DC Metropolitan Police Department Social Media Monitoring Documents

On December 15, 2020, the Brennan Center for Justice and Data for Black Lives (D4BL) submitted a public records request to the Washington, DC, Metropolitan Police Department (MPD) for information on how the department uses social media to collect information about individuals, groups, and First Amendment–protected activities. The Brennan Center and D4BL also submitted a request to the DC Office of Contracting and Procurement (OCP) on March 17, 2021, seeking information about vendors with which the district has contracted to collect information from social media.

As the Brennan Center has repeatedly warned, law enforcement agencies across the country gather information from social media platforms like Facebook, Twitter (now X), and Instagram in ways that disparately harm communities of color and often infringe upon constitutionally protected speech. In the district, previous reporting indicated that the MPD has conducted broad monitoring of First Amendment–protected activity, including Black Lives Matter demonstrations and protests against police brutality during the summer of 2020. But members of the public lack an adequate understanding of how law enforcement agencies use social media to monitor, track, and investigate them online. This public records request is a part of the Brennan Center’s series of public records requests to police departments nationwide to shed light on this surveillance.  

After the MPD produced only a handful of documents, we submitted an appeal to the DC Mayor’s Office of Legal Counsel on December 22, 2021, challenging the adequacy of the district’s response to our request. The Brennan Center and D4BL, represented pro bono by Ballard Spahr LLP, sued the District of Columbia on March 1, 2022, to obtain the documents to which we were legally entitled. On October 13, 2022, we submitted an additional public records request for documents related to the MPD’s use of undercover social media accounts.

• Read the MPD public records request here.
• Read the OCP public records request here.
• Read the undercover accounts records request here.
• Read the administrative appeal here.
• Read the Brennan Center’s and D4BL’s complaint here.
• Read the Brennan Center’s and D4BL’s motion for partial summary judgment here.
• Read the Brennan Center’s and D4BL’s motion for summary judgment here.

Overall, we obtained over 160,000 documents, totaling almost 750,000 pages. The documents that the MPD produced fall into five broad categories: monitoring of protests and assemblies, monitoring of communities of color, undercover social media activity, documents related to MPD criminal research specialists, and engagement with vendors of social media monitoring tools.

Email Communications

The Brennan Center and D4BL obtained emails between the MPD and government agencies at both the federal and local levels exchanging information about protests in the summer of 2020. We also obtained similar communications from 2015 wherein MPD officers shared posts from Facebook and Twitter about protests after Freddie Gray died in police custody in Baltimore. Throughout the communications from 2020, representatives from the MPD and other law enforcement agencies exchanged raw, seemingly unverified information (often sourced from social media) and speculated about Antifa (anti-fascist) involvement in the protests.

On August 31, 2020, for example, a Secret Service officer within the national Joint Terrorism Task Force asked another Secret Service officer in the Washington Field Office to corroborate the MPD’s claims that “a portion of protesters were ‘known Antifa members’ ” who were “throwing objects at police” and stretching “rope . . . across the street in an attempt to trip officers.” The Task Force officer noted that the Secret Service had not provided evidence of Antifa support in the crowd. When the Washington Field Office Secret Service officer asked the MPD to confirm these findings, a lieutenant within the MPD’s Homeland Security Bureau observed that “two known Antifa members” whose names are redacted “were within the group and participating in marches” without identifying additional evidence of any threat they posed.

A Capitol Police employee also singled out one Twitter user who “was posting photos and videos from the protests” as being “one of the main Antifa organizers in DC.” In another email to representatives from the MPD and federal agencies, from August 28, 2020, a Capitol Police employee flagged a post from a Twitter user — seemingly the same woman described as an Antifa organizer — announcing that she had given birth to her second child. The employee noted that “this certainly doesn’t mean she’s not out and about in the protests,” since she had “posted pictures of her older child sleeping in the backseat of a car” at another protest.

These communications continued well into the following year. On March 13, 2021, an MPD Homeland Security Bureau lieutenant sent representatives from the Secret Service and the Capitol Police an email flagging two vigils for Breonna Taylor (one of which was organized by a teen activist group), along with links to Instagram posts containing information about the vigils. Even though the lieutenant observed that the organizers of these events had previously held peaceful protests without incident, they noted that another organizer “not known to MPD” had called for “people to dress in ‘black bloc,’ indicating possible civil disobedience and/or criminal activity.” In response, an assistant commander within the U.S. Park Police’s Intelligence and Counterterrorism Branch speculated, with no apparent evidence, that the organizer was “some kind of online instigator from out of the area.”

Demonstration Reports

We obtained documents compiling information about upcoming assemblies and demonstrations from February 2020 to January 2023, much of it drawn from social media. For example, one April 2021 demonstration report lists details about police brutality protests, May Day demonstrations, and assemblies regarding conflicts abroad, many of which include information sourced from social media. For each protest, the reports include the time and location of the event, the purpose, the estimated number of participants, the source of the information, and, occasionally, information about the organizer of the event. Additionally, we obtained emails establishing that the MPD sends at least some of these demonstration reports to other local, state, and federal government agencies as well as some private companies. For instance, the MPD sent its June 17, 2020, demonstration report to entities including Immigration and Customs Enforcement, the Department of Defense, Montgomery County in Maryland, and Amazon.

We also obtained documents and emails from other federal and local law enforcement agencies that compile information about planned protests. Two reports from June 2020 sent to the MPD by the Department of Transportation and the Naval Criminal Investigation Service include a section listing tactics, techniques, and procedures that the national Joint Terrorism Task Force determined were used by racial justice protesters, including “prestaging of bricks, rocks, sledge hammers [sic], . . . and other weapons at protest locations.” Contemporaneous reporting indicated that there was no evidence that protesters were assembling stacks of bricks to use as weapons, but claims like these were nevertheless widely disseminated by law enforcement agencies nationwide.

The Brennan Center and D4BL obtained documents about the MPD’s Summer Crime Prevention Initiative (SCI), an effort that uses law enforcement personnel and technology to intensively patrol four to six areas that the department determines have a high density of violent crime. The SCI has been in operation since 2010 and as of 2019 expanded to a Fall Crime Prevention Initiative. Our findings are consistent with public reporting indicating that the SCI involves intensely patrolling Black and brown areas of the district to identify and monitor purported gang members.

We obtained a memorandum from April 20, 2011, that tasked the MPD’s Criminal Intelligence Branch (CIB) with creating teams to monitor social media for information on criminal activity. The memo states that “members shall continually monitor open pages that may have ties to known gang areas,” though there is no definition or explanation of what “may have ties” means. Team members are also directed to search through social media sites to uncover relevant information about violent incidents, including gang rivalries. Additionally, if team members suspect that a page on social media that “requires an invitation” contains “information concerning criminal activity and criminal associations,” they may seek approval from the CIB lieutenant to access those pages, likely using a covert social media account. Team members may also seek approval to interact with people online. It is unclear whether this memorandum remains operative.

We also obtained heavily redacted SCI Area Enforcement reports from May to July 2014 containing information about four designated areas or groups — Benning Corridor, Choppa City, Barry Farm, and Washington Highlands, which are in overwhelmingly Black wards of DC — sourced almost entirely from Twitter. Though each report states that it contains information found on social media “pertaining to ongoing criminal activities, beefs, and retaliations,” the little information that the MPD left unredacted demonstrates that these reports also include events and gatherings that appear far more innocuous, such as a birthday party, a graduation celebration, a cookout, a trip to Six Flags, a mixtape release party, and a concert.

The MPD did not produce reports for the Summer Crime Prevention Initiative held in other years and provided none for the Fall Crime Prevention Initiative, and it is unclear whether the MPD has continued assembling similar reports using information from social media.

According to the MPD’s November 2021 policy governing the use of social media for investigative and intelligence-gathering purposes, undercover social media accounts may be used only in certain (undefined) circumstances by members of five divisions: Criminal Investigations, Intelligence, Internal Affairs, Narcotics and Special Investigations (NSID), and Youth and Family Services. Members of these divisions must obtain written approval from the NSID commander prior to using or creating an undercover account, and commanding officers are directed to monitor their members’ use of undercover accounts, conducting a documented review every 30 days.

Through our request targeting the use of undercover social media accounts, the Brennan Center and D4BL obtained a heavily redacted social media username log listing eight undercover social media accounts that were approved by the NSID commander. Seven of these, including one that was “de-listed” in April 2022 and “used for monitoring only,” are undercover accounts on Instagram, and one account is for Facebook. Undercover accounts violate Facebook’s platform policy, as both Facebook and its parent company, Meta, have repeatedly told law enforcement agencies. It is also likely that the MPD uses assumed personas to conceal these accounts’ law enforcement affiliation, implicating Instagram’s policy against creating accounts for the purpose of misleading other users.  

We also obtained 11 monthly reports dated between February and December 2022 that contain information about activities conducted using the undercover social media accounts overseen by the Violent Crime and Suppression Unit, which appears to be the successor to the NSID. Only one undercover account was used during that entire period as part of an investigation, which occurred in January 2022, according to the reports. The reports also state that undercover accounts not being used as part of “specific investigations are maintained for overt monitoring,” which typically means using fake accounts to monitor information online without communicating with individuals. These activities are not documented in the reports, likely inhibiting robust oversight. Accounts can also be maintained for “potential future undercover needs.”

Last, we obtained an undated presentation for the Gun Recovery Unit titled “Social Media Investigations,” which includes a heavily redacted section on undercover uses of social media — activities that the presentation acknowledges “typically violate the User Agreement from social media platforms.” According to the presentation, “covert accounts” are “used for focused investigations” and involve communicating with people online. According to the presentation, officers need a “starting point” (i.e., a reason) to communicate with someone online using a covert account, including tips from citizens or officers and information uncovered using social media aggregators, “hashtags or names from your experience as a law enforcement officer,” “Gang Books,” and MPD databases.

Agency Guidance

The Brennan Center and D4BL obtained two policies governing how criminal research specialists within the MPD’s Investigative Support Section (formerly the Investigative Support Unit) conduct research to support investigators and detectives working in the field, including on social media. First, the Social Media Use Policy dated December 19, 2014, governs how specialists use social media as part of their duties. The policy permits specialists to seek and store public information on social media using department–established accounts only in three scenarios: “based upon a criminal predicate or public safety threat”; to assist in investigations, prosecutions, “justice system response[s],” and crime prevention; and when the information is useful for “crime analysis or situational awareness reports.”

Second, the Execution of Social Media Searches policy dated February 6, 2018, guides how specialists may search for information on social media. At a minimum, specialists are required to query multiple combinations of a subject’s name, phone number, and email address on Facebook, Google, and at least two additional search engines listed in the Investigative Support Section Online Resources document, which includes several websites that compile information on individuals’ phone numbers, emails, social media accounts, and more. The resource document also includes a list of various social media platforms, including some sites used primarily by communities of color, such as Black Planet and MiGente (now defunct). Specialists are also required to run, for each subject, an Accurint Virtual Identity Report — a service provided by data broker, LexisNexis, that compiles individuals’ personal information — and to consult each page provided in the subject’s report. If the subject is a minor or the specialist cannot find any public information on the subject, specialists are directed to consult their relatives’ lists of connections on social media to uncover the subject’s social media profile.

We also obtained an undated presentation provided to the Investigative Support Section titled “Social Media” that includes various case studies to teach specialists how to search through social media according to the procedures in the Execution of Social Media Searches policy. Though the presentation is heavily redacted, it appears to focus in part on using social media to identify or monitor gang members. For instance, one slide directs specialists to proactively “check in on known recidivists and gang/crew members” who have a “social media footprint.” Another slide appears to direct officers to search through Instagram to determine whether a subject of an investigation is affiliated with a crew.

Social Media Search Logs

The records also include a 265-page log documenting criminal research specialists’ social media searches from November 2013 to January 2023, revealing how specialists comb through Facebook, YouTube, and Twitter profiles to investigate crimes. For example, an officer searched through a person’s Twitter and Facebook photos to note that they included “gang signs” and “marijuana.” Officers also watch peoples’ music videos or listen to their Sound Cloud to dig up information, or in some instances trying to identify people featured in YouTube videos with no explanation as to why. The police also rely on Morpho Face, a facial recognition tool, and the department’s oft-criticized gang database. The records reflect how people who are not suspected of crimes, as well as relatives, girlfriends, and associates of those involved, may be swept into the MPD’s surveillance. For example, an officer ran social media searches for a person’s “mother, father, godmother, other relatives,” while another search yielded “Facebook, Twitter, [Instagram,] and YouTube accounts for [a person of interest] and his mother.”

Babel Street

BabelX is the flagship product of the social media monitoring company Babel Street, which, according to the company, collects information from dozens of social media platforms and across the internet, allowing its users to search for and analyze information in hundreds of languages. The DC fusion center has had access to Babel Street since at least August 2014, when the company conducted a demonstration of its social media monitoring capabilities.

Fusion centers are intelligence hubs developed in the aftermath of 9/11 to share counterterrorism information and criminal intelligence among local, state, and federal government entities and some private organizations. The district’s fusion center — formerly the Washington Regional Threat Analysis Center until it was renamed the National Capital Regional Threat Intelligence Consortium in 2018 — is overseen by DC’s Homeland Security and Emergency Management Agency (HSEMA).

In 2015, the fusion center created filters on BabelX to collect information from social media on behalf of the MPD, including posts related to homicides and threats against local law enforcement officers. Fusion center personnel reviewed this information before sharing the most relevant postings with the MPD. It appears that the MPD provided the fusion center with  search terms. For example, the assistant chief who managed the MPD’s Homeland Security Bureau stated that the department would provide the fusion center with a “generic glossary of the most common [slang] terms” to use on Babel Street. In another instance, the MPD provided Babel Street with keywords to search for information related to an event at Robert F. Kennedy Stadium that included terms related to both assemblies and potential threats, such as “protest,” “demonstration,” “rally,” “armed,” and “evacuation.”

In April 2015 Babel Street provided HSEMA with a spreadsheet compiling social media accounts that were “geo-located in both Ferguson [Missouri] and Baltimore during times of unrest” — presumably referring to the protests after the deaths of Michael Brown and Freddie Gray, respectively. Accounts to news organizations and journalists were excluded. The spreadsheet also contains a list of 58 social media users who Babel Street determined were “common connections” between the accounts in its first list — in other words, individuals or groups who did not necessarily have a connection to the protests but simply had a connection to those who did. Though HSEMA ultimately provided the  spreadsheet to the MPD, it is unclear whether either agency subjected the social media users included in the spreadsheet to further scrutiny.

We also obtained procurement documents from 2016–2020 showing that BabelX licenses were purchased for the DC fusion center, as well as a memorandum of understanding between the MPD and HSEMA that provides the police department access to the fusion center’s social media monitoring tools, which would include Babel Street. It is unclear whether the fusion center continues to have access to BabelX.

Dataminr

Dataminr, a company affiliated with Twitter, provides a FirstAlert tool that gives clients customized, real-time alerts about events uncovered through social media. Dataminr provided the MPD with 40 user licenses during a no-cost pilot in January and February 2017. During its trial, the MPD collected information from social media  related to events including “riots” during President Trump’s inauguration and during the first Women’s March. In February 2018, the MPD purchased seven annual Dataminr licenses at a cost of almost $48,000 using State Homeland Security Grant program funds from the Department of Homeland Security. According to internal communications, six of these licenses would be provided to the DC fusion center, and the MPD would have access to “unlimited licenses for the first year” of the contract, which it would provide to the department’s Command Information Center.

The Brennan Center and D4BL did not obtain procurement documents beyond the February 2018 purchase. However, it appears that the MPD lost access to Dataminr at some point before June 2020. In May 2020, Dataminr sent the MPD two promotional papers, including one in which it claimed that its FirstAlert tool had unearthed some of the very first indications of the Covid-19 pandemic in December 2019. Soon after, an MPD representative contacted the District’s Office of the Chief Technology Officer (OCTO), which paid about $200,000 for 50 Dataminr licenses, 45 of which it provided to HSEMA. On May 29, 2020, OCTO’s chief data officer responded to the MPD, stating that HSEMA could provide the MPD with some of its unused Dataminr licenses, which he said “would be very handy” for the MPD’s response to protests in the aftermath of George Floyd’s murder. The MPD gained access to Dataminr seemingly through an arrangement with HSEMA.

The Brennan Center and D4BL obtained more than 700,000 pages of email notifications from Dataminr First Alert to members of the MPD, dated between June 4, 2020, and May 20, 2022. In these emails, Dataminr sent the MPD information about protests, including real-time information about anticipated demonstrations, where protests were forming and moving, and protesters’ activities, often without any apparent connection to public safety.

Dataminr’s transmissions to the MPD belie the company’s position that it only provides news alerts to law enforcement and does not permit the use of its tool to surveil First Amendment–protected activity. The tension between Dataminr’s capabilities and its policy against surveillance was apparent in one December 2020 exchange between the company and the MPD when an MPD representative noted that Dataminr had failed to flag for the department “social media chatter” in the run-up to January 6, 2021. In response, one Dataminr employee stated that the company could not alert law enforcement about the “planning or scheduling of protests or demonstrations,” even though the company had provided this type of information to the MPD during the summer of 2020. The MPD replied that it was “concerned with the threats of ‘armed protesters’ and people planning on bringing firearms” to the district.

Sprinklr

The MPD used Sprinklr on a trial basis from January to March 2017, a period that mostly coincided with the Dataminr trial. Like Dataminr, Sprinklr’s social media monitoring tool appears to rely on a user’s search terms to scour online platforms for relevant postings. During the trial, the MPD obtained six Sprinklr licenses that it distributed to the “POI team,” the Intelligence Branch, and the Fusion Desk. Though the trial was initially set to cost $40,000, we did not receive documents indicating whether the MPD paid for the trial.

The MPD’s Fusion Desk — a unit charged with providing “situational awareness and operational intelligence to MPD personnel” — used Sprinklr during former President Trump’s inauguration “to monitor key terms that could have an impact on” the district, “then fed this information to” other MPD divisions to “apprise them of real-time events as they unfolded.” The list of search terms that the MPD used on Sprinklr during the inauguration focused entirely on eliciting activity surrounding anti-Trump protests, including hashtags like #DisruptJ20, #RefuseFascism, #ResistTrump, #Anticapitalist, and #Antifa.

The MPD created two other lists of search terms for Sprinklr following the inauguration. The first was a “universal list” that included the search terms “Active Shooter,” “Evacuation,” “Protests,” “Terrorism/Terrorist,” and “ISIS.” The second list was limited to activity in the DC area and used search terms about a range of criminal activity, from “Graffiti” to “Stabbing” and “Shooting.” Internal emails also indicate that the MPD was considering assembling search queries for particular events in the district. For example, one MPD employee proposed collecting information about “A Day Without Immigrants” protests in February 2017 using search terms such as #BreakLunch and #GeneralStrike. It is unclear whether the MPD ultimately used Sprinklr for this purpose.

Voyager

In December 2015, the MPD’s Intelligence Division conducted a two-week evaluation of VoyagerAnalytics, an “AI-based analysis platform” developed by a company called Voyager that collects information from social media (including Facebook, Twitter, and Instagram) and purportedly uncovers details about individuals’ “relationships, the strength of those relationships, the prominent topics and narratives important to him or her, as well as hundreds of other signals, allowing [users] to derive significant, actionable insights.” Following the evaluation, the Intelligence Division found that the tool “exceed[ed] the capabilities of all other social media investigative tools [the division] had tried.” In January 2016, Voyager provided the MPD with a pricing proposal of $37,000 to $60,000 per year for three users, though it appears the department ultimately did not move forward with the purchase.

The MPD trialed Voyager again the following year. It sought to use Voyager in January 2017 to monitor activity surrounding the presidential inauguration in a trial coinciding with its trials of Dataminr and Sprinklr. It appears the MPD ultimately began its trial with Voyager after June 2017. According to a memorandum requesting approval to use Voyager, the MPD sought to provide user licenses to criminal research specialists, members of the Criminal Intelligence Bureau, and personnel assigned to the Joint Terrorism Task Force. The memo highlights Voyager’s “integrated analytics” that allow users “to conduct network analysis and [uncover] in depth information from over six social media platforms from non-attributable proxy servers.” Though the MPD attempted to purchase three licenses for Voyager in 2017, each costing $30,000, the department ultimately did not move forward with the purchase because of the cost.

In 2019 the MPD requested another pricing proposal from Voyager as it prepared to apply for grant funding, stating that the department would request licenses for up to 25 users, including personnel from the gang unit. Though Voyager conducted a demonstration with the MPD to showcase its tool’s updated capabilities, it is unclear from the documents whether the department moved forward with purchasing licenses for Voyager.

Data Brokers

The Brennan Center and D4BL also obtained documents demonstrating that the MPD contracted or had trials with three companies — Transunion, LexisNexis, and Thomson Reuters — for data brokerage services, which included access to information from social media.

Since at least 2015, the MPD has contracted with Transunion for access to its database service, TLOxp, which contains hundreds of millions of data points of individuals’ sensitive information including social media, vehicle tracking data using license plate readers, utility data, and more. In a marketing email from May 2019, Transunion advertised TLOxp’s Social Media Comprehensive Report feature, through which users “could reveal more about a subject’s digital identity through information not readily accessible via other forms of public records data.”

According to an email thread from August 2018, TLOxp was most used by the MPD’s criminal research specialists who conduct research to support officers working in the field; it was also used for broader crime analysis and situational awareness within the department. The specialists used TLOxp to obtain information about individuals’ phone numbers, home addresses, and social media activity.

Though we obtained an email thread from April 2022 showing that the MPD was considering renewing its access to TLOxp for the 2023 fiscal year, it is unclear whether the department continues to have access to the database. However, we also obtained dozens of emails notifying MPD employees that their TLOxp accounts had been inactive for 30 days or responding to a request to reset accounts’ passwords, demonstrating that some MPD employees had TLOxp accounts until at least June 4, 2022.

We also obtained email communications indicating that MPD accessed LexisNexis’s social media monitoring services in 2014 through Accurint, the company’s flagship database. While the MPD’s Intelligence Branch held a trial of LexisNexis’s social media monitoring services in March and April 2014, a LexisNexis representative provided the MPD with a proposal to increase the department’s existing contracts for Accurint from 35 users to 50 users and to incorporate Accurint’s social media monitoring services starting in May 2014. The total cost of the contract would increase from $39,348 to $82,150 per year. Instead, the MPD opted to pay to extend the Intelligence Branch’s trial from May to at least November 2014 and did not incorporate social media monitoring features into its annual license renewal for fiscal year 2015. It is unclear whether the department eventually purchased annual licenses for LexisNexis’s social media monitoring services.

Last, we obtained email communications indicating that the MPD conducted a 14-day trial of CLEAR, the data brokerage service from Thomson Reuters, in May 2014, as well as a demonstration of CLEAR’s “Social Media Threat Tool.” However, it appears that the MPD did not move forward with purchasing access to CLEAR because officers did not find it useful. In 2020 the MPD’s Homicide Branch conducted another trial of CLEAR, after which Thomson Reuters submitted a proposal to the department that would cost between $112,100 and $450,000 annually, depending on the number of users. It is unclear whether the MPD moved forward with purchasing licenses for CLEAR.