hashtag #SudanRevolts, Sudanese anti-government, pro-democracy netizens have curated the news coming out of the tightly controlled country while fending off the regime's "electronic jihad" trolls. This is all the more important because the few available independent media outlets in Sudan are small and heavily suppressed.

Just as deposed Egyptian President Hosni Mubarak's regime did in its final days, the Bashir regime is wising up to the subversive power of cyberspace. Sudanese activists and foreign journalists in the country have reported widespread rumors that the Internet in Khartoum could be shut down, or at least significantly slowed down in speed. So far, however, updates continue to flow out of the country.

So far the response by the government, its armed thugs, and the NISS has been predictably brutal. In addition to tear gas and rubber bullets, student activists have reported being attacked by pro-government "militias" intent on breaking up the protests. It will likely get more violent. Yet despite the mass arrests of protesters, including prominent activist Usamah Mohammed Ali, the demonstrations are continuing and intensifying.

The world has long struggled for a solution to the seemingly endless humanitarian disaster in Sudan. The protesters' victory would represent a way forward. With Bashir and the NCP battered and gone, the door to change will open up in Khartoum -- and a new, more responsible government could lead to better policies toward South Sudan and Darfur. Better leadership could bring the kind of peace that will finally ensure economic development in both Sudans -- fueled by their bountiful oil reserves -- and also open its doors to foreign governments and international oil companies seeking to invest and grow.

It must be understood that the government in Khartoum is not a monolith, but rather a conglomerate of various interest groups: the military, state security, the ruling party, elite businessmen, tribal alliances, the Sudanese Muslim Brotherhood, and lately, Salafi groups.

Some groups in this system, especially the business community, are increasingly frustrated by the NCP's incompetence and staggering corruption, and understand the urgent need for better management. And some calls for change have in fact come openly from within the NCP itself, hinting at tensions within the party.

With the defiance of the street growing, and some indications of the established political opposition parties mobilizing, the tide is shifting against Bashir. What the new Sudan would look like, of course, still remains hazy. But given their history with the Islamists, which in some ways resembles the dismal experience of Iranians, most Sudanese citizens aren't yearning for more Islamism, but are instead focusing on and demanding better economic conditions, transparency, and accountability.

Although this battle will ultimately be fought and won by Sudanese, the international community also has an important role to play. U.S.-based Sudan advocacy groups can help push for better media coverage of the situation so that protesters on the ground know the world is watching. Pressure could hopefully compel the Qatar-owned Al Jazeera Arabic, which is widely watched in Sudan, to report the demonstrations more adequately, which could shift the psychological dynamic strongly within Khartoum.

As for the U.S government, U.N. envoy Susan Rice can play a constructive role by rallying the world body to focus more attention on the unfolding crisis. And when or if a new Sudanese leadership emerges, both Washington and Khartoum would be better off if Washington used not just sticks, but also carrots -- namely, the lifting of economic sanctions, and the normalization of relations -- if a new government affirms its basic local and international obligations.

Beijing, a close ally of Khartoum, should appreciate that its long-term interests lie with the Sudanese people and not Bashir's government, which has helped squander China's billions of dollars of investments in Sudanese oil -- oil that is no longer flowing thanks to the deadlock between Khartoum and Juba.

But at the end of the day, the Sudanese people cannot rely on governments. As those inside the country take to the streets in ever greater numbers, those of us on the outside are doing what we can to bear witness and expose injustice. Let us show solidarity with the protesters in their fight against Bashir, a man wanted by the International Criminal Court for crimes against his own people.

The Sudanese street has shown its resolve loud and clear. Time is now of the essence, in light of the protests' building momentum and worsening crackdown. There isn't a moment to lose: The international community must do its part to help Sudan achieve a better future.