IRS, DOJ use social media sites to track deadbeats, criminal activity
Documents offer peek at use of social networking sites in investigations
Computerworld - Advocacy group the Electronic Frontier Foundation has obtained documents showing how law enforcement agencies and the Internal Revenue Service are gathering information from social networking sites for their investigations.
The documents were obtained via a Freedom of Information Act (FOIA) lawsuit filed last December by the EFF and the University of California, Berkeley's Samuelson Clinic. The lawsuit was filed against six federal agencies and sought information on their use of social networking sites for data collection and surveillance purposes.
The agencies named in the lawsuit were the Department of Defense, the Department of Homeland Security, the Justice Department, the Treasury Department, the CIA and the Office of the Director of National Intelligence.
The EFF this week obtained documents from two of those agencies -- the IRS and the Justice Department -- that show how the government is collecting information from social networking sites, as it has been suspected of doing for some time, said Shane Witnov, a law student and spokesman for the lawsuit at the Samuelson Law, Technology and Public Policy Clinic. "The documents tell us clearly that the government is using social networking sites for undercover investigations," Witnov said.
In the case of the IRS, formal policies appear to be in place governing the manner in which agents can use social networking sites to investigate taxpayers, Witnov said. Guidelines contained in a 2009 IRS training course show that the agency clearly forbids agents from using deception and fake social networking accounts to ferret out information.
Agents are also limited to only accessing and using publicly available information from social networking sites. "We were actually quite impressed that they had formal training in place and that these were the rules they had established," Witnov said.
The 38-page IRS training document posted on the EFF Web site provides detailed tips to agents on how to conduct searches, locate relevant taxpayer information, narrow down and refine results, and save multiple Web pages using Adobe's Web capture feature. Among the social media applications mentioned are Google Groups, FaceBook, Twitter, MySpace, YouTube and Second Life.
The IRS document provides an example of how information gathered from a social networking site could be useful in a tax investigation. In the example, a revenue officer discovers that a taxpayer he is investigating maintains a social networking site to advertise his services as a comedian. The officer discovers that the individual maintains a video clip on his social network site where he lists his schedule of past and future performances. That information could be useful in determining amounts paid to the taxpayer for his performances and where those payments were deposited, the document noted.
"Future performance sites are potential levy sources and show where the taxpayer will be for possible summons if returns and financial information are needed," the document said.
Meanwhile, the documents obtained from the criminal division of the Justice Department show that law enforcement agents there use social media sites for undercover operations, Witnov said.
A DOJ slide presentation titled "Obtaining and Using Evidence from Social Networking Sites" from the department's Computer Crime and Intellectual Property section describes how evidence from social networking sites can reveal personal communications that might help "establish motives and personal relationships." The slide show also mentions how content posted by a user on a social media site could provide location information and "prove and disprove alibis."
The presentation also mentions the responsiveness of some social media sites such as Facebook to law enforcement requests for data. It also notes that most Twitter content is public while private Twitter messages are stored on Twitter's servers until a user deletes them. The "bad news" for law enforcement, however, is that there is no contact information for Twitter users, such as phone numbers, making the site less valuable for gathering information. The DOJ documents also say that Twitter only retains the last log-in IP address and does not preserve data unless legally required to do so.
The DOJ presentation also says that going undercover on social media sites can allow law enforcement to communicate with suspects and targets, gain access to nonpublic information and map social relationships.
The goal in getting the government to disclose its policies related to such practices is to foster a dialogue on the appropriate use of social networking sites in criminal investigations, Witnov said.
"There is a balance between privacy and protecting ourselves from crime," that needs to be achieved, he said. There are instances where the seriousness of a crime might override privacy rights. But there need to be guidelines on when and how information from social networking sites can be collected, he added.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan, or subscribe to Jaikumar's RSS feed . His e-mail address is firstname.lastname@example.org.
- Franken presses Ford on location data collection practices
- Justices let stand appeals court decision on border searches of laptops
- California lawmakers move to bar state help to NSA
- Appeals court again nixes Google's bid to overturn Street View case
- Older Mac webcams can spy without activating warning light
- Update: Judge rules NSA spy efforts may be unconstitutional
- Perspective: Privacy concerns could keep Amazon delivery drones grounded
- NSA collects data from millions of cellphones daily
- Perspective: Curbing data use is key to reining in NSA
- Lavabit-DOJ dispute zeroes in on encryption key ownership
Read more about Web Apps in Computerworld's Web Apps Topic Center.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Alert Logic for PCI DSS Compliance To achieve PCI DSS compliance, you must identify and remediate all critical vulnerabilities detected during PCI scans. Threat Manager streamlines this process by...
- Accelerating Network Convergence in Virtualized and Cloud Data Centers Adopting a converged networking strategy enables organizations to traffic server and storage I/O workloads on consolidated data throughput channels. Intelligent software helps optimize...
- How 10GbE Network is the Backbone of the Virtual Data Center The shift to a virtual data center has put tremendous strain on legacy networks; driving the need for more speed, lower latency, more...
- Live Webcast Best Practices for the Hyperconverged Enterprise Network To the Age of Constant Connectivity and Information overload
- Getting Ready for BlackBerry Enterprise Service 10.2 Find out how BlackBerry® Enterprise Service 10 helps organizations address the full spectrum of EMM challenges, while balancing the needs of both the...
- Containerization Options: How to Choose the Best DLP Solution for Your Organization This webcast outlines a framework for making the right choice when it comes to containerization approaches, along with the pros and cons of... All Networking White Papers | Webcasts