The Department of Homeland Security routinely uses fake social media accounts to collect information about people, according to over 3,000 pages of documents obtained through a Freedom of Information Act lawsuit filed by the Brennan Center. The internal records include guidance for agency personnel and emails — but there is little or no evidence of adequate rules to protect Americans’ privacy rights.
For years, we have raised concerns about DHS’s collection and use of social media data, which is used for purposes ranging from visa application screening to monitoring First Amendment–protected activity to automated (and unproven) programs that purport to predict whether travelers pose a risk of engaging in criminal or terrorist activity. Information about the scope of social media data collection and monitoring is sorely lacking, making it impossible for the public to adequately evaluate the risks or sufficiency of any privacy safeguards that might be in place.
The Brennan Center sued the department in 2020 to force the release of relevant records covering DHS headquarters, U.S. Immigration and Customs Enforcement (ICE), and U.S. Customs and Border Protection (CBP). The documents we ultimately obtained paint a picture of a department focused heavily on enabling its agents to hide their identities while using platforms such as Facebook, Instagram, TikTok, and Twitter, despite the intrusiveness of the practice. The tactic also violates Facebook’s user policy, which requires people to use their real names, as the platform has told law enforcement agencies on multiple occasions.
We obtained 35 Social Media Operational Use Templates, which are forms that DHS agencies submit to the department’s privacy office to obtain approval for proposed uses of social media. Of these, at least 14 allow officers to use accounts that do not “indicate an official DHS affiliation” or are not registered using a DHS email. Twelve of these explicitly permit the use of fake accounts, primarily by ICE and the U.S. Citizenship and Immigration Service’s Fraud Detection and National Security Directorate. (This number may be higher, since CBP redacted this information in seven of its nine templates.)
One template permits CBP personnel to undertake “masked monitoring,” which involves using a fake account to access information on social media for general research or “operational awareness.” According to a separate directive, there need only be a “nexus” to the employee’s assigned duties, a weak standard. Other details from this directive are redacted, and CBP’s Rules of Behavior, which officers must acknowledge before using social media, also do little to constrain officers’ online activities. It is unclear whether CBP has additional, more robust policies.
ICE also permits the use of fake accounts in four of the five templates it handed over, covering immigration and criminal law enforcement activities, internal investigations of employees, and undercover activities. As with CBP, it is unclear whether internal ICE guidance adequately constrains when and how its officers use these accounts.
We also obtained internal emails regarding the proposed purchase of a browser anonymization tool called Silo. An ICE division called Enforcement and Removal Operations (ERO), which primarily focuses on deporting undocumented immigrants, wanted to get Silo licenses to anonymize the browsers through which its field operations officers conduct research using “program” (i.e., fake) accounts before and after they interview detainees.
Though Enforcement and Removal Operations represented that its field officers’ use of fake accounts for research would be limited to gathering information for these interviews, the documents show that an ICE privacy officer was evidently concerned that the practice would violate platforms’ terms of service and that field officers could misuse the accounts to communicate with people online or engage in other undercover activities, which ERO does not have the legal authority to do. While ERO appears to have been in the process of drafting an internal white paper that explained how it would use these fake accounts, the department did not release the white paper, and the records do not reveal if there is a final version or whether it ultimately purchased licenses to use Silo.
In addition, we received a template authorizing undercover social media use by ICE’s powerful law enforcement arm, Homeland Security Investigations, which asserts that “undercover operations often require[]” criminal investigators to “appear to be engaged in a criminal enterprise and to befriend or become business associates” with the targets of their investigation. These capabilities are not just hypothetical. From 2017 to 2019, the agency’s undercover agents built an online presence for a fictitious university — complete with fake social media profiles for the school and its “staff” — as part of a sting operation that ultimately induced would-be students into committing visa fraud.
Homeland Security Investigations’ undercover activities are governed by its Undercover Operations Handbook — but because the handbook is secret, we do not know whether it accounts for the greater risks posed by government agents engaging in undercover activity online, where they can take on nearly endless identities and communicate with multiple people at once with little effort. These capabilities evade the natural constraints imposed on “real world” undercover efforts, where the number of personas and contacts are necessarily limited.
We did obtain a 2012 memo from the ICE director that appears to be the agency’s main policy on the use of online information for law enforcement purposes. The memo permits broad uses for online material, including invasive undercover techniques like appropriating individuals’ online identity without their consent, but it does not acknowledge the unique risks of online undercover activity or articulate online-specific policies, instead simply gesturing to policies governing offline activities.
As these documents make clear, more information is needed about DHS’s social media surveillance. We will continue to advocate for reforms to government use of social media at all levels, including clear and enforceable controls and transparency requirements. A lawsuit should not be required for Americans to understand how their government views, collects, uses, and shares what they express on social media.
