Skip Navigation

Social Media Surveillance by the U.S. Government

A growing and unregulated trend of online surveillance raises concerns for civil rights and liberties.

Social media has become a signi­fic­ant source of inform­a­tion for U.S. law enforce­ment and intel­li­gence agen­cies. The Depart­ment of Home­land Secur­ity, the FBI, and the State Depart­ment are among the many federal agen­cies that routinely monitor social plat­forms, for purposes ranging from conduct­ing invest­ig­a­tions to identi­fy­ing threats to screen­ing trav­el­ers and immig­rants. This is not surpris­ing; as the U.S. Supreme Court has said, social media plat­forms have become “for many . . . the prin­cipal sources for know­ing current events, . . . speak­ing and listen­ing in the modern public square, and other­wise explor­ing the vast realms of human thought and know­ledge” — in other words, an essen­tial means for parti­cip­at­ing in public life and commu­nic­at­ing with others.

At the same time, this grow­ing — and mostly unreg­u­lated — use of social media raises a host of civil rights and civil liber­ties concerns. Because social media can reveal a wealth of personal inform­a­tion — includ­ing about polit­ical and reli­gious views, personal and profes­sional connec­tions, and health and sexu­al­ity — its use by the govern­ment is rife with risks for free­dom of speech, assembly, and faith, partic­u­larly for the Black, Latino, and Muslim communit­ies that are histor­ic­ally targeted by law enforce­ment and intel­li­gence efforts. These risks are far from theor­et­ical: many agen­cies have a track record of using these programs to target minor­ity communit­ies and social move­ments. For all that, there is little evid­ence that this type of monit­or­ing advances secur­ity object­ives; agen­cies rarely meas­ure the useful­ness of social media monit­or­ing and DHS’s own pilot programs showed that they were not help­ful in identi­fy­ing threats. Never­the­less, the use of social media for a range of purposes contin­ues to grow.

In this Q&A, we survey the ways in which federal law enforce­ment and intel­li­gence agen­cies use social media monit­or­ing and the risks posed by its thinly regu­lated and grow­ing use in vari­ous contexts.

Which federal agencies use social media monitoring?

Many federal agen­cies use social media, includ­ing the Depart­ment of Home­land Secur­ity (DHS), Federal Bureau of Invest­ig­a­tion (FBI), Depart­ment of State (State Depart­ment), Drug Enforce­ment Admin­is­tra­tion (DEA), Bureau of Alco­hol, Tobacco, Fire­arms and Explos­ives (ATF), U.S. Postal Service (USPS), Internal Revenue Service (IRS), U.S. Marshals Service, and Social Secur­ity Admin­is­tra­tion (SSA). This docu­ment focuses primar­ily on the activ­it­ies of DHS, FBI, and the State Depart­ment, as the agen­cies that make the most extens­ive use of social media for monit­or­ing, target­ing, and inform­a­tion collec­tion.

Why do federal agencies monitor social media?

Publicly avail­able inform­a­tion shows that federal agen­cies use social media for four main — and some­times over­lap­ping — purposes. The examples below are illus­trat­ive and do not capture the full spec­trum of social media surveil­lance by federal agen­cies.

Invest­ig­a­tions: Law enforce­ment agen­cies, such as the FBI and some compon­ents of DHS, use social media monit­or­ing to assist with crim­inal and civil invest­ig­a­tions. Some of these invest­ig­a­tions may not even require a show­ing of crim­inal activ­ity. For example, FBI agents can open an “assess­ment” simply on the basis of an “author­ized purpose,” such as prevent­ing crime or terror­ism, and without a factual basis. During assess­ments, FBI agents can carry out searches of publicly avail­able online inform­a­tion. Subsequent invest­ig­at­ive stages, which require some factual basis, open the door for more invas­ive surveil­lance tactics, such as the monit­or­ing and record­ing of chats, direct messages, and other private online commu­nic­a­tions in real time.

At DHS, Home­land Secur­ity Invest­ig­a­tions (HSI) — which is part of Immig­ra­tion and Customs Enforce­ment (ICE) — is the Depart­ment’s “prin­cipal invest­ig­at­ive arm.” HSI asserts in its train­ing mater­i­als that it has the author­ity to enforce any federal law, and relies on social media when conduct­ing invest­ig­a­tions on matters ranging from civil immig­ra­tion viol­a­tions to terror­ism. ICE agents can look at publicly avail­able social media content for purposes ranging from find­ing fugit­ives to gath­er­ing evid­ence in support of invest­ig­a­tions to prob­ing “poten­tial crim­inal activ­ity,” a “threat detec­tion” func­tion discussed below. Agents can also oper­ate under­cover online and monitor private online commu­nic­a­tions, but the circum­stances under which they are permit­ted to do so are not publicly known.

Monit­or­ing to detect threats: Even without open­ing an assess­ment or other invest­ig­a­tion, FBI agents can monitor public social media post­ings. DHS compon­ents from ICE to its intel­li­gence arm, the Office of Intel­li­gence & Analysis, also monitor social media — includ­ing specific indi­vidu­als — with the goal of identi­fy­ing poten­tial threats of viol­ence or terror­ism. In addi­tion, the FBI and DHS both engage private compan­ies to conduct online monit­or­ing of this type on their behalf. One firm, for example, was awar­ded a contract with the FBI in Decem­ber 2020 to scour social media to proact­ively identify “national secur­ity and public safety-related events” — includ­ing vari­ous unspe­cified threats, as well as crimes — which have not yet been repor­ted to law enforce­ment.

Situ­ational aware­ness: Social media may provide an “ear to the ground” to help the federal govern­ment coordin­ate a response to break­ing events. For example, a range of DHS compon­ents — from Customs and Border Protec­tion (CBP) to the National Oper­a­tions Center (NOC) to the Federal Emer­gency Manage­ment Agency (FEMA) — monitor the inter­net, includ­ing by keep­ing tabs on a broad list of websites and keywords being discussed on social media plat­forms and track­ing inform­a­tion from sources like news services and local govern­ment agen­cies. Privacy impact assess­ments suggest there are few limits on the content that can be reviewed — for instance, the PIAs list a sweep­ing range of keywords that are monitored (ranging, for example, from “attack,” “public health,” and “power outage,” to “jihad”). The purposes of such monit­or­ing include help­ing keep the public, private sector, and govern­mental part­ners informed about devel­op­ments during a crisis such as a natural disaster or terror­ist attack; identi­fy­ing people need­ing help during an emer­gency; and know­ing about “threats or dangers” to DHS facil­it­ies.

“Situ­ational aware­ness” and “threat detec­tion” over­lap because they both involve broad monit­or­ing of social media, but situ­ational aware­ness has a wider focus and is gener­ally not inten­ded to monitor or pree­mpt­ively identify specific people who are thought to pose a threat.

Immig­ra­tion and travel screen­ing: Social media is used to screen and vet trav­el­ers and immig­rants coming into the United States and even to monitor them while they live here. People apply­ing for a range of immig­ra­tion bene­fits also undergo social media checks to verify inform­a­tion in their applic­a­tion and determ­ine whether they pose a secur­ity risk.

How can the government’s use of social media harm people?

Govern­ment monit­or­ing of social media can work to people’s detri­ment in at least four ways: (1) wrongly implic­at­ing an indi­vidual or group in crim­inal beha­vior based on their activ­ity on social media; (2) misin­ter­pret­ing the mean­ing of social media activ­ity, some­times with severe consequences; (3) suppress­ing people’s will­ing­ness to talk or connect openly online; and (4) invad­ing indi­vidu­als’ privacy. These are explained in further detail below.

Assumed crimin­al­ity: The govern­ment may use inform­a­tion from social media to label an indi­vidual or group as a threat, includ­ing char­ac­ter­iz­ing ordin­ary activ­ity (like wear­ing a partic­u­lar sneaker brand or making common hand signs) or social media connec­tions as evid­ence of crim­inal or threat­en­ing beha­vior. This kind of assump­tion can have high-stakes consequences. For example, the NYPD wrongly arres­ted 19-year-old Jelani Henry for attemp­ted murder, after which he was denied bail and jailed for over a year and a half, in large part because prosec­utors thought his “likes” and photos on social media proved he was a member of a viol­ent gang. In another case of guilt by asso­ci­ation, DHS offi­cials barred a Palestinian student arriv­ing to study at Harvard from enter­ing the coun­try based on the content of his friends’ social media posts. The student had neither writ­ten nor engaged with the posts, which were crit­ical of the U.S. govern­ment. Black, Latino, and Muslim people are espe­cially vulner­able to being falsely labeled threats based on social media activ­ity, given that it is used to inform govern­ment decisions that are often already tain­ted by bias such as gang determ­in­a­tions and travel screen­ing decisions.

Mistaken judg­ments: It can be diffi­cult to accur­ately inter­pret online activ­ity, and the reper­cus­sions can be severe. In 2020, police in Wichita, Kansas arres­ted a teen­ager on suspi­cion of incit­ing a riot based on a mistaken inter­pret­a­tion of his Snapchat post, in which he was actu­ally denoun­cing viol­ence. Brit­ish trav­el­ers were inter­rog­ated at Los Angeles Inter­na­tional Airport and sent back to the U.K. due to a border agent’s misin­ter­pret­a­tion of a joking tweet. And DHS and the FBI dissem­in­ated reports to a Maine-area intel­li­gence-shar­ing hub warn­ing of poten­tial viol­ence at anti-police brutal­ity demon­stra­tions based on fake social media posts by right-wing provocateurs, which were distrib­uted as a warn­ing to local police.

Chilling effects: People are highly likely to censor them­selves when they think they are being watched by the govern­ment, and this under­mines everything from polit­ical speech to creativ­ity to other forms of self-expres­sion. The Bren­nan Center’s lawsuit against the State Depart­ment and DHS docu­ments how the collec­tion of social media iden­ti­fi­ers on visa forms — which are then stored indef­in­itely and shared across the U.S. govern­ment, and some­times with state, local, and foreign govern­ments — led a number of inter­na­tional film­makers to stop talk­ing about polit­ics and promot­ing their work on social media. They self-censored because they were concerned that what they said online would prevent them from getting a U.S. visa or be used to retali­ate against them because it could be misin­ter­preted or reflect contro­ver­sial view­points.

Loss of privacy: A person’s social media pres­ence — their posts, comments, photos, likes, group member­ships, and so on — can collect­ively reveal their ethni­city, polit­ical views, reli­gious prac­tices, gender iden­tity, sexual orient­a­tion, person­al­ity traits, and vices. Further, social media can reveal more about a person than they intend. Plat­forms’ privacy settings frequently change and can be diffi­cult to navig­ate, and even when indi­vidu­als keep inform­a­tion private it can be disclosed through the activ­ity or iden­tity of their connec­tions on social media. DHS at least has recog­nized this risk, categor­iz­ing social media handles as “sens­it­ive person­ally iden­ti­fi­able inform­a­tion” that could “result in substan­tial harm, embar­rass­ment, incon­veni­ence, or unfair­ness to an indi­vidual.” Yet the agency has failed to place robust safe­guards on social media monit­or­ing.

Who is harmed by social media monitoring?

While all Amer­ic­ans may be harmed by untrammeled social media monit­or­ing, people from histor­ic­ally margin­al­ized communit­ies and those who protest govern­ment policies typic­ally bear the brunt of suspi­cion­less surveil­lance. Social media monit­or­ing is no differ­ent.

Echo­ing the trans­gres­sions of the civil rights era, there are myriad examples of the FBI and DHS using social media to surveil people speak­ing out on issues from racial justice to the treat­ment of immig­rants. Both agen­cies have monitored Black Lives Matter activ­ists. In 2017, the FBI created a specious terror­ism threat category called “Black Iden­tity Extrem­ism” (BIE), which can be read to include protests against police viol­ence. This category has been used to ration­al­ize contin­ued surveil­lance of black activ­ists, includ­ing monit­or­ing of social media activ­ity. In 2020, DHS’s Office of Intel­li­gence & Analysis (I&A) used social media and other tools to target and monitor racial justice protest­ors in Port­land, OR, justi­fy­ing this surveil­lance by point­ing to the threat of vandal­ism to Confed­er­ate monu­ments. I&A then dissem­in­ated intel­li­gence reports on journ­al­ists report­ing on this over­reach.

DHS espe­cially has focused social media surveil­lance on immig­ra­tion activ­ists, includ­ing those engaged in peace­ful protests against the Trump admin­is­tra­tion’s family separ­a­tion policy and others char­ac­ter­ized as “anti-Trump protests.” From 2017 through 2020, ICE kept tabs on immig­rant rights groups’ social media activ­ity, and in late 2018 and early 2019, CBP and HSI used inform­a­tion gleaned from social media in compil­ing dossiers and putting out travel alerts on advoc­ates, journ­al­ists, and lawyers — includ­ing U.S. citizens — whom the govern­ment suspec­ted of help­ing migrants south of the U.S. border.

Muslim, Arab, Middle East­ern, and South Asian communit­ies have often been partic­u­lar targets of the U.S. govern­ment’s discrim­in­at­ory travel and immig­ra­tion screen­ing prac­tices, includ­ing social media screen­ing. The State Depart­ment’s collec­tion of social media iden­ti­fi­ers on visa forms, for instance, came out of Pres­id­ent Trump’s Muslim ban, while earlier social media monit­or­ing and collec­tion programs focused dispro­por­tion­ately on people from predom­in­antly Muslim coun­tries and Arabic speak­ers.

Is social media surveillance an effective way of getting information about potential threats?

Not partic­u­larly. Broad social media monit­or­ing for threat detec­tion purposes untethered from suspi­cion of wrong­do­ing gener­ates reams of useless inform­a­tion, crowding out inform­a­tion on — and resources for — real public safety concerns.

Social media conver­sa­tions are diffi­cult to inter­pret because they are often highly context-specific and can be riddled with slang, jokes, memes, sarcasm, and refer­ences to popu­lar culture; heated rhet­oric is also common. Govern­ment offi­cials and assess­ments have repeatedly recog­nized that this dynamic makes it diffi­cult to distin­guish a sliver of genu­ine threats from the millions of every­day commu­nic­a­tions that do not warrant law enforce­ment atten­tion. As the former acting chief of DHS I&A said, “actual intent to carry out viol­ence can be diffi­cult to discern from the angry, hyper­bolic — and consti­tu­tion­ally protec­ted — speech and inform­a­tion commonly found on social media.” Like­wise, a 2021 internal review of DHS’s Office of Intel­li­gence & Analysis noted: “[s]earch­ing for true threats of viol­ence before they happen is a diffi­cult task filled with ambi­gu­ity.” The review observed that person­nel trying to anti­cip­ate future threats ended up collect­ing inform­a­tion on a “broad range of general threats that did not meet the threshold of intel­li­gence collec­tion” and provided I&A’s law enforce­ment and intel­li­gence custom­ers with “inform­a­tion of limited value,” includ­ing “memes, hyper­bole, state­ments on polit­ical organ­iz­a­tions and other protec­ted First Amend­ment speech.” Similar concerns cropped up with the DHS’s pilot programs to use social media to vet refugees.

The result is a high volume of false alarms, distract­ing law enforce­ment from invest­ig­at­ing and prepar­ing for genu­ine threats: as the FBI bluntly put it, for example, I&A’s report­ing prac­tices resul­ted in “crap” being sent through one of its threat noti­fic­a­tion systems.

What rules govern federal agencies’ use of social media?

Some agen­cies, like the FBI, DHS, State Depart­ment and IRS, have released inform­a­tion on the rules govern­ing their use of social media in certain contexts. Other agen­cies — such as the ATF, DEA, Postal Service, and Social Secur­ity Admin­is­tra­tion — have not made any inform­a­tion public; what is known about their use of social media has emerged from media cover­age, some of which has attrac­ted congres­sional scru­tiny. Below we describe some of what is known about the rules govern­ing the use of social media by the FBI, DHS, and State Depart­ment.

FBI: The main docu­ment govern­ing the FBI’s social media surveil­lance prac­tices is its Domestic Invest­ig­a­tions and Oper­a­tions Guide (DIOG), last made public in redac­ted form in 2016. Under the DIOG, FBI agents may review publicly avail­able social media inform­a­tion prior to initi­at­ing any form of inquiry. During the lowest-level invest­ig­at­ive stage, called an assess­ment (which requires an “author­ized purpose” such as stop­ping terror­ism, but no factual basis), agents may also log public, real-time commu­nic­a­tions (such as public chat room conver­sa­tions) and work with inform­ants to gain access to private online spaces, though they may not record private commu­nic­a­tions in real-time.

Begin­ning with “prelim­in­ary invest­ig­a­tions” (which require that there be “inform­a­tion or an alleg­a­tion” of wrong­do­ing but not that it be cred­ible), FBI agents may monitor and record private online commu­nic­a­tions in real-time using inform­ants and may even use false social media iden­tit­ies with the approval of a super­visor. While conduct­ing full invest­ig­a­tions (which require a reas­on­able indic­a­tion of crim­inal activ­ity), FBI agents may use all of these meth­ods and can also get prob­able cause warrants to conduct wiretap­ping, includ­ing to collect private social media commu­nic­a­tions.

The DIOG does restrict the FBI from prob­ing social media based solely on “an indi­vidu­al’s legal exer­cise of his or her First Amend­ment rights,” though such activ­ity can be a substan­tial motiv­at­ing factor. It also requires that the collec­tion of online inform­a­tion about First Amend­ment-protec­ted activ­ity be connec­ted to an “author­ized invest­ig­at­ive purpose” and be as minim­ally intrus­ive as reas­on­able under the circum­stances, although it is not clear how adher­ence to these stand­ards is eval­u­ated.

DHS: DHS policies can be pieced together using a combin­a­tion of legally mandated disclos­ures — such as privacy impact assess­ments and data mining reports — and publicly avail­able policy guidelines, though the amount of inform­a­tion avail­able varies. In 2012, DHS published a policy requir­ing that compon­ents collect­ing person­ally iden­ti­fi­able inform­a­tion from social media for “oper­a­tional uses,” such as invest­ig­a­tions (but not intel­li­gence func­tions), imple­ment basic guidelines and train­ing for employ­ees engaged in such uses and ensure compli­ance with relev­ant laws and privacy rules. Whether this policy has been holist­ic­ally imple­men­ted for “oper­a­tional uses” of social media across DHS remains unclear. However, the Bren­nan Center has obtained a number of templates describ­ing how DHS compon­ents use social media, created pursu­ant to the 2012 policy, through the Free­dom of Inform­a­tion Act.

In prac­tice, DHS policies are gener­ally permissive. The examples below illus­trate the ways in which vari­ous parts of the Depart­ment use social media.

  • ICE agents monitor social media for purposes ranging from situ­ational aware­ness and crim­inal intel­li­gence gath­er­ing to support for invest­ig­a­tions. In addi­tion to enga­ging private compan­ies to monitor social media, ICE agents may collect public social media data whenever they determ­ine it is “relev­ant for devel­op­ing a viable case” and “supports the invest­ig­at­ive process.”
  • Parts of DHS, includ­ing the National Oper­a­tions Center (NOC) (part of the Office of Oper­a­tions Coordin­a­tion and Plan­ning (OPS)), Federal Emer­gency Manage­ment Agency (FEMA), and Customs and Border Protec­tion (CBP), use social media monit­or­ing for situ­ational aware­ness. The goal is gener­ally not to “seek or collect” person­ally iden­ti­fi­able inform­a­tion. DHS may do so in “in extremis situ­ations,” however, such as when seri­ous harm to a person may be immin­ent or there is a “cred­ible threat[] to [DHS] facil­it­ies or systems.” NOC’s situ­ational aware­ness oper­a­tions are not covered by the 2012 policy; other compon­ents carry­ing out situ­ational aware­ness monit­or­ing must create a but may receive an excep­tion from the broader policy with the approval of DHS’s Chief Privacy Officer.
  • DHS’s U.S. Citizen­ship and Immig­ra­tion Services (USCIS) uses social media to verify the accur­acy of mater­i­als provided by applic­ants for immig­ra­tion bene­fits (such as applic­a­tions for refugee status or to become a U.S. citizen) and to identify fraud and threats to public safety. USCIS says it only looks at publicly avail­able inform­a­tion and that it will respect account hold­ers’ privacy settings and refrain from direct dialogue with subjects, though staff may use ficti­tious accounts in certain cases, includ­ing when “overt research would comprom­ise the integ­rity of an invest­ig­a­tion.”
  • DHS’s Office of Intel­li­gence & Analysis (I&A), as a member of the Intel­li­gence Community, is not covered by the 2012 policy. Instead it oper­ates under a separ­ate set of guidelines — pursu­ant to Exec­ut­ive Order 12,333, issued by the Secret­ary of Home­land Secur­ity and approved by the Attor­ney General — that govern its manage­ment of inform­a­tion collec­ted about U.S. persons, includ­ing via social media. The office incor­por­ates social media into the open-source intel­li­gence reports it produces for federal, state, and local law enforce­ment; these reports provide threat warn­ings, invest­ig­at­ive leads, and refer­rals. I&A person­nel may collect and retain social media inform­a­tion on U.S. citizens and green card hold­ers so long as they reas­on­ably believe that doing so supports a national or depart­mental mission; these missions are broadly defined to include address­ing home­land secur­ity concerns. And they may dissem­in­ate the inform­a­tion further if they believe it would help the recip­i­ent with “lawful intel­li­gence, coun­terter­ror­ism, law enforce­ment, or other home­land secur­ity-related func­tions.”

State Depart­ment. The Depart­ment’s policies cover­ing social media monit­or­ing for visa vetting purposes are not publicly avail­able. However, public disclos­ures shed some light on the rules consu­lar officers are supposed to follow when vetting visa applic­ants using social media. For example, consu­lar officers are not supposed to inter­act with applic­ants on social media, request their pass­words, or try to get around their privacy settings — and if they create an account to view social media inform­a­tion, they “must abide by the contrac­tual rules of that service or plat­form provider,” such as Face­book’s real name policy. Further, inform­a­tion gleaned from social media must not be used to deny visas based on protec­ted char­ac­ter­ist­ics (i.e., race, reli­gion, ethni­city, national origin, polit­ical views, gender or sexual orient­a­tion). It is supposed to be used only to confirm an applic­ant’s iden­tity and visa eligib­il­ity under criteria set forth in U.S. law.

Are there constitutional limits on social media surveillance?

Yes. Social media monit­or­ing may viol­ate the First or Four­teenth Amend­ments. It is well estab­lished that public posts receive consti­tu­tional protec­tion: as the invest­ig­a­tions guide of the Federal Bureau of Invest­ig­a­tion recog­nizes, “[o]nline inform­a­tion, even if publicly avail­able, may still be protec­ted by the First Amend­ment. Surveil­lance is clearly uncon­sti­tu­tional when a person is specific­ally targeted for the exer­cise of consti­tu­tional rights protec­ted by the First Amend­ment (speech, expres­sion, asso­ci­ation, reli­gious prac­tice) or on the basis of a char­ac­ter­istic protec­ted by the Four­teenth Amend­ment (includ­ing race, ethni­city, and reli­gion). Social media monit­or­ing may also viol­ate the First Amend­ment when it burdens consti­tu­tion­ally protec­ted activ­ity and does not contrib­ute to a legit­im­ate govern­ment object­ive. Our lawsuit against the State Depart­ment and DHS (Doc Soci­ety v. Blinken), for instance, chal­lenges the collec­tion, reten­tion, and dissem­in­a­tion of social media iden­ti­fi­ers from millions of people — almost none of whom have engaged in any wrong­do­ing — because the govern­ment has not adequately justi­fied the screen­ing program and it imposes a substan­tial burden on speech for little demon­strated value. The White House office that reviews federal regu­la­tions noted the latter point — which a DHS Inspector General report and internal reviews have also under­scored  — when it rejec­ted, in April 2021, DHS’s proposal to collect social media iden­ti­fi­ers on travel and immig­ra­tion forms.

Addi­tion­ally, the Fourth Amend­ment protects people from “unreas­on­able searches and seizures” by the govern­ment, includ­ing searches of data in which people have a “reas­on­able expect­a­tion of privacy.” Judges have gener­ally concluded that content posted publicly online cannot be reas­on­ably expec­ted to be private, and that police there­fore do not need a warrant to view or collect it. Courts are increas­ingly recog­niz­ing, however, that when the govern­ment can collect far more inform­a­tion — espe­cially inform­a­tion reveal­ing sens­it­ive or intim­ate details — at a far lower cost than tradi­tional surveil­lance, the Fourth Amend­ment may protect that data. The same is true of social media monit­or­ing and the use of power­ful social media monit­or­ing tools, even if they are employed to review publicly avail­able inform­a­tion.

Are there statutory limits on social media surveillance?

Yes. Most notably, the Privacy Act limits the collec­tion, stor­age, and shar­ing of person­ally iden­ti­fi­able inform­a­tion about U.S. citizens and perman­ent resid­ents (green card hold­ers), includ­ing social media data. It also bars, under most circum­stances, main­tain­ing records that describe the exer­cise of a person’s First Amend­ment rights. However, the stat­ute contains an excep­tion for such records “within the scope of an author­ized law enforce­ment activ­ity.” Its cover­age is limited to data­bases from which personal inform­a­tion can be retrieved by an indi­vidual iden­ti­fier like a name, social secur­ity address, or phone number.

Addi­tion­ally, federal agen­cies’ collec­tion of social media handles must be author­ized by law and, in some cases, be subject to public notice and comment and justi­fied by a reasoned explan­a­tion that accounts for contrary evid­ence. Doc Soci­ety v. Blinken, for example, alleges that the State Depart­ment’s collec­tion of social media iden­ti­fi­ers on visa forms viol­ates the Admin­is­trat­ive Proced­ure Act (APA) because it exceeds the Secret­ary of State’s stat­utory author­ity and did not consider that prior social media screen­ing pilot programs had failed to demon­strate effic­acy.

Is the government’s use of social media consistent with platform rules?

Not always. Compan­ies do not bar govern­ment offi­cials from making accounts and look­ing at what is happen­ing on their plat­forms. However, after the ACLU exposed in 2016 that third-party social media monit­or­ing compan­ies were pitch­ing their services to Cali­for­nia law enforce­ment agen­cies as a way to monitor protest­ors against racial injustice, Twit­terFace­book, and Instagram changed or clari­fied their rules to prohibit the use of their data for surveil­lance (though the actual applic­a­tion of those rules can be murky).

Addi­tion­ally, Face­book has a policy requir­ing users identify them­selves by their “real names,” with no excep­tion for law enforce­ment. The FBI and other federal law enforce­ment agen­cies permit their agents to use false iden­tit­ies notwith­stand­ing this rule, and there have been docu­mented instances of other law enforce­ment depart­ments viol­at­ing this policy as well.

How do federal agencies share information collected from social media, and why is it a problem?

Federal agen­cies may share inform­a­tion they collect from social media across all levels of govern­ment and the private sector and will some­times even disclose data to foreign govern­ments (for instance, iden­ti­fi­ers on travel and immig­ra­tion forms). In partic­u­lar, inform­a­tion is shared domest­ic­ally with state and local law enforce­ment, includ­ing through fusion centers, which are post-9/11 surveil­lance and intel­li­gence hubs that were inten­ded to facil­it­ate coordin­a­tion among federal, state, and local law enforce­ment and private industry. Such unfettered data shar­ing magni­fies the risks of abus­ive prac­tices.

Part of the risk stems from the dissem­in­a­tion of data to actors with a docu­mented history of discrim­in­at­ory surveil­lance, such as fusion centers. A 2012 bipar­tisan Senate invest­ig­a­tion concluded that fusion centers have “yiel­ded little, if any, bene­fit to federal coun­terter­ror­ism intel­li­gence efforts,” instead produ­cing reams of low-qual­ity inform­a­tion while labeling Muslim Amer­ic­ans enga­ging in innoc­u­ous activ­it­ies, such as voter regis­tra­tion, as poten­tial threats. More recently, fusion centers have been caught monit­or­ing racial and social justice organ­izers and protests and promot­ing fake social media posts by right-wing provocateurs as cred­ible intel­li­gence regard­ing poten­tial viol­ence at anti-police brutal­ity protests. Further, many police depart­ments that get inform­a­tion from social media through fusion centers (or from federal agen­cies like the FBI and DHS directly) have a history of target­ing and surveilling minor­ity communit­ies and activ­ists, but lack basic policies that govern their use of social media. Finally, exist­ing agree­ments permit the U.S. govern­ment to share social media data — collec­ted from U.S. visa applic­ants, for example — with repress­ive foreign govern­ments that are known to retali­ate against online crit­ics.

The broad dissem­in­a­tion of social media data ampli­fies some of the harms of social media monit­or­ing by elim­in­at­ing context and safe­guards. Under some circum­stances, a govern­ment offi­cial who initially reviews and collects inform­a­tion from social media may better under­stand — from witness inter­views, notes of obser­va­tions from the field, or other mater­ial obtained during an invest­ig­a­tion, for example — its mean­ing and relev­ance than a down­stream recip­i­ent lack­ing this back­ground. And any safe­guards the initial agency places upon its monit­or­ing and collec­tion — use and reten­tion limit­a­tions, data secur­ity proto­cols, etc. — cannot be guar­an­teed after it dissem­in­ates what has been gathered. Once social media is dissem­in­ated, the origin­at­ing agency has little control over how such inform­a­tion is used, how long it is kept, whether it could be misin­ter­preted, or how it might spur over­reach.

Together, these dynam­ics amplify the harms to free expres­sion and privacy that social media monit­or­ing gener­ates. A qual­i­fied and poten­tially unre­li­able assess­ment based on social media that a protest could turn viol­ent or that a partic­u­lar person poses a threat might easily turn into a justi­fic­a­tion for poli­cing that protest aggress­ively or arrest­ing the person, as illus­trated by the examples above. Simil­arly, a person who has applied for a U.S. visa or been invest­ig­ated by federal author­it­ies, even if they are cleared, is likely to be wary of what they say on social media well into the future if they know that there is no endpoint to poten­tial scru­tiny or disclos­ure of their online activ­ity. Formerly, one branch of DHS I&A had a prac­tice of redact­ing publicly avail­able U.S. person inform­a­tion contained in open-source intel­li­gence reports dissem­in­ated to part­ners because of the “risk of civil rights and liber­ties issues.” This prac­tice was an appar­ent justi­fic­a­tion for remov­ing pre-public­a­tion over­sight to identify such issues, which implies that DHS recog­nized that inform­a­tion identi­fy­ing a person could be used to target them without a legit­im­ate law enforce­ment reason.

What role do private companies play, and what is the harm in using them?

Both the FBI and DHS have reportedly hired private firms to help conduct social media surveil­lance, includ­ing to help identify threats online. This raises concerns around trans­par­ency and account­ab­il­ity as well as effect­ive­ness.

Trans­par­ency and account­ab­il­ity: Outsourcing surveil­lance to private industry obscures how monit­or­ing is being carried out; limited inform­a­tion is avail­able about rela­tion­ships between the federal govern­ment and social media surveil­lance contract­ors, and the contract­ors, unlike the govern­ment, are not subject to free­dom of inform­a­tion laws. Outsourcing also weak­ens safe­guards because private vendors may not be subject to the same legal or insti­tu­tional constraints as public agen­cies.

Effic­acy: The most ambi­tious tools use arti­fi­cial intel­li­gence with the goal of making judg­ments about which threats, calls for viol­ence, or indi­vidu­als pose the highest risk. But doing so reli­ably is beyond the capa­city of both humans and exist­ing tech­no­logy, as more than 50 tech­no­lo­gists wrote in oppos­ing an ICE proposal aimed at predict­ing whether a given person would commit terror­ism or crime. The more rudi­ment­ary of these tools look for specific words and then flag posts contain­ing those words. Such flags are over­in­clus­ive, and garden-vari­ety content will regu­larly be elev­ated. Consider how the word “extrem­ism,” for instance, could appear in a range of news articles, be used in refer­ence to a friend’s strict diet­ary stand­ards, or arise in connec­tion with discus­sion about U.S. polit­ics. Even the best Natural Language Processing tools, which attempt to ascer­tain the mean­ing of text, are prone to error, and fare partic­u­larly poorly on speak­ers of non-stand­ard English, who may more frequently be from minor­ity communit­ies, as well as speak­ers of languages other than English. Similar concerns apply to mech­an­isms used to flag images and videos, which gener­ally lack the context neces­sary to differ­en­ti­ate a scen­ario in which an image is used for report­ing or comment­ary from one where it is used by a group or person to incite viol­ence.