Then there's condition two: Intelligence collected must make a decisive difference to public safety. This condition is also under strain. The standards of evidence required when making decisions relating to people's liberty are, rightly, very high. Turning social media data into something a police or intelligence agency would feel comfortable acting upon is not easy. Data collected from profile pages, chat rooms, or blogs -- especially when using automated programs -- is prone to numerous and serious weaknesses. Social media data collection is barely past its infancy and lacks the rigor of other statistical disciplines.
If you were reading Twitter during last August's riots in England, for instance, you might be forgiven for thinking a tiger was on the loose, that the London Eye (a famous landmark) was set on fire, and that the British Army had been deployed on the streets. Each of these (untrue) rumors spread like wildfire, and without a rigorous way to establish authenticity, it was hard to tell the factual from the fantastical.
More sinister traps await too. Rumors, lies, distortions, and intentional misinformation are ubiquitous on social media, and sifting the wheat from the chaff is extremely difficult. A leaked cache of emails allegedly belonging to Syrian President Bashar al-Assad indicated that an Assad supporter posted pro-regime commentary under an assumed Facebook identity that was mistaken as genuine and given international coverage by CNN. True, misinformation has always been a problem -- think German Funkspiel in World War II -- but the spread of technical know-how and free software makes it far more likely, and again, very difficult to spot.
The United States and Britain must start addressing these issues now, before their capabilities to monitor social media get too far out ahead of the norms that limit their use. A useful starting point is to draw a distinction between open-source and closed-source intelligence. Open-source, non-intrusive work is accessing information that is in the public domain, but is not used to identify individuals guilty of a crime or as a means of criminal investigation, and should not puncture the privacy wishes of any user. This would include activity such as openly crowdsourcing information through Twitter or Facebook to gain situational awareness in the event of public disorder or gauging general levels of community tension by analyzing online conversations. This ought to be conducted on a basis similar to actions of nonstate actors, such as universities and commercial companies.
Closed-source work is quite different: It uses data in ways that are not covered by the reasonable expectation or implied consent of the user. In other words, when someone is investigated in the course of a criminal investigation and her privacy settings are broken -- reading the person's private Facebook messages, say -- she has lost "data control." This breach of her privacy is termed intrusive surveillance.
The use of such techniques must be publicly argued and understood, taking into account other public goods, especially privacy, and informed by the principles of reasonable cause, necessity, authorization, and oversight. It is likely that this debate will initially be driven by a series of case-law examples, but ultimately the political authorities will have to respond by creating a legislative framework, just as they did with wiretap devices.
This will also require new categories of authorization because on social media it is very easy to identify individuals unintentionally. For example, creating profiles of individuals based on publicly available information about them on social media, even if easy, should probably not proceed unless at least some reasonable cause is demonstrated. True, it would probably require an exceptionally low-level authorization, resulting in a bit of extra paperwork, but that would be a price worth paying for public confidence.
At the same time, social media intelligence needs to become a new class of intelligence, something we call "SOCMINT." Just like human and signals intelligence, it needs its own experts, formula, and evolving techniques. This means new partnerships among academia, government, and technical experts; new training for analysts and law enforcement agencies on the norms of online behavior; and the development of techniques to sift through large data sets and spot misinformation.
The result will not be perfect. As technology continues to evolve, so will the ethical and operational challenges. It has ever been thus, but the speed of change is quickening. This all matters because, in the future, intelligence and law enforcement agencies will have to use social media to discharge their duty of public safety. But unless citizens stand up now and establish checks and balances to ensure what those agencies do is proportionate, necessary, effective, and limited with due oversight, it won't wash. The way ahead is to remain firm to our fundamental principles: Governments will sometimes need to invade citizens' space to ensure their safety, but when, why, and how that is done ultimately rests on our consent. Social media may be new, but the old rules are built to last.
SUBJECTS:
