© The Financial Times Ltd 2015 FT and 'Financial Times' are trademarks of The Financial Times Ltd.
August 21, 2013 4:04 pm
The US military has been investigating how to track security threats from terrorism to money laundering by mining public data from social media sites such as Twitter, raising concerns that the microblogging company may inadvertently enable government profiling of its users.
Twitter has made a virtue of its stance on protecting users and standing up to overreaching governments. It was notably absent from the list of Silicon Valley companies mentioned in the documents leaked by Edward Snowden, the former US National Security Agency contractor, about the NSA’s Prism surveillance programme. It enjoyed the moral high ground while Google, Facebook, and Microsoft issued defences.
But Twitter has caches of public data that it makes accessible to anyone who wants to study it, and that now includes an arm of the US military best known for its raid to capture Osama bin Laden. Using software that organised and combined Twitter data with information from other websites, courts, banks, and geo-location services, the group compiled detailed dossiers on individuals and their activities.
In an eight-day experiment called Quantum Leap, US Special Operations Command in Washington brought together 50 government and industry participants last summer to test how it could use technology to “identify and exploit human, commercial and information networks” within a money-laundering case, according to a draft summary of the experiment obtained by Steve Aftergood of the Federation of American Scientists, the think-tank.
The report cited the “pronounced utility of social media in exploiting human networks, including networks in which individual members actively seek to limit their exposure to the internet and social media”. The “key” tool that was “heavily used” in the experiment was “Social Bubble”, a custom-made application for Special Operations to search and analyse Twitter data.
Twitter was unaware of the effort. Though the company audits all requests for data submitted through its two data resellers, it performs no such checks on entities accessing the same data on its streaming API, an interface that allows programmers to retrieve user names, followers, and the time and content of tweets.
“These streams are available to anybody,” Twitter said upon learning of the Quantum Leap project. “They’re public streams.”
Special Operations Command hired Raptor X, a company that provided the “backbone” system for importing, exploiting, and displaying data from various sources. That company hired Creative Radicals, a developer agency based in Sausalito, California, to build the Twitter search tool “Social Bubble”.
Neither Raptor X nor Creative Radicals responded to requests for comment.
Special Operations Command played down the importance of the experiment, noting that the programme no longer existed and the people who worked on it were no longer with the command.
But Sascha Meinrath, a technology expert at the New America Foundation, the progressive think-tank, believes Project Quantum Leap represents the tip of the iceberg.
“Once again, we’re left wondering about the answers to numerous questions: how far-reaching are these data collection efforts, how many more efforts are out there, how were companies facilitating these endeavours, and what is being done with the data being collected?” he said.
Several defence companies are marketing products similar to “Social Bubble” and others used in Quantum Leap to the Pentagon and other government departments in the US and abroad.
Many products tap into publicly available data that otherwise remain hidden without sophisticated data mining and analysis software. The power lies in combining small threads of seemingly meaningless public data to create sweeping profiles of people; where they travel, what they look like, who they hang out with, what time they go to the gym.
Raytheon, for example, markets its Rapid Information Overlay Technology (Riot) software as a way to track and predict people’s movements by combining data from Facebook, Twitter, and Foursquare, including the location data most people are unaware are embedded in the pictures they publish on the internet.
The information government bodies are able to piece together from public sources can later be used as evidence presented to a judge when requesting a subpoena for private information. So, hypothetically, a money-laundering network pieced together using publicly available Twitter handles could be used to back up a court order that later compels Twitter to hand over the names and email addresses associated with certain accounts.
Whistleblowers, such as NSA-veteran William Binney, have alleged the government has built sophisticated software to mine and collate data from social media sites, including Twitter, but details of those efforts are secret.
Copyright The Financial Times Limited 2015. You may share using our article tools.
Please don't cut articles from FT.com and redistribute by email or post to the web.
Sign up for email briefings to stay up to date on topics you are interested in