Social Media Monitoring: A Rubric for Control

Tuesday, February 21, 2012

Infosec Island Admin


Monitoring Social Media: Open Communications vs. Secret Operations and Big Brother

It seems that things are coming to a head in the strange world of government surveillance for “our” protection.

Of course I see the expeditious rise in this kind of activity due to the likes of Anonymous and Lulzsec/Antisec coming to the scene and forcing the hands of those in charge.

This is not to say that the legislation and skulduggery would not have happened without the Anon’s but it may have been more of a frog in a pot of water scenario as opposed to getting zapped in a flash.

So, in a way, you can thank Anonymous for speeding up the process as well as perhaps creating the environment for really poor ideas to be floated in a hurry to “protect” us all from the bad people.

Dealers choice there I suppose…

All this aside though, we now are faced with DHS wanting to be in charge (or at least pay General Dynamics to do the work) of monitoring “Social Media” on the internet. First off, let me assure you all that DHS monitoring Social Media is akin to a severely autistic individual being assigned as a babysitter for an infant. This is one of the worst ideas I could ever conceive of as these types of things go.

Even with GD doing all of the grunt work, the actual evaluation of any product would be carried out by analysts from DHS, and boy, they are so ill-equipped to handle this. Remember, these are the same bunch of folks that brought you that classic fiasco of “Russia is hacking our water system in Illinois!”

Suffice to say, that I do not think this will go well and that the idea in and of itself, to monitor Facebook and Twitter will only lead to more of the same old false reports of doom and attacks that the Bush administration brought out every few weeks with the terror color coded chart.

In short, FEAR FEAR FEAR! All the while, they will only target people who happen to say things in a tweet that will be overblown and have them tossed out of the country (i.e. blowing up America by the Brit recently). FUD.

Just Who Will Be Monitored Really?

Aside from the lowest of low level jiahdi’s or Anonymous, just who will be really monitored by this program do you suppose? Why, you and I of course! I mean, it’s really just open source isn’t it? The real targets are the stupid and the public here really and one must face this fact and accept it.

This is no program that will actually end up with real terrorists being caught and cells disrupted you know. See it for what it is, a means to an end to have a simulacrum of control over the internet and the people using it.

But Krypt3ia... They are doing this to catch the bad men,” you say?

Sure, you can believe that if you want to, and there may be factions within the community that think this is the case, but overall you have to look at the pool being harvested from here. Since the advent of the Patriot Act, we have seen the FBI and others over-use and subvert the law to effect warrantless searches for domestic cases much more than terrorism, the thing that the Patriot was created for.

What this really is, is a drift net approach to law enforcement because technically, the government and the LEO’s are not capable of keeping up with the crime, never mind the terrorism really. So, they fall back to the idea of we can monitor everything and after the fact go back and look at data for “anyone” to make a case.

Easy as pie…

I am not inclined to believe that these measures are to be proactive either. Predictive maybe to an extent, but in prediction, we get another whiff of control do we not? After all, the predictive nature of this type of monitoring is what the CIA and other countries do to assess when there may be an outbreak of civil disobedience or perhaps insurrection might be a word for it?

Either way, this is a means of control as well as a means to detect and perhaps deter depending the use of the owner.

It’s a tool, and it is up to the user what they will do with it. In the case of other states such as Syria, well, you can see how the technology is being used. Here in the US, I am not saying that this will be 1984 all over again, but, do you really believe that you, the citizen, in the current environment will be able to know what is going on? Will you be able to FOIA the results of the testing and the monitoring to tell if its being misused?

If you think that this will be in fact the case, I think you will be sorely surprised when you find that it’s all been classified and out of reach when you have questions. Frankly, I just see this as the next iteration of “Total Information Awareness“... You know, John Poindexter’s baby? Yeah, fun fact, it never really went away, it just went into the black budgets and or changed names.

In the end, if you have a twitter account, Facebook, MySpace, blog, etc... you will be monitored... Especially if you speak your mind or use key words that trigger an analysts attention.

Kinda like the NARUS STA’s in the MAE’s out there siphoning data too.

Oh, Don’t You Worry, No Matter What They Say, YOU Will Be Monitored

In the interim though, Congress has had a meeting over the privacy concerns over this little project by DHS. The congress-critters got all up in DHS’s face about the issue and said they are not comfortable with the program/laws around this. Now, that the congress acted on this, one might think that it would stop the program... I am not so sure it will in fact do so.

I think that the case will be made and assurances given that only those who are evil doer’s will be audited and that no privacy will be breached by such measures... “We’re here to protect you”

It’s an old argument really, but in today’s digital world, the issue is that instead of say, a black chamber opening mail in a secret building by hand, you instead have machines collecting everyone’s data and sifting through it all for key words, phrases, meme’s and other data. This then spits out the alerts and an analyst then looks at it to see if it warrants being passed along to others in the food chain.

What also may occur here is that even if it’s not terrorism, they may in fact pass data on to others who may start investigations on those hits, even out of context, as you might be an agitator or show a tendency that they feel uncomfortable about.

Today, if you buy a coffee at a Starbucks with cash AND you use WIFI AND you use encryption, YOU might be marked as suspect due to the fliers recently put out by the DOJ and the FBI on how to tell if one is a terrorist. God forbid you have a missing finger(s) as well... Then SURELY you are a jihadi or a militant. *snicker*

Oh well, fear not gentle reader... Because all of what I have said above about this one program, means nothing really. Why? Because this one program is only “one” of many out there being used by the government(s) out there to trawl the internet for data. I have mentioned a few others above and you can go look up the terms and see for yourselves.

Post 9/11, we have truly become a watched commodity via the internet and all other means of communication we can buy. All of these programs have been put together with the veneer of being in place to protect us from another 9/11 and perhaps some of them were made with the best of intentions, but this idea of monitoring social media, well, it’s a little half baked really I think.

In the end, only the stupid will be caught. I mean really, look at what lengths OBL went to with cell phones and runners with messages, do you really think that much of the global jihad is being carried out over open communications lines like Twitter and Facebook?

Sure, maybe people congregate there and THAT is useful information, but, to monitor the traffic of everyone to get targeted data on “some” users is just useless if your goal is only to go after the terrorists.

Remember... Above all it’s just a drift net to make it easy…

Making Your Own Privacy Because You Soon Will Have NONE

I guess what this whole rant is boiling down to is this, and its something I have said before on many occasions: “You alone can make the privacy that you need to prevent such monitoring” Encryption is the key to all of this.

Whether that crypto be something along the lines of PGP or Vigenere is up to you but what counts is that you are taking the pains to protect the communication that will pass over the wire. You can’t trust the owner of the wire and you certainly cannot trust that the government or, hackers for that matter, aren’t watching or monitoring you either. So, it’s up to you to make the privacy happen.

With the onset of all of this, this week we also saw the first (I assume of many) solutions for encrypted tweets come along. I for one, would love to see this solution work and be used by many on Twitter to protect their privacy, but, then again, this is kind of an oxymoron huh?

As I said earlier in the post here, who would use open lines to commit crime? So, once again, we are back to the level of what privacy can one expect as well as if one wants to be private, use a means to protect that communication. *shakes head*

After that little turn, it really becomes clear that the monitoring of twitter and the like really comes down to a privacy violation by the government to feel as though they are in control. The smart people will not be talking on twitter about blowing things up and everyone else who may say such things are doing it in jest, but will end up being investigated for their poor choice of words (140 characters at a time).

It’s a sad world we live in. I hope that congress denies the DHS their wish, but, I am also certain that if they do, DHS will only hire out again to the likes of GD to do it anyway off the books so to speak…

In the interim, I will continue to encrypt love notes to DHS and others in hopes of making their day..




Cross-posted from Krypt3ia

Possibly Related Articles:
Privacy Government terrorism Social Media Monitoring Hacktivist National Security Law Enforcement FUD Intelligence Scot Terban Krypt3ia General Dynamics
Post Rating I Like this!
Mikel Gore Thinking of the Fourth Amendment.
"The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon "probable cause", supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."

(probable cause, at last check didn't include hearsay. Common sense would dictate that in order to search every Twitter account constantly, we must all be assumed to be in a constant state of criminal activity.)

There is no legal grounds to search our personal communications (papers) without a warrant. Monitoring a phone call is still a search. I suppose they will conclude that: If the blinds aren't drawn you are allowed to watch them take a shower? I believe that's how Ted Bundy got started. He was a law student wasn't he, and a serial killer.
Andrea Zapparoli Manzoni Scot, I totally agree with you, this Social Media monitoring program(s) are basically

1. FUD
2. snake oil
3. yet another way to pour big amounts of taxpayers' money in the usual pockets.

But. I can see a practical reason for governments to monitor Social Media , and that is to detect as early as possible hostile deception activities and subtler "psyops-like" operations.

Social Networks are by nature the social engineering / infowar paradise, and we know that several actors are already developing armies of personae, or social bots, in order to perform large scale perturbations of the social conversation (for political, economical and / or idealogical purposes).

To detect / prevent / react to this threats in a timely manner, social media monitoring is not only necessary, but the only tool available.

Problem is, I believe that if personae / social bots become widespread (= a certain % of SM accounts is in reality a bot), then social media platforms will implode, because their core business is to make a profit applying business intelligence and analysis on people's choices, relations, and tastes.

Too many bots would "poison" their results to a point where they would become useless.

At the same time, if people start using encryption to protect themselves from gov monitoring, SM owners would also greatly suffer, since the quantity and quality of information they could correlate would decrease dramatically.

It's a catch-22 situation and I have a strange feeling this is not going to end well in any case.
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.