Official: America auto-scanned visitors' social media profiles. Also: It didn't work properly

DHS report shows the limits of bonkers budget-busting plan


The US Department of Homeland Security used software to scan social media accounts of people visiting America, but it didn't work properly.

That's the conclusion of a study by the department's inspector general. In a heavily redacted report [PDF] that surfaced this week, the watchdog revealed that in December 2015, US Citizenship and Immigration Services ran a pilot program to check social media streams both manually and automatically for any signs of wrongdoing.

The tests were repeated in April and August 2016 using different software tools to rifle through online profiles for troublemakers. The exact software programs used were not named.

"In reviewing the pilot, USCIS concluded that the tool was not a viable option for automated social media screening and that manual review was more effective at identifying accounts," the report states.

"USCIS based its conclusion on the tool's low 'match confidence.' Because the resulting accounts identified by the tool did not always match up with the applicants, officers had to manually check the results. However, USCIS did not establish match benchmarks for the tool, so it does not know what level of match confidence would signify success or failure."

That poses a significant problem for the DHS – one that's common to many mass data-slurping programs. If fleshy humans are the only way to check the information, they are going to be facing an enormous volume of data and may either miss key clues or draw the wrong conclusions.

Nevertheless, the DHS isn't giving up on the scheme yet. It has identified 275 software tools that could be used in the scanning, and it restarted the testing program in January 2017, presumably working on the principle that there's no problem that can't be overcome if you throw enough money at it.

And what a lot of money. The DHS has already said it will cost around $300m just to collect the social media data they want. The costs of actually going through it all are bound to be much higher if they want to properly check if a terrorist trying to come to the US has announced his or her plans online.

The DHS Office of Intelligence and Analysis (I&A) acknowledged the report's conclusions and said it would now add metrics for determining if they are successful or not. It also said that at the moment, neither the government nor the private sector "possessed the capabilities for large-scale social media screening."

"DHS has taken steps to improve its social media screening pilots by implementing a four-pronged approach that measures performance, to develop consistent benchmarks and continue improving performance to ensure rigor and scalability for long-term success," I&A said.

"This approach includes using qualitative and quantitative criteria for measuring tool performance; collecting and analyzing comprehensive performance metrics of ongoing research and development pilots; reporting project milestones to the task force; and reporting select metrics measuring pilot performance in a weekly task force agenda."

All this does rather throw a spanner in the works for the social media scanning idea politicians are itching for. Under President Obama, the government considered asking people to voluntarily submit social media profiles, but since the election of President Trump the scheme may become mandatory and more invasive.

The new boss of the US Department of Homeland Security, John Kelly, has said that such checks should be mandatory and travelers should also be forced to provide passwords and banking records. This may take weeks or months, he said, but people will just have to wait before visiting this shining city on the hill.

On Friday a consortium of civil liberties groups, including the ACLU and Reporters without Borders, sent Kelly an open letter decrying the plans to demand this sort of data. They point out that if the US introduces such a policy, other countries will follow suit, which will put American data at risk.

"We urge you to reject any proposal to require anyone to provide log-in information to their online accounts as a condition of entry into the United States," it reads. "Demanding log-in information is a direct assault on fundamental rights and would weaken, rather than promote, national security."

If you are concerned about data security, The Reg has compiled this handy guide for those wishing to visit the Home of the Brave. Good luck. ®

Similar topics


Other stories you might like

  • Prisons transcribe private phone calls with inmates using speech-to-text AI

    Plus: A drug designed by machine learning algorithms to treat liver disease reaches human clinical trials and more

    In brief Prisons around the US are installing AI speech-to-text models to automatically transcribe conversations with inmates during their phone calls.

    A series of contracts and emails from eight different states revealed how Verus, an AI application developed by LEO Technologies and based on a speech-to-text system offered by Amazon, was used to eavesdrop on prisoners’ phone calls.

    In a sales pitch, LEO’s CEO James Sexton told officials working for a jail in Cook County, Illinois, that one of its customers in Calhoun County, Alabama, uses the software to protect prisons from getting sued, according to an investigation by the Thomson Reuters Foundation.

    Continue reading
  • Battlefield 2042: Please don't be the death knell of the franchise, please don't be the death knell of the franchise

    Another terrible launch, but DICE is already working on improvements

    The RPG Greetings, traveller, and welcome back to The Register Plays Games, our monthly gaming column. Since the last edition on New World, we hit level cap and the "endgame". Around this time, item duping exploits became rife and every attempt Amazon Games made to fix it just broke something else. The post-level 60 "watermark" system for gear drops is also infuriating and tedious, but not something we were able to address in the column. So bear these things in mind if you were ever tempted. On that note, it's time to look at another newly released shit show – Battlefield 2042.

    I wanted to love Battlefield 2042, I really did. After the bum note of the first-person shooter (FPS) franchise's return to Second World War theatres with Battlefield V (2018), I stupidly assumed the next entry from EA-owned Swedish developer DICE would be a return to form. I was wrong.

    The multiplayer military FPS market is dominated by two forces: Activision's Call of Duty (COD) series and EA's Battlefield. Fans of each franchise are loyal to the point of zealotry with little crossover between player bases. Here's where I stand: COD jumped the shark with Modern Warfare 2 in 2009. It's flip-flopped from WW2 to present-day combat and back again, tried sci-fi, and even the Battle Royale trend with the free-to-play Call of Duty: Warzone (2020), which has been thoroughly ruined by hackers and developer inaction.

    Continue reading
  • American diplomats' iPhones reportedly compromised by NSO Group intrusion software

    Reuters claims nine State Department employees outside the US had their devices hacked

    The Apple iPhones of at least nine US State Department officials were compromised by an unidentified entity using NSO Group's Pegasus spyware, according to a report published Friday by Reuters.

    NSO Group in an email to The Register said it has blocked an unnamed customers' access to its system upon receiving an inquiry about the incident but has yet to confirm whether its software was involved.

    "Once the inquiry was received, and before any investigation under our compliance policy, we have decided to immediately terminate relevant customers’ access to the system, due to the severity of the allegations," an NSO spokesperson told The Register in an email. "To this point, we haven’t received any information nor the phone numbers, nor any indication that NSO’s tools were used in this case."

    Continue reading

Biting the hand that feeds IT © 1998–2021