Social Media Surveillance by the U.S. Government

Social media has become a significant source of information for U.S. law enforcement and intelligence agencies. The Department of Homeland Security, the FBI, and the State Department are among the many federal agencies that routinely monitor social platforms, for purposes ranging from conducting investigations to identifying threats to screening travelers and immigrants. This is not surprising; as the U.S. Supreme Court has said, social media platforms have become “for many . . . the principal sources for knowing current events, . . . speaking and listening in the modern public square, and otherwise exploring the vast realms of human thought and knowledge” — in other words, an essential means for participating in public life and communicating with others.

At the same time, this growing — and mostly unregulated — use of social media raises a host of civil rights and civil liberties concerns. Because social media can reveal a wealth of personal information — including about political and religious views, personal and professional connections, and health and sexuality — its use by the government is rife with risks for freedom of speech, assembly, and faith, particularly for the Black, Latino, and Muslim communities that are historically targeted by law enforcement and intelligence efforts. These risks are far from theoretical: many agencies have a track record of using these programs to target minority communities and social movements. For all that, there is little evidence that this type of monitoring advances security objectives; agencies rarely measure the usefulness of social media monitoring and DHS’s own pilot programs showed that they were not helpful in identifying threats. Nevertheless, the use of social media for a range of purposes continues to grow.

In this Q&A, we survey the ways in which federal law enforcement and intelligence agencies use social media monitoring and the risks posed by its thinly regulated and growing use in various contexts.

Many federal agencies use social media, including the Department of Homeland Security (DHS), Federal Bureau of Investigation (FBI), Department of State (State Department), Drug Enforcement Administration (DEA), Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF), U.S. Postal Service (USPS), Internal Revenue Service (IRS), U.S. Marshals Service, and Social Security Administration (SSA). This document focuses primarily on the activities of DHS, FBI, and the State Department, as the agencies that make the most extensive use of social media for monitoring, targeting, and information collection.

Publicly available information shows that federal agencies use social media for four main — and sometimes overlapping — purposes. The examples below are illustrative and do not capture the full spectrum of social media surveillance by federal agencies.

Investigations: Law enforcement agencies, such as the FBI and some components of DHS, use social media monitoring to assist with criminal and civil investigations. Some of these investigations may not even require a showing of criminal activity. For example, FBI agents can open an “assessment” simply on the basis of an “authorized purpose,” such as preventing crime or terrorism, and without a factual basis. During assessments, FBI agents can carry out searches of publicly available online information. Subsequent investigative stages, which require some factual basis, open the door for more invasive surveillance tactics, such as the monitoring and recording of chats, direct messages, and other private online communications in real time.

At DHS, Homeland Security Investigations (HSI) — which is part of Immigration and Customs Enforcement (ICE) — is the Department’s “principal investigative arm.” HSI asserts in its training materials that it has the authority to enforce any federal law, and relies on social media when conducting investigations on matters ranging from civil immigration violations to terrorism. ICE agents can look at publicly available social media content for purposes ranging from finding fugitives to gathering evidence in support of investigations to probing “potential criminal activity,” a “threat detection” function discussed below. Agents can also operate undercover online and monitor private online communications, but the circumstances under which they are permitted to do so are not publicly known.

Monitoring to detect threats: Even without opening an assessment or other investigation, FBI agents can monitor public social media postings. DHS components from ICE to its intelligence arm, the Office of Intelligence & Analysis, also monitor social media — including specific individuals — with the goal of identifying potential threats of violence or terrorism. In addition, the FBI and DHS both engage private companies to conduct online monitoring of this type on their behalf. One firm, for example, was awarded a contract with the FBI in December 2020 to scour social media to proactively identify “national security and public safety-related events” — including various unspecified threats, as well as crimes — which have not yet been reported to law enforcement.

Situational awareness: Social media may provide an “ear to the ground” to help the federal government coordinate a response to breaking events. For example, a range of DHS components — from Customs and Border Protection (CBP) to the National Operations Center (NOC) to the Federal Emergency Management Agency (FEMA) — monitor the internet, including by keeping tabs on a broad list of websites and keywords being discussed on social media platforms and tracking information from sources like news services and local government agencies. Privacy impact assessments suggest there are few limits on the content that can be reviewed — for instance, the PIAs list a sweeping range of keywords that are monitored (ranging, for example, from “attack,” “public health,” and “power outage,” to “jihad”). The purposes of such monitoring include helping keep the public, private sector, and governmental partners informed about developments during a crisis such as a natural disaster or terrorist attack; identifying people needing help during an emergency; and knowing about “threats or dangers” to DHS facilities.

“Situational awareness” and “threat detection” overlap because they both involve broad monitoring of social media, but situational awareness has a wider focus and is generally not intended to monitor or preemptively identify specific people who are thought to pose a threat.

Immigration and travel screening: Social media is used to screen and vet travelers and immigrants coming into the United States and even to monitor them while they live here. People applying for a range of immigration benefits also undergo social media checks to verify information in their application and determine whether they pose a security risk.

Government monitoring of social media can work to people’s detriment in at least four ways: (1) wrongly implicating an individual or group in criminal behavior based on their activity on social media; (2) misinterpreting the meaning of social media activity, sometimes with severe consequences; (3) suppressing people’s willingness to talk or connect openly online; and (4) invading individuals’ privacy. These are explained in further detail below.

Assumed criminality: The government may use information from social media to label an individual or group as a threat, including characterizing ordinary activity (like wearing a particular sneaker brand or making common hand signs) or social media connections as evidence of criminal or threatening behavior. This kind of assumption can have high-stakes consequences. For example, the NYPD wrongly arrested 19-year-old Jelani Henry for attempted murder, after which he was denied bail and jailed for over a year and a half, in large part because prosecutors thought his “likes” and photos on social media proved he was a member of a violent gang. In another case of guilt by association, DHS officials barred a Palestinian student arriving to study at Harvard from entering the country based on the content of his friends’ social media posts. The student had neither written nor engaged with the posts, which were critical of the U.S. government. Black, Latino, and Muslim people are especially vulnerable to being falsely labeled threats based on social media activity, given that it is used to inform government decisions that are often already tainted by bias such as gang determinations and travel screening decisions.

Mistaken judgments: It can be difficult to accurately interpret online activity, and the repercussions can be severe. In 2020, police in Wichita, Kansas arrested a teenager on suspicion of inciting a riot based on a mistaken interpretation of his Snapchat post, in which he was actually denouncing violence. British travelers were interrogated at Los Angeles International Airport and sent back to the U.K. due to a border agent’s misinterpretation of a joking tweet. And DHS and the FBI disseminated reports to a Maine-area intelligence-sharing hub warning of potential violence at anti-police brutality demonstrations based on fake social media posts by right-wing provocateurs, which were distributed as a warning to local police.

Chilling effects: People are highly likely to censor themselves when they think they are being watched by the government, and this undermines everything from political speech to creativity to other forms of self-expression. The Brennan Center’s lawsuit against the State Department and DHS documents how the collection of social media identifiers on visa forms — which are then stored indefinitely and shared across the U.S. government, and sometimes with state, local, and foreign governments — led a number of international filmmakers to stop talking about politics and promoting their work on social media. They self-censored because they were concerned that what they said online would prevent them from getting a U.S. visa or be used to retaliate against them because it could be misinterpreted or reflect controversial viewpoints.

Loss of privacy: A person’s social media presence — their posts, comments, photos, likes, group memberships, and so on — can collectively reveal their ethnicity, political views, religious practices, gender identity, sexual orientation, personality traits, and vices. Further, social media can reveal more about a person than they intend. Platforms’ privacy settings frequently change and can be difficult to navigate, and even when individuals keep information private it can be disclosed through the activity or identity of their connections on social media. DHS at least has recognized this risk, categorizing social media handles as “sensitive personally identifiable information” that could “result in substantial harm, embarrassment, inconvenience, or unfairness to an individual.” Yet the agency has failed to place robust safeguards on social media monitoring.

While all Americans may be harmed by untrammeled social media monitoring, people from historically marginalized communities and those who protest government policies typically bear the brunt of suspicionless surveillance. Social media monitoring is no different.

Echoing the transgressions of the civil rights era, there are myriad examples of the FBI and DHS using social media to surveil people speaking out on issues from racial justice to the treatment of immigrants. Both agencies have monitored Black Lives Matter activists. In 2017, the FBI created a specious terrorism threat category called “Black Identity Extremism” (BIE), which can be read to include protests against police violence. This category has been used to rationalize continued surveillance of black activists, including monitoring of social media activity. In 2020, DHS’s Office of Intelligence & Analysis (I&A) used social media and other tools to target and monitor racial justice protestors in Portland, OR, justifying this surveillance by pointing to the threat of vandalism to Confederate monuments. I&A then disseminated intelligence reports on journalists reporting on this overreach.

DHS especially has focused social media surveillance on immigration activists, including those engaged in peaceful protests against the Trump administration’s family separation policy and others characterized as “anti-Trump protests.” From 2017 through 2020, ICE kept tabs on immigrant rights groups’ social media activity, and in late 2018 and early 2019, CBP and HSI used information gleaned from social media in compiling dossiers and putting out travel alerts on advocates, journalists, and lawyers — including U.S. citizens — whom the government suspected of helping migrants south of the U.S. border.

Muslim, Arab, Middle Eastern, and South Asian communities have often been particular targets of the U.S. government’s discriminatory travel and immigration screening practices, including social media screening. The State Department’s collection of social media identifiers on visa forms, for instance, came out of President Trump’s Muslim ban, while earlier social media monitoring and collection programs focused disproportionately on people from predominantly Muslim countries and Arabic speakers.

Not particularly. Broad social media monitoring for threat detection purposes untethered from suspicion of wrongdoing generates reams of useless information, crowding out information on — and resources for — real public safety concerns.

Social media conversations are difficult to interpret because they are often highly context-specific and can be riddled with slang, jokes, memes, sarcasm, and references to popular culture; heated rhetoric is also common. Government officials and assessments have repeatedly recognized that this dynamic makes it difficult to distinguish a sliver of genuine threats from the millions of everyday communications that do not warrant law enforcement attention. As the former acting chief of DHS I&A said, “actual intent to carry out violence can be difficult to discern from the angry, hyperbolic — and constitutionally protected — speech and information commonly found on social media.” Likewise, a 2021 internal review of DHS’s Office of Intelligence & Analysis noted: “[s]earching for true threats of violence before they happen is a difficult task filled with ambiguity.” The review observed that personnel trying to anticipate future threats ended up collecting information on a “broad range of general threats that did not meet the threshold of intelligence collection” and provided I&A’s law enforcement and intelligence customers with “information of limited value,” including “memes, hyperbole, statements on political organizations and other protected First Amendment speech.” Similar concerns cropped up with the DHS’s pilot programs to use social media to vet refugees.

The result is a high volume of false alarms, distracting law enforcement from investigating and preparing for genuine threats: as the FBI bluntly put it, for example, I&A’s reporting practices resulted in “crap” being sent through one of its threat notification systems.

Some agencies, like the FBI, DHS, State Department and IRS, have released information on the rules governing their use of social media in certain contexts. Other agencies — such as the ATF, DEA, Postal Service, and Social Security Administration — have not made any information public; what is known about their use of social media has emerged from media coverage, some of which has attracted congressional scrutiny. Below we describe some of what is known about the rules governing the use of social media by the FBI, DHS, and State Department.

FBI: The main document governing the FBI’s social media surveillance practices is its Domestic Investigations and Operations Guide (DIOG), last made public in redacted form in 2016. Under the DIOG, FBI agents may review publicly available social media information prior to initiating any form of inquiry. During the lowest-level investigative stage, called an assessment (which requires an “authorized purpose” such as stopping terrorism, but no factual basis), agents may also log public, real-time communications (such as public chat room conversations) and work with informants to gain access to private online spaces, though they may not record private communications in real-time.

Beginning with “preliminary investigations” (which require that there be “information or an allegation” of wrongdoing but not that it be credible), FBI agents may monitor and record private online communications in real-time using informants and may even use false social media identities with the approval of a supervisor. While conducting full investigations (which require a reasonable indication of criminal activity), FBI agents may use all of these methods and can also get probable cause warrants to conduct wiretapping, including to collect private social media communications.

The DIOG does restrict the FBI from probing social media based solely on “an individual’s legal exercise of his or her First Amendment rights,” though such activity can be a substantial motivating factor. It also requires that the collection of online information about First Amendment-protected activity be connected to an “authorized investigative purpose” and be as minimally intrusive as reasonable under the circumstances, although it is not clear how adherence to these standards is evaluated.

DHS: DHS policies can be pieced together using a combination of legally mandated disclosures — such as privacy impact assessments and data mining reports — and publicly available policy guidelines, though the amount of information available varies. In 2012, DHS published a policy requiring that components collecting personally identifiable information from social media for “operational uses,” such as investigations (but not intelligence functions), implement basic guidelines and training for employees engaged in such uses and ensure compliance with relevant laws and privacy rules. Whether this policy has been holistically implemented for “operational uses” of social media across DHS remains unclear. However, the Brennan Center has obtained a number of templates describing how DHS components use social media, created pursuant to the 2012 policy, through the Freedom of Information Act.

In practice, DHS policies are generally permissive. The examples below illustrate the ways in which various parts of the Department use social media.

• ICE agents monitor social media for purposes ranging from situational awareness and criminal intelligence gathering to support for investigations. In addition to engaging private companies to monitor social media, ICE agents may collect public social media data whenever they determine it is “relevant for developing a viable case” and “supports the investigative process.”
• Parts of DHS, including the National Operations Center (NOC) (part of the Office of Operations Coordination and Planning (OPS)), Federal Emergency Management Agency (FEMA), and Customs and Border Protection (CBP), use social media monitoring for situational awareness. The goal is generally not to “seek or collect” personally identifiable information. DHS may do so in “in extremis situations,” however, such as when serious harm to a person may be imminent or there is a “credible threat[] to [DHS] facilities or systems.” NOC’s situational awareness operations are not covered by the 2012 policy; other components carrying out situational awareness monitoring must create a but may receive an exception from the broader policy with the approval of DHS’s Chief Privacy Officer.
• DHS’s U.S. Citizenship and Immigration Services (USCIS) uses social media to verify the accuracy of materials provided by applicants for immigration benefits (such as applications for refugee status or to become a U.S. citizen) and to identify fraud and threats to public safety. USCIS says it only looks at publicly available information and that it will respect account holders’ privacy settings and refrain from direct dialogue with subjects, though staff may use fictitious accounts in certain cases, including when “overt research would compromise the integrity of an investigation.”
• DHS’s Office of Intelligence & Analysis (I&A), as a member of the Intelligence Community, is not covered by the 2012 policy. Instead it operates under a separate set of guidelines — pursuant to Executive Order 12,333, issued by the Secretary of Homeland Security and approved by the Attorney General — that govern its management of information collected about U.S. persons, including via social media. The office incorporates social media into the open-source intelligence reports it produces for federal, state, and local law enforcement; these reports provide threat warnings, investigative leads, and referrals. I&A personnel may collect and retain social media information on U.S. citizens and green card holders so long as they reasonably believe that doing so supports a national or departmental mission; these missions are broadly defined to include addressing homeland security concerns. And they may disseminate the information further if they believe it would help the recipient with “lawful intelligence, counterterrorism, law enforcement, or other homeland security-related functions.”

State Department. The Department’s policies covering social media monitoring for visa vetting purposes are not publicly available. However, public disclosures shed some light on the rules consular officers are supposed to follow when vetting visa applicants using social media. For example, consular officers are not supposed to interact with applicants on social media, request their passwords, or try to get around their privacy settings — and if they create an account to view social media information, they “must abide by the contractual rules of that service or platform provider,” such as Facebook’s real name policy. Further, information gleaned from social media must not be used to deny visas based on protected characteristics (i.e., race, religion, ethnicity, national origin, political views, gender or sexual orientation). It is supposed to be used only to confirm an applicant’s identity and visa eligibility under criteria set forth in U.S. law.

Yes. Social media monitoring may violate the First or Fourteenth Amendments. It is well established that public posts receive constitutional protection: as the investigations guide of the Federal Bureau of Investigation recognizes, “[o]nline information, even if publicly available, may still be protected by the First Amendment. Surveillance is clearly unconstitutional when a person is specifically targeted for the exercise of constitutional rights protected by the First Amendment (speech, expression, association, religious practice) or on the basis of a characteristic protected by the Fourteenth Amendment (including race, ethnicity, and religion). Social media monitoring may also violate the First Amendment when it burdens constitutionally protected activity and does not contribute to a legitimate government objective. Our lawsuit against the State Department and DHS (Doc Society v. Blinken), for instance, challenges the collection, retention, and dissemination of social media identifiers from millions of people — almost none of whom have engaged in any wrongdoing — because the government has not adequately justified the screening program and it imposes a substantial burden on speech for little demonstrated value. The White House office that reviews federal regulations noted the latter point — which a DHS Inspector General report and internal reviews have also underscored  — when it rejected, in April 2021, DHS’s proposal to collect social media identifiers on travel and immigration forms.

Additionally, the Fourth Amendment protects people from “unreasonable searches and seizures” by the government, including searches of data in which people have a “reasonable expectation of privacy.” Judges have generally concluded that content posted publicly online cannot be reasonably expected to be private, and that police therefore do not need a warrant to view or collect it. Courts are increasingly recognizing, however, that when the government can collect far more information — especially information revealing sensitive or intimate details — at a far lower cost than traditional surveillance, the Fourth Amendment may protect that data. The same is true of social media monitoring and the use of powerful social media monitoring tools, even if they are employed to review publicly available information.

Yes. Most notably, the Privacy Act limits the collection, storage, and sharing of personally identifiable information about U.S. citizens and permanent residents (green card holders), including social media data. It also bars, under most circumstances, maintaining records that describe the exercise of a person’s First Amendment rights. However, the statute contains an exception for such records “within the scope of an authorized law enforcement activity.” Its coverage is limited to databases from which personal information can be retrieved by an individual identifier like a name, social security address, or phone number.

Additionally, federal agencies’ collection of social media handles must be authorized by law and, in some cases, be subject to public notice and comment and justified by a reasoned explanation that accounts for contrary evidence. Doc Society v. Blinken, for example, alleges that the State Department’s collection of social media identifiers on visa forms violates the Administrative Procedure Act (APA) because it exceeds the Secretary of State’s statutory authority and did not consider that prior social media screening pilot programs had failed to demonstrate efficacy.

Not always. Companies do not bar government officials from making accounts and looking at what is happening on their platforms. However, after the ACLU exposed in 2016 that third-party social media monitoring companies were pitching their services to California law enforcement agencies as a way to monitor protestors against racial injustice, Twitter, Facebook, and Instagram changed or clarified their rules to prohibit the use of their data for surveillance (though the actual application of those rules can be murky).

Additionally, Facebook has a policy requiring users identify themselves by their “real names,” with no exception for law enforcement. The FBI and other federal law enforcement agencies permit their agents to use false identities notwithstanding this rule, and there have been documented instances of other law enforcement departments violating this policy as well.

Federal agencies may share information they collect from social media across all levels of government and the private sector and will sometimes even disclose data to foreign governments (for instance, identifiers on travel and immigration forms). In particular, information is shared domestically with state and local law enforcement, including through fusion centers, which are post-9/11 surveillance and intelligence hubs that were intended to facilitate coordination among federal, state, and local law enforcement and private industry. Such unfettered data sharing magnifies the risks of abusive practices.

Part of the risk stems from the dissemination of data to actors with a documented history of discriminatory surveillance, such as fusion centers. A 2012 bipartisan Senate investigation concluded that fusion centers have “yielded little, if any, benefit to federal counterterrorism intelligence efforts,” instead producing reams of low-quality information while labeling Muslim Americans engaging in innocuous activities, such as voter registration, as potential threats. More recently, fusion centers have been caught monitoring racial and social justice organizers and protests and promoting fake social media posts by right-wing provocateurs as credible intelligence regarding potential violence at anti-police brutality protests. Further, many police departments that get information from social media through fusion centers (or from federal agencies like the FBI and DHS directly) have a history of targeting and surveilling minority communities and activists, but lack basic policies that govern their use of social media. Finally, existing agreements permit the U.S. government to share social media data — collected from U.S. visa applicants, for example — with repressive foreign governments that are known to retaliate against online critics.

The broad dissemination of social media data amplifies some of the harms of social media monitoring by eliminating context and safeguards. Under some circumstances, a government official who initially reviews and collects information from social media may better understand — from witness interviews, notes of observations from the field, or other material obtained during an investigation, for example — its meaning and relevance than a downstream recipient lacking this background. And any safeguards the initial agency places upon its monitoring and collection — use and retention limitations, data security protocols, etc. — cannot be guaranteed after it disseminates what has been gathered. Once social media is disseminated, the originating agency has little control over how such information is used, how long it is kept, whether it could be misinterpreted, or how it might spur overreach.

Together, these dynamics amplify the harms to free expression and privacy that social media monitoring generates. A qualified and potentially unreliable assessment based on social media that a protest could turn violent or that a particular person poses a threat might easily turn into a justification for policing that protest aggressively or arresting the person, as illustrated by the examples above. Similarly, a person who has applied for a U.S. visa or been investigated by federal authorities, even if they are cleared, is likely to be wary of what they say on social media well into the future if they know that there is no endpoint to potential scrutiny or disclosure of their online activity. Formerly, one branch of DHS I&A had a practice of redacting publicly available U.S. person information contained in open-source intelligence reports disseminated to partners because of the “risk of civil rights and liberties issues.” This practice was an apparent justification for removing pre-publication oversight to identify such issues, which implies that DHS recognized that information identifying a person could be used to target them without a legitimate law enforcement reason.

Both the FBI and DHS have reportedly hired private firms to help conduct social media surveillance, including to help identify threats online. This raises concerns around transparency and accountability as well as effectiveness.

Transparency and accountability: Outsourcing surveillance to private industry obscures how monitoring is being carried out; limited information is available about relationships between the federal government and social media surveillance contractors, and the contractors, unlike the government, are not subject to freedom of information laws. Outsourcing also weakens safeguards because private vendors may not be subject to the same legal or institutional constraints as public agencies.

Efficacy: The most ambitious tools use artificial intelligence with the goal of making judgments about which threats, calls for violence, or individuals pose the highest risk. But doing so reliably is beyond the capacity of both humans and existing technology, as more than 50 technologists wrote in opposing an ICE proposal aimed at predicting whether a given person would commit terrorism or crime. The more rudimentary of these tools look for specific words and then flag posts containing those words. Such flags are overinclusive, and garden-variety content will regularly be elevated. Consider how the word “extremism,” for instance, could appear in a range of news articles, be used in reference to a friend’s strict dietary standards, or arise in connection with discussion about U.S. politics. Even the best Natural Language Processing tools, which attempt to ascertain the meaning of text, are prone to error, and fare particularly poorly on speakers of non-standard English, who may more frequently be from minority communities, as well as speakers of languages other than English. Similar concerns apply to mechanisms used to flag images and videos, which generally lack the context necessary to differentiate a scenario in which an image is used for reporting or commentary from one where it is used by a group or person to incite violence.