IRS, DOJ use social media sites to track deadbeats, criminal activity
Documents offer peek at use of social networking sites in investigations
Computerworld - Advocacy group the Electronic Frontier Foundation has obtained documents showing how law enforcement agencies and the Internal Revenue Service are gathering information from social networking sites for their investigations.
The documents were obtained via a Freedom of Information Act (FOIA) lawsuit filed last December by the EFF and the University of California, Berkeley's Samuelson Clinic. The lawsuit was filed against six federal agencies and sought information on their use of social networking sites for data collection and surveillance purposes.
The agencies named in the lawsuit were the Department of Defense, the Department of Homeland Security, the Justice Department, the Treasury Department, the CIA and the Office of the Director of National Intelligence.
The EFF this week obtained documents from two of those agencies -- the IRS and the Justice Department -- that show how the government is collecting information from social networking sites, as it has been suspected of doing for some time, said Shane Witnov, a law student and spokesman for the lawsuit at the Samuelson Law, Technology and Public Policy Clinic. "The documents tell us clearly that the government is using social networking sites for undercover investigations," Witnov said.
In the case of the IRS, formal policies appear to be in place governing the manner in which agents can use social networking sites to investigate taxpayers, Witnov said. Guidelines contained in a 2009 IRS training course show that the agency clearly forbids agents from using deception and fake social networking accounts to ferret out information.
Agents are also limited to only accessing and using publicly available information from social networking sites. "We were actually quite impressed that they had formal training in place and that these were the rules they had established," Witnov said.
The 38-page IRS training document posted on the EFF Web site provides detailed tips to agents on how to conduct searches, locate relevant taxpayer information, narrow down and refine results, and save multiple Web pages using Adobe's Web capture feature. Among the social media applications mentioned are Google Groups, FaceBook, Twitter, MySpace, YouTube and Second Life.
The IRS document provides an example of how information gathered from a social networking site could be useful in a tax investigation. In the example, a revenue officer discovers that a taxpayer he is investigating maintains a social networking site to advertise his services as a comedian. The officer discovers that the individual maintains a video clip on his social network site where he lists his schedule of past and future performances. That information could be useful in determining amounts paid to the taxpayer for his performances and where those payments were deposited, the document noted.
"Future performance sites are potential levy sources and show where the taxpayer will be for possible summons if returns and financial information are needed," the document said.
Meanwhile, the documents obtained from the criminal division of the Justice Department show that law enforcement agents there use social media sites for undercover operations, Witnov said.
A DOJ slide presentation titled "Obtaining and Using Evidence from Social Networking Sites" from the department's Computer Crime and Intellectual Property section describes how evidence from social networking sites can reveal personal communications that might help "establish motives and personal relationships." The slide show also mentions how content posted by a user on a social media site could provide location information and "prove and disprove alibis."
The presentation also mentions the responsiveness of some social media sites such as Facebook to law enforcement requests for data. It also notes that most Twitter content is public while private Twitter messages are stored on Twitter's servers until a user deletes them. The "bad news" for law enforcement, however, is that there is no contact information for Twitter users, such as phone numbers, making the site less valuable for gathering information. The DOJ documents also say that Twitter only retains the last log-in IP address and does not preserve data unless legally required to do so.
The DOJ presentation also says that going undercover on social media sites can allow law enforcement to communicate with suspects and targets, gain access to nonpublic information and map social relationships.
The goal in getting the government to disclose its policies related to such practices is to foster a dialogue on the appropriate use of social networking sites in criminal investigations, Witnov said.
"There is a balance between privacy and protecting ourselves from crime," that needs to be achieved, he said. There are instances where the seriousness of a crime might override privacy rights. But there need to be guidelines on when and how information from social networking sites can be collected, he added.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan, or subscribe to Jaikumar's RSS feed . His e-mail address is firstname.lastname@example.org.
- NSA defends collecting data from U.S. residents not suspected of terrorist activities
- Groups fear bill would allow free flow of data between private sector and NSA
- Google's move into home automation means even less privacy
- Bill to require warrant for email searches gains ground in House
- Coming soon to a fridge near you -- targeted ads
- Snowden leaks prompt tech firms to tout privacy, transparency policies
- License reader lawsuit can be heard, appeals court rules
- Is EU's 'right to be forgotten' really the 'right to edit the truth'?
- Tails 1.0: A bootable Linux distro that protects your privacy
- Privacy jitters derail controversial K-12 big data initiative
Read more about Web Apps in Computerworld's Web Apps Topic Center.
- Securing Mobility, From Device to Network At one time, the process of managing and securing mobile devices and applications was fairly straightforward. Most organizations worried about one application (email)...
- Need to Replace MS Threat Management Gateway? Read this article to learn how F5's Secure Web Gateway solution provides a full set of features that can help you successfully migrate...
- The Shortfall of Network Load Balancing Applications running across networks encounter a wide range of performance, security, and availability challenges as IT department strive to deliver fast, secure access...
- Leave No App Behind with Software Defined Application Services F5 Software Defined Application Services (SDAS) is the next-generation model for delivering application services that enables service injection, consumption, automation, and orchestration across...
- Live Webcast IBM FlashSystem V840: Leveraging Software-Defined Flash to Drive Your Business With end-to-end, tightly integrated functionality and super-fast flash technology, products like IBM FlashSystem V840 Enterprise Performance Solution empower businesses to leverage the efficiency...
- DevOps with PureApplication System: Reduce cost and speed delivery with an integrated IBM Cloud solution Join this webcast to hear what ING Netherlands has been able to achieve while deploying DevOps tools from IBM Rational. An ING executive...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different.... All Networking White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!