Twitter yanks data feeding tube out of police surveillance biz

Tracking for marketing, that's fine – but the cops? No way

Updated Twitter has suspended its commercial relationship with a company called Geofeedia – which provides social media data to law enforcement agencies so that they can identify potential miscreants.

The social media company announced the change through its Policy account on Tuesday morning following the publication of a report by the American Civil Liberties Union (ACLU) of California.

The civil liberties advocacy organization obtained records indicating that Facebook, Instagram, and Twitter provided bulk user post data to Geofeedia, which markets its social media monitoring software to law enforcement agencies as a way to track activists, among other uses.

Following reports alleging increased use of social media surveillance last month, both Facebook and its Instagram division ceased providing data to Geofeedia on commercial terms. Facebook did not respond to a request to provide further details.

According to the ACLU, while Twitter did not supply its full-spectrum "Firehose" data access, it did offer Geofeedia access to its database of public tweets through a subsidiary. Twitter tried to impose limitations on the arrangement in February, and when that didn't achieve the desired results, it sent a cease-and-desist letter.

Evidently, that didn't work either. On Tuesday, Twitter said, "Based on information in the @ACLU's report, we are immediately suspending @Geofeedia's commercial access to Twitter data."

Geofeedia did not respond to email or a call seeking comment.

Asked for comment, a Twitter spokesperson in an email to The Register pointed to the company's Policy post and to a May article in The Wall Street Journal indicating that Twitter directed Dataminr, an analytics firm in which it has invested, to stop sharing data with US intelligence agencies.

The ACLU contends that social media surveillance is becoming more common among law enforcement agencies and that it "can disproportionately impact communities of color." The organization cites law enforcement use of Geofeedia data in Oakland and Baltimore as examples.

According to the Baltimore Sun, police have acknowledged the use of Geofeedia data to monitor protests, public events, and incidents of community concern. They insist that they only monitor public posts.

If social media monitoring among law enforcement agencies is becoming more common, it's not yet ubiquitous. In an email to The Reg, San Francisco Police Department officer Jennifer Nguyen said, "The SFPD Media Relations unit monitors social media by utilizing TweetDeck. However, SFPD Investigations does not use any social media monitoring tools."

Facebook, Instagram, and Twitter place limits on how site data can be accessed through their terms of service agreements. In general, they forbid scraping data without prior consent, because they make bulk data available on commercial terms. They also allow developers to access data through APIs. The rate at which such data can be obtained is typically limited in the absence of a commercial agreement.

An email from Geofeedia obtained by the ACLU as a public record suggests that its arrangement with Instagram provided it with the ability to gather user data at a rate ten times greater than it would have been able to manage without a contractual deal.

The ACLU observes that while neither Facebook nor Instagram have policies forbidding the use of user data for surveillance, Twitter does have such a policy.

The advocacy organization is seeking:

  • Stronger measures to prevent social media companies from providing data to developers of surveillance tools.
  • Clearer policies spelling out such prohibitions.
  • More effective oversight of developers through human and automated compliance checks.

Separating developers of marketing tools from developers of surveillance tools, however, may not be easy.

In a phone interview with The Register, Nicole Ozer, technology and civil liberties policy director of the ACLU of California, said Geofeedia "marketed its surveillance software in part to target activists and protesters."

Beyond such dubious marketing, Ozer said Geofeedia is problematic because it provides automated access to data beyond what the law enforcement agencies could do on their own. "They're getting billions of posts packaged in a way that allows them to monitor and target for very specific surveillance purposes," she said.

Yet the implication here – that authorities have to sort through posts by hand – seems like a bit too much to ask ®.

Updated to add

In a statement sent to The Reg after this story was filed, Geofeedia CEO Phil Harris said that a wide range of public and private sector organizations use the company's software, and in each case, the company is committed to privacy and transparency.

"Our platform provides some clients, including law enforcement officials across the country, with a critical tool in helping to ensure public safety while protecting civil rights and liberties," said Harris, citing its use in emergency response and recovery efforts such as the Boston Marathon and Hurricane Matthew.

"Geofeedia has in place clear policies and guidelines to prevent the inappropriate use of our software; these include protections related to free speech and ensuring that end users do not seek to inappropriately identify individuals based on race, ethnicity, religious, sexual orientation or political beliefs, among other factors," the statement continues.

"That said, we understand, given the ever-changing nature of digital technology, that we must continue to work to build on these critical protections of civil rights. Geofeedia will continue to engage with key civil liberty stakeholders, including the ACLU and the law enforcement community, to make sure that we do everything in our power to support the security of the American people and the protection of personal freedoms."

Narrower topics

Other stories you might like

  • Ex-Qualcomm Snapdragon chief turns CEO at AI chip startup MemryX

    Meet the new boss

    A former executive leading Qualcomm's Snapdragon computing platforms has darted the company to become CEO at an AI chip startup.

    Keith Kressin will lead product commercialization for MemryX, which was founded in 2019 and makes memory-intensive AI chiplets.

    The company is now out of stealth mode and will soon commercially ship its AI chips to non-tech customers. The company was testing early generations of its chips with industries including auto and robotics.

    Continue reading
  • Aircraft can't land safely due to interference with upcoming 5G C-band broadband service

    Expect flight delays and diversions, US Federal Aviation Administation warns

    The new 5G C-band wireless broadband service expected to rollout on 5 January 2022 in the US will disrupt local radio signals and make it difficult for airplanes to land safely in harsh weather conditions, according to the Federal Aviation Administration.

    Pilots rely on radio altimeter readings to figure out when and where an aircraft should carry out a series of operations to prepare for touchdown. But the upcoming 5G C-band service beaming from cell towers threatens to interfere with these signals, the FAA warned in two reports.

    Flights may have to be delayed or restricted at certain airports as the new broadband service comes into effect next year. The change could affect some 6,834 airplanes and 1,828 helicopters. The cost to operators is expected to be $580,890.

    Continue reading
  • Canadian charged with running ransomware attack on US state of Alaska

    Cross-border op nabbed our man, boast cops and prosecutors

    A Canadian man is accused of masterminding ransomware attacks that caused "damage" to systems belonging to the US state of Alaska.

    A federal indictment against Matthew Philbert, 31, of Ottawa, was unsealed yesterday, and he was also concurrently charged by the Canadian authorities with a number of other criminal offences at the same time. US prosecutors [PDF] claimed he carried out "cyber related offences" – including a specific 2018 attack on a computer in Alaska.

    The Canadian Broadcasting Corporation reported that Philbert was charged after a 23 month investigation "that also involved the [Royal Canadian Mounted Police, federal enforcers], the FBI and Europol."

    Continue reading

Biting the hand that feeds IT © 1998–2021