Open source intelligence,social media and law enforcement: Visions,constraints and critiques

Abstract

This article considers how recent developments in open source intelligence impact the inclusion of social media data in policing, and how these changes are a reflection of technological affordances by platform developers and private third-party companies, as well as police cultural and institutional constraints. It explores the institutional contexts in which social media open source intelligence is trialled in Europe by drawing on interviews with police officials and privacy advocates from 13 European Union member states. Respondents considered their adoption of open source social media monitoring technologies in their jurisdiction, locating this uptake within a context of technological scepticism. While open source intelligence infused with social media data enables an immediate access to social life for investigators, so too do they provoke a preoccupation with the origins and circulations of this content. This tension dovetails with institutional concerns, including a lack of specialised staff, budget constraints, along with a lack of clear legal and procedural protocols.

Keywords

Internet open source intelligence police social media surveillance

Introducing open source intelligence

This article considers police uptake of open sources of intelligence, which now include social media. By automating and otherwise facilitating the monitoring of social media content, this uptake augments the visibility and exploitation of social life. Open source intelligence (OSINT) refers to a process whereby police or other investigative agencies gather and analyse data that are in principle accessible to any organisation or individual. With its origins in security and intelligence, OSINT relies on

publicly available information appearing in print or electronic form. Open Source information may be transmitted through radio, television, and newspapers, or it may be distributed by commercial databases, electronic mail networks, or portable electronic media such as CD-ROM’s. [I]t may be disseminated to a broad public, as are the mass media, or to a more select audience, such as gray literature, which includes conference proceedings, company shareholder reports, and local telephone directories. Whatever form it takes, Open Source involves no information that is: classified at its origin; is subject to proprietary constraints (other than copyright); is the product of sensitive contacts with U.S. or foreign persons; or is acquired through clandestine or covert means. (Steele, 1992)

The above definition counters a conventional understanding of security intelligence, as it explicitly targets information that is in plain sight to virtually any social actor. Indeed, inclusion of social media in OSINT means its content can be authored by any such actor. This inclusion is manifest as an assemblage (Haggerty and Ericson, 2000) that links personal information, private platforms and police organisational cultures. This is indicative of a broader ambition of police to maintain direct access to social life, as activity that is represented on social media platforms and further mediated through OSINT technologies is then treated as actionable. Policing and control are not manifest in terms of prohibition and censorship, but instead through encouraging circulation and visibility (Brighenti, 2007; Deleuze, 1995). The emergence and repurposing of social media content may therefore render social life immediately accessible to police (Bolter and Grusin, 2000).

On first pass, the features that render social media ‘social’ also make them suitable for inclusion in OSINT. Platforms like Facebook and Twitter mark a convergence of social contexts, data sources and surveillance practices (Trottier, 2012a; Marwick and boyd, 2010). Yet folding social media into open sources provokes changes in the perception and enactment of the former by a host of social actors. More specifically, conversations and other content on social media become strikingly non-ephemeral when retained as open sources. The fact that these platforms retain otherwise fleeting and contextually limited content is a longstanding concern for users, starting with university-based early adopters (Trottier, 2012a). Yet the developments detailed below further cement this concern. This is manifest as a potential criminalisation of spaces and those who dwell within them, but it entails a broader re-evaluation of the purpose and potentiality of these spaces by police. Social media have been discursively framed as a kind of public sphere (York, 2014), and there are a range of limitations to this ideal, including issues of privatisation, categorical discrimination and unequal access. Yet public spaces are historically ephemeral, as any social actor’s engagement and disengagement with that space is relatively frictionless (Juris, 2012). Furthermore, the social actor can be present and visible in a public space while protected by the guise of relative anonymity. As an ideal, the outburst in the public square or the incendiary letter to the editor does not have an absolute bearing on the social standing of its author. Yet folding social media into open sources furthers the potentiality that the former are simultaneously a kind of public sphere and public record.

Social media OSINT uptake is also shaped by a media logic of hypermediacy, or an awareness of and preoccupation with the fragmented and tenuously assembled nature of some media (Juris, 2012: 37). Social media inclusion in OSINT exemplifies hypermediacy, as it rests on a tension between obviating/obliterating information sources (erasure of contextual boundaries; a singular stream where attribution is relegated in importance relative to data’s function in the interface) and a preoccupation with mediation and origin (metadata about data sources remains visible, albeit minimised). This tension is manifest in police institutional cultures, where the possibility of extracting data from ‘open’ and ‘social’ sources depends on partnerships with public and private entities, which may be cause for concern (Ericson and Haggerty, 1997). This tension is also fuelled by a contradiction whereby social media, OSINT and big data render social life transparent and are in turn meant to be broadly accessible (Mayer-Schönberger and Cukier, 2013), yet policing-based assemblages amount to a kind of nodal governance (Shearing and Wood, 2003) that furthers asymmetrical relations of visibility between police and the public (Schneider, 2014), which includes furthering the opacity of how this information circulates and is enacted. Indeed, relative secrecy about how OSINT is extracted from social media contradicts Steele’s claim that it does not rely on covert methods. This article considers these tensions as manifest in origins, configuration and tentative consequences of police use of OSINT and social media.

An underlying concern in the context of the research below is how recent developments in OSINT impact the visibility of social life through the remediation of personal information on social media platforms, and how these changes are a reflection of both technological affordances and institutional constraints. Social media data subjects’ visibility is configured through their own online practices, alongside the actions of peers, platform operators and other social actors. This configuration is furthered by police uptake of OSINT and manifest as a simultaneous subsumption (immediacy) and isolation (hypermediacy) of social media content. In consequence, OSINT surveillant assemblages render social life visible, yet their constituent parts as well as the manner in which they collect, process and retain personal information remain opaque. Furthermore, framing social media data as public knowledge occurs in a context where Twitter content is included in Library of Congress records (Stone, 2010), even if private content can be designated as public mistakenly or maliciously through peer activity (Meeder et al., 2010). While monitoring social media marks a further expansion of the range of open sources, this inclusion furthers a potential criminalisation of online spaces and non-ephemerality of online activity. For this reason, police express ambivalence about these platforms, and are simultaneously transcending media to access these data, while heavily preoccupied with the process involved in accessing these data.

What follows is a critical account of the adoption of social media in OSINT by law enforcement and intelligence agencies. This focus extends from earlier work on social media surveillance (Trottier, 2012a, 2013) that treats the adoption of social media platforms in user practice as producing new conditions of visibility, for these and other social actors. It also extends from work on social media policing (Trottier, 2012b), as one institutional context where the aforementioned visibility configures and is in turn reconfigured by police adoption. This uptake bears a resemblance to an earlier push to adopt closed-circuit television (CCTV) networks in the realm of police monitoring (Norris and Armstrong, 1999), as well as attempts to market social and digital media intelligence in marketing and other domains (Andrejevic, 2013).

The site of inquiry comprises the localised contexts in which social media OSINT is trialled in Europe. While the European Union (EU) presents a united front in terms of data protection vis-a-vis the Silicon Valley (Fioretti, 2014), in practice it is a tenuous assemblage of local institutional cultures, social media platforms and third-party mediators. National privacy advocates, including data protection authorities and civil society groups, also oversee social media uptake among police. This article draws on interviews with 19 police and intelligence officials, as well as 14 privacy advocates from 13 EU member states. Interviews were face-to-face and semi-structured, and took place between September 2012 and March 2013. This data collection was part of a broader European Commission project on the uptake of new technologies in the context of security, with a focus on perceived social costs. Respondents considered their motivations to adopt open source social media monitoring technologies in their jurisdiction. After an overview of OSINT in the context of public policing, findings are arranged into six thematic settings. The first two consider uptake and concerns related to immediate institutional constraints. The third and fourth themes consider automation and interoperability as key features of social media remediation through OSINT, while the final two themes consider perceived social costs in relation to the aforementioned tensions, including the furthering of categorical suspicion, the repurposing of platforms and content as well as the criminalisation of online spaces. These findings provide an exploratory understanding of the assemblage of OSINT and social media data with police practice.

OSINT and public policing

OSINT refers to the repurposing of public records for intelligence and investigations, including social media content not protected by privacy settings. While the investigating agent has to manually specify the search criteria and range, tools such as search engines and web crawlers will then automatically retrieve these data and as such are key elements in a process of constructing actionable intelligence from public records. These tools can be used for both retrospective as well as real-time searching. As social media platforms maintain a presence in social life, their users continue to submit information, much of which is publicly accessible by default. Data analytics by law enforcement are located within a context of repurposing social information. In terms of its uptake by police, we may consider how it extends from other, longstanding practices of monitoring public spaces and incorporating novel information sources (Ericson and Haggerty, 1997). As one example, CCTV, whether publicly or privately owned and administered, amounts to a mediated surveillance of public and semi-public spaces. It enables the recasting of otherwise ephemeral social interactions into raw data, to be analysed in the detection and pursuit of criminal events. During their uptake, they were even framed as a kind of fifth utility (Graham, 2002) in part due to their potential as a public service. While some urban initiatives sought to embrace a democratising potential in open-access CCTV, or ‘local community webcams’ (European Urban Knowledge Network (EUKN), 2007; see also Trottier, 2013), in practice, this led to a further mediation of civic life, and a further rupture between social strata with uneven access to this utility, along with uneven exposure by the utility. Such assessments echo earlier assessments of the distancing between police and the public through CCTV (Norris and Armstrong, 1999) as well as a specific professional class of camera operators that relays information about public spaces to law enforcement (Smith, 2004). In the case of OSINT, public information is mediated by definition, and subsequent actions amount to a further remediation (Bolter and Grusin, 2000) of social media data.

OSINT and social media are meaningful in the context of other kinds of relations between police and public. A prominent model is community policing, which suggests a bilateral relation of information sharing (Friedmann, 1992). Some police uses of social media resemble this model, for instance, by soliciting input and feedback from the public, alongside making themselves visible to the public (Crump, 2011). Furthermore, policing models are in practice shaped by what is technologically and economically possible. Cost-cutting measures and limited staff may shape data analysis through OSINT. Public policing initiatives also rely on private media services. These initiatives target and analyse seemingly public data that are relayed on privately owned communication channels and mediated through privacy settings that render data visible to varying degrees. This techno-economic configuration shapes what information is designated as publicly accessible by OSINT analysis, and thus has a determining effect on data subjects who are rendered visible and knowable through police intervention.

Social media monitoring includes, but is not limited to, OSINT. Likewise, in practice, OSINT collapses several types of public records, including social media, but also news media, government reports, satellite photography and industry white papers. The triangulation of these sources is of particular value to police, as it aims to enrich a contextual understanding of the target of an investigation, as well as corroborate any single piece of information (Bartlett et al., 2013). Security researchers are currently considering the specific contribution and affordances of social media data for OSINT. Social Media Intelligence, or SOCMINT (Omand et al., 2012), identifies social media content in particular as a challenge and opportunity for open source investigations. The discursive formation of SOCMINT by proponents aims to strike a balance between ‘public goods’ that include ‘public safety, the right to privacy and the economic and social wellbeing of a nation’ (Omand et al., 2012: 19). SOCMINT proponents also identify a methodological challenge in the sorting and sampling of social media data, with the implication that existing practices fail to fully interpret social media activity (Omand et al., 2012: 54). This resonates with other assessments of the state of social sciences (Savage and Burrows, 2007) as needing to consider new sources of research data as well as methodological innovations. The remediation of social media data in OSINT also raises concerns about the loss of the specific context in which social media content is authored, a risk that is further compounded by interpreter bias (Trottier, 2012a).

From a law enforcement perspective, bringing social media data into the fold of OSINT follows the perception that criminal acts may leave traces on these platforms. In 2011, London, Birmingham and other British cities experienced social unrest. An unanticipated consequence is that an extensive amount of social media content documented what transpired. Twitter users authored approximately 2.6 million tweets, which purportedly rendered these events more legible to law enforcement as well as to journalists and data scientists (Ball and Lewis, 2011). Social media are also platforms where online communication may be reconfigured as criminal acts. One year before these riots, Paul Chambers posted a public message on Twitter in which he threatened to blow up Robin Hood Airport in South Yorkshire. While this was intended as a joke, it was interpreted as a terror threat, and Chambers was arrested, convicted (a decision that was quashed after three appeals) and lost his job (Mitchell, 2010). These discoveries are part of a broader cultural experience of coming to terms with social media as public records, along with the potential criminalisation of these platforms through police-led surveillance.

Following the 2011 London riots, the Guardian claimed to be able to identify and reconstruct communication flows through an analysis of riot-themed data (Richards and Lewis, 2011). Likewise, the Central Intelligence Agency (CIA) has launched an open source initiative that includes monitoring Twitter data. A group of analysts draw upon ‘up to 5 million tweets a day to gauge public opinion around the world’ as well as ‘messages shared via Facebook and comments made in Internet chat rooms, in addition to listening in on more traditional forms of information dissemination, such as TV news channels and local radio stations’ (Reisinger, 2011). Cross-referencing social media and other publicly accessible sources offers a broad overview of public sentiment, and marks a kind of collapsing of these communication channels into a single category: public data. In some cases, police may repurpose social media content as evidence. Even content that is obscured by privacy settings may be reclassified as public when a potential suspect shares it with a friend, who in turn offers it to police (Kelly, 2012). Police may also use these platforms to solicit information, as in the case of the San Francisco Police Department’s (SFPD, 2014) ‘Anti Bike Theft’ twitter account. These examples illustrate precisely the novelty of OSINT: that individual messages on social media, taken in aggregate, can purportedly provide access to social life on a simultaneously granular and aggregate scale.

Private companies produce technologies that collect publicly available data from social media sites. Israeli-based Nice Systems has developed NiceTrack Open Source Intelligence, which ‘helps Law Enforcement Agencies (LEAs) and intelligence organisations identify new suspicious activities and national threats’ through a ‘mass collection of unlimited web sources’ (NiceTrack, 2014b). Threats and suspicions are extended onto a vastly ‘unlimited’ media landscape. In effect, this justifies the analysis of open sources of social media, while defining this landscape as vaguely borderless. The NiceTrack Monitoring Center ‘is a fully-integrated monitoring and analysis platform that helps Law Enforcement Agencies (LEAs) and intelligence organisations reduce crime levels and fight terrorism’ that collects data from numerous sources, including social media (NiceTrack, 2014a). Nice’s products are designed specifically for police and investigative agencies. In contrast, Maltego (Buley, 2008) is an OSINT tool that generates visual representations of social network data and is marketed to virtually any social actor. These technologies remediate data that may be considered private by users, but remain publicly accessible through Facebook’s default privacy settings. Yet this is a further distribution of that content from the social media platform to a third-party service, to an investigative agency. And while police may have immediate access to social media content through OSINT, the process by which it is rendered to them remains a point of institutional concern.

Such assemblages amount to a curious partnership between private and public entities. Seemingly public information, which is brokered on privately owned platforms and further processed and distributed through private technologies, is then utilised by publicly funded agencies like regional and national police. The seemingly effortless transcendence of private/public distinctions is a troubling development in social media uptake (Andrejevic, 2009; Fuchs, 2011), and is fuelled by an economic drive to repurpose content in as many ways as possible (Bolter and Grusin, 2000: 68; Degli Esposti, 2014). Efforts to account for these data are situated within a broader crisis of representation (Andrejevic, 2013). Attempts to overcome this crisis include an automation of not only access of data but also processing, whereby predictive measures are privileged over analysis and explanation. Such ambitions can be extrapolated to an automation of policing, which is sustained by an immediacy of social life through OSINT. Yet these ambitions are fraught with limitations, not the least of which is the hesitation for police to adopt new information technologies, alongside a preoccupation with origins and credibility of incoming data (Trottier, 2012b).

OSINT in practice as a techno-economic construct

The previous sections consider the introduction of social media content in OSINT, and its potential implications for LEAs as well as data subjects. LEAs in the EU and elsewhere are coming to terms with both a growing social media landscape as well as with OSINT tools that enable the analysis of public content on platforms like Twitter. The interview findings below consider how police in Europe initially engage with social media data via these tools. This uptake is situated in a context of financial constraints, restructuring and legal uncertainty. They are also characterised by a tension between a desire to access social life through OSINT sources, and a preoccupation with the manner in which this information is collected and arranged, especially as the aforementioned sources may radically prolong the shelf life of content from platforms that appear to monopolise social activity.

Uptake and justifications

Police justifications for monitoring of social media through OSINT are linked to incidents that feature prominently in public discourse. This resembles previous instances of trialling new technologies in the context of public concerns (Deisman et al., 2009), whereby an alignment of technological affordances, public sentiment and a governmental mandate may be necessary. A Swedish defence researcher works on an EU-funded project that develops search tools for police use of OSINT. His objective for this focus is to identify lone-wolf terrorists as well as to collect information about public sentiment following environmental crises. Likewise, a Romanian Officer justifies OSINT in the context of counter-terrorism, illegal protests, child exploitation and copyright infringement. Such disparate justifications suggest that the motivation for initiating or maintaining social media analysis is not linked to any specific social problem, but rather that an array of criminal and socio-political events will be monitored if they have an online presence. A Dutch officer adds that they preferred to keep their focus on perceived threats, rather than dictating police procedure in terms of available technologies: ‘we – characteristically for the police – tried to avoid to end up with a discussion about technologies; we decided to focus on, say, Wilders, say, Rutte [Dutch politicians]’. Focusing on prevalent socio-political crises as opposed to technologies-as-solutions is congruent with Ericson and Haggerty’s (1997) observations that police are typically unwilling to develop organisational strategies with technologies in the foreground (p. 390). In comparison to other forms of social media surveillance that require prior judicial review, a Bulgarian privacy advocate states that OSINT is enrolled ‘under a number of circumstances’ such as ‘anticipatory intelligence gathering for investigating specific suspected persons under a lot of different scenarios’. With regard to the monitoring of online social networks, a UK-based privacy advocate states that they do not have any concerns around using open source data, as this information has been voluntarily placed in the public domain. However, they are concerned with the ease with which the police can acquire private data from third parties. Among other risks, if a user authors a private tweet that is then re-broadcast by a third party in a public manner, this may constitute a perceived violation of the original users’ data protection rights. The manner in which personal data circulate within and beyond any social media platform forces a consideration of how visibility is reconfigured through the inclusion of this data in OSINT. The designation of social media data as public appears to circumvent most concerns about the appropriateness of its analysis. Yet the boundary between public and private remains permeable in practice.

Many respondents participated or were aware of national initiatives to make sense of the appropriate use of OSINT. In comparing their agency to other regional branches, a Dutch officer notes that the latter ‘take the view that if people do not want the police to see certain things, they should not put them on the Internet in the first place’. In contrast, their agency believes ‘the fact that someone has left his door open does not automatically imply we have the right to enter and inspect the house’. An analogy based on conventional police work unpacks a notion of public visibility that problematises key assumptions about the use of OSINT. In taking this approach, this respondent suggests that the task for police is adequate interpretation of existing laws, and applying these to online technologies: ‘the existing laws suffice! An analogy with the Internet is easily made. That door may have been left open, but, except for a situation where I am catching somebody in flagrante delicto, I may not enter without permission’. Police respondents render OSINT meaningful in the context of a policing landscape by making direct comparisons to embodied situations. Yet the multi-source nature of OSINT analysis, among other characteristics, produces a tension where the public designation of these data does not immediately justify police intervention. An immediated approach to OSINT content is configured by an erasure of the information flow, and therefore likens viewing content as akin to witnessing an incident. However, a hypermediated approach is preoccupied with where this content is first situated and where it circulates when mapping it to embodied procedures. This mapping actualises the potential criminalisation of social media, in part through the decision to retain and act upon content.

Costs associated with OSINT

A Swedish officer justifies the police’s continued use of OSINT due to the fact that they rely on public and ‘very well known pieces of software’ that are ‘completely free for anyone to use’. Respondents in other countries also endorse free services, noting that they are especially helpful for agencies with limited budgets. A Romanian officer points out that ‘from a financial point of view, as compared to necessary time and means of collecting information from classified sources, the exploitation of open sources is cheaper’. They offer the example that ‘high quality geospatial information can be collected on specialised websites, such as Google Earth’, which is advantageous for smaller states with limited budgets for intelligence-led policing. However, while accessing data may be accomplished with free tools, processing and analysing these data is costly. The extent to which a data subject is enrolled in police analysis remains contingent on financial limitations. In the case of paid software, a Dutch officer notes that a ‘license, and we are talking of the user’s level here […] can amount to €750 to €1,250 a month, a person.That is a considerable expenditure, a part-timer’s salary’. Police respondents in the United Kingdom and elsewhere confirm that staff wages and training costs represented that single largest expenditure. Celebratory discourses present emerging technologies as transcending material constraints (Mosco, 2004). Yet, in practice, these are of immediate concern, and may pit OSINT and other technologies against the officers whose duties they are meant to facilitate.

Respondents also perceive the adoption of OSINT tools and practices as linked to a less conventional – and therefore less successful – career path. Instead of being ordered to target open sources, specific investigators advocate for such technologies based on their own personal interest and professional credentials. These specialists follow unconventional career paths in consequence. A Swedish police respondent notes that choosing to be an Internet specialist is problematic, as even ‘the world’s greatest OSINT expert’ would not be promoted under the current system. They also note that the conventional career path is restrictive at the entry level, as new staff are recruited ‘for patrol car work’. Although this respondent predicts that online analysis will continue to grow in importance, current recruiting pre-requisites do not reflect this growth. The impact of OSINT on police work is tempered by an institutional culture that is comparatively unresponsive to emerging technologies, despite a perceived need among officers to be seen as embracing such technologies (Ericson and Haggerty, 1997). OSINT uptake may be dampened not only by a preoccupation with the origins and circulation of social media content but also by the career outcomes of its internal proponents.

OSINT and automatic versus manual interventions

A shared opinion among respondents is that even automated tasks can only be automated as a result of manual calibration and maintenance. The aforementioned Swedish defence researcher notes that in the case of sentiment analysis technology, a lot of manual input goes into identifying keywords and then testing their effectiveness. At this stage, what may otherwise be rendered opaque remains subject to oversight and configuration. They also claim that following manual calibration, such a system requires much less human attention. Yet they stress that OSINT systems are designed for supporting human analysis, not replacing it. A Dutch privacy advocate also notes the importance of the manual calibration, adding that ‘profiles the system produces also depends on your [manual] query in the first place, and if your query is improper or biased, discrimination or other problems may, of course, ensue’. This respondent identifies the search criteria and other input provided by an officer as determining the uptake and social consequences of OSINT. Such concerns can be added to the range of preoccupations associated with information technologies that otherwise attempt to grant direct access to social life. Insofar as these concerns are shared by police agencies and related actors, they will dampen the assemblage of ‘open’ data sources, private social media companies and publicly funded police agencies.

One reason for human intervention is the fact that OSINT technologies lack the ability to interpret social media content, for instance, in assessing the legality or actionability of online content. It bears repeating that such content is authored in a particular socio-cultural context, and even event reconstruction and sentiment analysis software linked to third-party OSINT tools provides scarce indication of this context. In taking a comparatively limited understanding of what OSINT analysis can reveal, a Norwegian privacy advocate remarks that evidence obtained online ‘mostly tells you where to continue to investigate’, thus limiting social media OSINT to a kind of barometer of other intelligence sources. This suggests that police engagement with OSINT is centred on yielding information, which is analysed and acted upon at a later stage, rather than relying upon a private device or platform as an automated solution. While technologies like NiceTrack can potentially collapse disparate information sources into a single stream, their uptake by police is typically based on a preoccupation with and navigation through these sources. The extent to which social media activity is retained in and beyond criminal investigations is partially determined by ad hoc evaluations.

Interoperability and data quality

OSINT tools are especially suited for interoperability between institutions, as they converge formerly distinct data sources into a single communication flow. Techniques such as manual searching and acquisition via OSINT can be cross-referenced against other sources of information, such as official records and accounts. This is partly due to the text and image–based nature of social media content. As well, specific partnerships do exist between investigative agencies, as well as with other public and private institutions. These partnerships are often maintained on a case-by-case basis, and render information that is gathered by one monitoring technology to be interoperable with other information. Respondents generally state that laws and protocols are not adapted to the current surveillant media landscape, and that legal reforms and codes of conduct may be necessary to determine the appropriateness of pairing OSINT data with other sources of intelligence (Van Dijck, 2014: 205).

In the context of multi-source intelligence, a Romanian police respondent claims that OSINT can provide ‘data and information that cannot always be obtained from classified sources, facilitate the access to certain types of expertise which is not always available in the information services, and can themselves become a dissemination channel’. The nature of online data acquisition is such that it is relatively easy from a technical standpoint to combine several data sources. The boundaries separating media formats may be transcended in practice, in order to render all relevant data immediately accessible to police. While a Dutch officer notes that the distinction between social media and other online platforms is not important in investigations, a UK-based officer notes that both online and offline data are utilised for investigations, and that OSINT is often cross-referenced with information from police data sources. A Czech privacy advocate states that such interoperability through convergence is a ‘principle of data mining’, adding that

[t]he value of information grows in connection to other information like a snowball. This is the objective of a technology usage […]. The police are entitled to data-mine, to process data from various resources, to link them together. That is the activity that other subjects are not entitled to.

This response asserts a claim of OSINT as the exclusive domain of police, not only suggesting a departure in practices from promotional articulations of these technologies as accessible to all (Buley, 2008; Mayer-Schönberger and Cukier, 2013) but also furthering an asymmetrical relation of access and visibility between police and the public. Such asymmetries are acute in a broader context of big data uptake where individual self-monitoring occurs alongside (and indeed fuels) the surveillance of these individuals on an infrastructural scale (Klauser and Albrechtslund, 2014: 276).

Although data from formerly disparate sources may be accessible through OSINT, this assemblage also provokes a preoccupation with the origins and credibility of this content. A Dutch officer notes that they have to cope with not only ‘deliberate misinformation’ online but also individual differences among the investigators in their team. Although social media users wilfully misrepresented events during the London riots (Procter et al., 2011), this term suggests that by virtue of being included in OSINT, interpersonal communications are reframed as a communication with police. As a result of these concerns, the above respondent’s agency submits ‘all information to the information coordinator […] who checks the information from a legal perspective, a police perspective as well as an editorial perspective’. Even if information from multiple contexts is collapsed into a single OSINT stream, in practice, any single communication may be assessed from numerous institutionally relevant contexts. Other respondents report that evaluating the accuracy of online data – including data from social media platforms – is an integral step in online investigations. Despite the costs and challenges associated with sorting through social media data, a Romanian police respondent notes that the bigger cost to policing would be to exclude the bulk of these data. They note that even in accounting for the ease with which users can remain anonymous and dissimulate on platforms like blogs, ‘excluding the data flow from the virtual environment would mean excluding the greatest data source available, even if they need to be evaluated and analysed to eliminate judgement errors and misleading information’. This suggests an emerging default tendency towards the inclusion of (open) social media data in criminal investigations. The consequences for those who author or are otherwise represented by these data will likely vary on the basis of categorical discrimination, but all appear to share at least an initial assessment in a criminal justice framing that may include the perspectives listed above.

Discrimination and function creep

Police respondents regard the repurposing and analysis of political views as a source of discrimination, a risk that complicates a popular vision of social media platforms as a potential public sphere (Papacharissi, 2002). An Italian privacy advocate offers the following example: ‘If on Facebook I mark with “I like” left-leaning newspapers or headlines coming from left-leaning newspapers, I will never receive an offer from right-leaning newspapers […]. Somehow, my choices, being monitored, can create a static profile’. On the basis of this example, the above respondent is concerned with, and wishes to avoid the ‘massive filing of personal data by both public and private actors’, suggesting an enduring concern with data origins in OSINT uptake. In the context of politically charged discrimination, an Austrian privacy advocate states that these risks could be grounds for categorical discrimination. In particular, ‘people who have extreme concepts of privacy and freedom of speech, articulating these positions religiously, ideologically or from a consumption-orientated perspective’ are likely to be targets. This response is aligned with longstanding concerns with how the further mediation of everyday life reinforces categorical discrimination and the allocation of individual life chances (Gandy, 1993, 2009), notably by embedding risk categories and other grounds for discrimination in emerging data processing practices.

Extending from the example above, the Austrian privacy advocate invokes the risk of function creep in OSINT, which refers to a ‘tendency to expand the topics and areas which are monitored’ (cf. Lyon, 2001). This also appears to be related to a broader desire to retain personal information without a particular reason, typically in violation of existing data protection laws. A Czech privacy advocate states that ‘it is a common reason for processing information. It can be certainly useful some day. The law provides that there should be always a purpose for data processing. When the purpose is gone, the data should be erased’. OSINT uptake that privileges the immediacy of social life that it offers can conveniently overlook the fact that not only is any single information flow produced in a particular context but that any interception of said flows is also authorised for a particular purpose. Some respondents speculate that the risk of secondary use and repurposing is connected to the open and otherwise indeterminate nature of social media platforms. A Swedish officer speculates that the term ‘Open’ in OSINT can refer to open sources of information, but also the open nature of its purposes and uses. Others link secondary use to a broader desire to explore new possibilities with emerging technologies. The open-ended nature of OSINT analysis speaks to the importance of an awareness of these risks at a societal level, as well as effective data protection legislation to circumvent misuse. An expansion of search terms or a further retention of information yielded from OSINT reflects an approach to these technologies that neglects the social and institutional contexts that are traversed in their remediation.

Criminalisation of online spaces

An underlying thread in this research is that police uptake of OSINT raises the possibility of re-framing social media platforms, users and data in terms of security and criminality. A Dutch privacy advocate notes that with many social media monitoring technologies ‘everybody is indeed a suspect and your selection consists of the whole population […] Once you start monitoring all Tweets originating from the Netherlands every Dutch Tweeter is in fact a suspect’. This suggests that the data subject – regardless of their engagement with social media platforms – can be recast as a suspect as a result of the use of OSINT. This respondent clarifies that they are not referring to any single technology, but that the practice of data retention and analysis more generally ‘is an example of a tool where simply everyone is a suspect, because your and everybody’s mobile phone conversations’ traffic data, and those of the e-mails you send through your provider, are being retained’. They add that this ‘kind of system already exists’, but that in terms of the analysis of social media data, ‘we have little idea if the police are already doing that at present’. The risk this respondent identifies is more broadly related to the ability for police to access the totality of citizens’ social and digital presence. Yet they also indicate an opacity regarding the public and even expert awareness of whether these practices are implemented in a local context. Although OSINT is meant to be open and accessible, an inability to confirm its use in police data analysis positions it alongside other opaque monitoring technologies, furthering an asymmetry of visibility between police and public. It bears noting that even a forceful remediation of social media streams in the construction and application of risk categories occurs alongside a myriad of institutional and individual practices that assemble these platforms and data streams (Lippert, 2010: 480). Thus, a ‘plurality of powers’ may be linked to social media OSINT, although their respective abilities to reconfigure and repurpose its content will surely differ.

This risk of criminalisation is linked to the general perception of social media as public space, with a related assertion that existing laws and protocols ought to apply in online policing. A UK privacy advocate offers the example of Paul Chambers presented above as a communicative act that should be interpreted as criminal, whether it occurs online or offline. Yet, as earlier police responses indicate, there is no precise corollary to conventional policing, which calls into question the boundaries of public space and open access online. The uncertain veracity of online threats is linked to a broader challenge of ascertaining credible online content. A Dutch police respondent notes that following cases where young social media users were met with ‘severe punishment’, they have

refrained, thus far, from communicating offensively on the basis of our threat detection; it is because our police communication will be one of the things added to your timeline. And that would not be desirable. It will haunt you for the rest of your life, for the Internet does not forget.

Remediation of social media data through OSINT impacts not only the handling of social media data but also the treatment of the corresponding data subject. The ease with which OSINT tools can retrieve sensitive and stigmatising information may have enduring consequences for data subjects who are targeted by the police, and this risk may dampen police initiatives to visibly engage with potential suspects online. As part of coming to terms with the public nature of some online spaces, this officer notes that the punitive consequences for data subjects will be enduring and possibly unanticipated. An Austrian police respondent states that criminalising and pursuing speech acts on social media risks ‘depriv[ing] people of public space in which they can also make statements that are not elaborate or well thought-out’. Thus, the tentative and experimental dimensions of public spaces risk erosion as a result of the public recognition of these spaces as policed through OSINT analysis.

Conclusion: coping with OSINT investigations and visibility

Social media uptake in OSINT by police remains in a formative stage. These disparate and exploratory findings indicate the presence of two tendencies among officers and privacy advocates who oversee these developments. On the one hand, there is a tendency to embrace the potential collapsing of social and institutional contexts in which this info is gathered and processed. Yet institutional, legal and societal concerns all compel a reconsideration of this iteration of ‘intelligence-led’ policing (Ratcliffe, 2002). Furthermore, concerns with mediation in practice dovetail with more grounded concerns about budgets and career paths. On the basis of the above findings, the inclusion of social media data in OSINT amounts to a remediation of personal content first located on privately owned platforms. Social media platforms have undergone extensive changes to their interfaces, and also their user populations and functionality in the last decade. These changes are linked to their growing popularity, including their adoption by various social spheres and institutions. Furthermore, while promotional material for OSINT generally presents these technologies as accessible to all social actors, police users differ from other actors who may appropriate social media content (Trottier, 2011, 2013), most notably in terms of a perceived legal mandate to do so. On the basis of the above responses, these configurations may further asymmetrical relations of visibility and control between the police and public. While the uptake of social media monitoring in OSINT is shaped by police institutional cultures, a broader awareness of these practices may in turn be reflected in the practices and perceptions of a broader range of social actors involved. A Dutch officer believes this is a dynamic process, which will ‘result in an increased awareness, in everybody, including those people we would like to keep communicating publicly’. This respondent acknowledges that emerging analytic practices on social media are ‘the result of a relatively severe intrusion on your private life’. As a consequence of a heightened non-ephemerality, social media monitoring may contribute to a public awareness whereby users take measures to be less visible on these platforms. Subsequent research in this area should investigate if user cultures on social media come to include practices that minimise or otherwise manage visibility online.

Many respondents raise concerns about these social costs. An Austrian privacy advocate is of the view that ‘the main risk is that people confine themselves in their communication due to the feeling of being watched’. They add that this risk ‘has already been frequently at issue in proceedings before the Supreme Court in connection with workplace monitoring and the surveillance of public and private space’, indicating that there are precedents of this risk that precede social media monitoring by police. An increased reluctance for self-expression online is ‘by far the most important risk involved’ for a Dutch privacy advocate, due to the fact that

obviously, it would be very harmful if people would stop using, say, Facebook […] simply and solely because there is a risk that data will be revealed, a risk that somebody they would prefer not to read their posts will monitor them, or that the data will be collected and used for other purposes later on.

A Czech privacy advocate invokes a social understanding of security, noting that a public awareness of heavily monitored social media platforms will result in a ‘less secure’ society as a result of ‘less democracy’. Other respondents note that this risk is especially acute in the context of sensitive topics, resulting in citizens hesitating to join online communities for health problems, psychological well-being and religious topics. Another underlying thread for respondents is that any potential impacts are manifest on a societal level as a result of the social convergence so often associated with these platforms but also their remediation as public records. Such impacts, including a heightened criminalisation of online spaces, are manifest as a tension between individuals and collectives in discussing social media and big data: some individuals will experience diminished life chances as a result of the intersection of their public record and their categorical affiliations. Yet a broader societal dependence on platforms like Facebook and Twitter overlaps with a similar emerging dependence by police, especially for purposes of information collection and record keeping. As a result, open social media content not only has a prolonged shelf life by default but multiple shelf lives in dispersed institutional contexts. The potential for social media to be a public sphere seems tenuous, while its potential as public records seems actualised, albeit with some hesitation by police.

The open designation of OSINT, when adopted for police monitoring and analysis, reconfigures the perception of social media as public spaces. Upcoming research should remain attentive to how institutional practices by police and other analytic efforts will shape social media users, alongside other active and passive data subjects. These efforts may compel users – criminal or otherwise – to exclude their online content from OSINT through the use of privacy settings, as well as the migration from particular social media platforms. Yet not all users are actively involved in the authoring and circulation of their personal data. Due to the networked character of social media content, especially relational data, even non-users can be enrolled as data subjects through peers or institutions. Indeed, we may consider whether even active data subjects are also partially passive as a result of peer activity on their behalf. Greater focus on the experiences of data subjects is needed in this area. As well, the boundary between public and non-public data, alongside the practices linked to these designations, should be considered in upcoming research.

Footnotes

Funding

This research was funded by The European Union’s Seventh Framework Programme, grant number 285582.

Biographical note

Daniel Trottier is an Assistant Professor in the Department of Media and Communication at Erasmus University Rotterdam. He has authored Social Media as Surveillance in 2012, Identity Problems in the Facebook Era with in 2013, and co-edited Social Media, Politics and the State in 2014.

References

Andrejevic

(2009) Surveillance in the digital enclosure. In: Magnet

Gates

(eds) The New Media of Surveillance. New York: Routledge, pp.18–40.

Andrejevic

(2013) Infoglut: How Too Much Information Is Changing the Way We Think and Know. New York: Routledge.

Ball

Lewis

(2011) Twitter and the riots: How the news spread. The Guardian, 7 December. Available at: http://www.theguardian.com/uk/2011/dec/07/twitter-riots-how-news-spread (accessed 25 April 2014).

Bartlett

Miller

Crump

. (2013) Policing in an Information Age: CASM policy paper. DEMOS, March. Available at: http://www.demos.co.uk/files/DEMOS_Policing_in_an_Information_Age_v1.pdf?1364295365 (accessed 25 April 2014).

Bolter

Grusin

(2000) Remediation: Understanding New Media. Cambridge, MA: The MIT Press.

Brighenti

(2007) Visibility: A category for the social sciences. Current Sociology 55(3): 323–342.

Buley

(2008) When everyone can mine your data. Forbes.com, 21 November. Available at: http://www.forbes.com/2008/11/21/maltego-data-mining-identity08-tech-cz-tb_1121maltego.html (accessed 28 May 2014).

Crump

(2011) What are the police doing on Twitter? Social media, the police and the public. Policy & Internet 3(4). Available at: http://www.psocommons.org/policyandinternet/vol3/iss4/art7 (accessed 25 April 2014).

Degli Esposti

(2014) When big data meets dataveillance: The hidden side of analytics. Surveillance and Society 12(2): 209–225.

10.

Deisman

Derby

Doyle

. (2009) A report on camera surveillance in Canada. Surveillance Camera Awareness Network (SCAN). Available at: http://www.sscqueens.org/sites/default/files/SCAN_Report_Phase1_Final_Jan_30_2009.pdf (accessed 25 April 2014).

11.

Deleuze

(1995) Negotiations, 1972–1990. New York: Columbia University Press.

12.

Ericson

Haggerty

(1997) Policing the Risk Society. Toronto, ON, Canada: University of Toronto Press.

13.

European Urban Knowledge Network (EUKN) (2007) Digital bridge provides digital monitoring system to citizens – Shoreditch, UK. EUKN, 29 March. Available at: http://sampac.nl/EUKN2015/www.eukn.org/E_library/Security_Crime_Prevention/Tackling_Crime/Enforcement_Civil_Intervention/Digital_Bridge_provides_digital_monitoring_system_to_citizens_%E2%80%93_Shoreditch_UK.html (accessed 19 March 2015)

14.

Fioretti

(2014) EU privacy watchdogs give Google guidelines to change privacy practices. Reuters, 26 September. Available at: http://uk.reuters.com/article/2014/09/26/us-google-eu-privacy-idUKKCN0HL11320140926 (accessed 20 October 2014).

15.

Friedmann

(1992) Community Policing: Comparative Perspectives and Prospects. New York: Palgrave Macmillan.

16.

Fuchs

(2011) Web 2.0, prosumption, and surveillance. Surveillance and Society 8(3): 288–309.

17.

Gandy

(1993) The Panoptic Sort: Political Economy of Personal Information. Boulder, CO: Westview Press.

18.

Gandy

(2009) Coming to Terms with Chance: Engaging Rational Discrimination and Cumulative Disadvantage. Farnham: Ashgate.

19.

Graham

(2002) CCTV: The stealthy emergence of a fifth utility? Planning Theory & Practice 3(2): 237–241.

20.

Haggerty

Ericson

(2000) The surveillant assemblage. British Journal of Sociology 51(4): 605–622.

21.

Juris

(2012) Reflections on #Occupy Everywhere: Social media, public space, and emerging logics of aggregation. American Ethnologist 39(2): 259–279.

22.

Kelly

(2012) Police embrace social media as crime-fighting tool. CNN.com, 30 August. Available at: http://edition.cnn.com/2012/08/30/tech/social-media/fighting-crime-social-media/ (accessed 10 October 2014).

23.

Klauser

Albrechtslund

(2014) From self-tracking to smart urban infrastructures: Towards an interdisciplinary research agenda on Big Data. Surveillance and Society 12(2): 273–286.

24.

Lippert

(2010) Mundane and mutant devices of power: Business improvement districts and sanctuaries. European Journal of Cultural Studies 13(4): 477–494.

25.

Lyon

(2001) Surveillance Society: Monitoring Everyday Life. Buckingham: Open University Press.

26.

Marwick

boyd

(2010) I tweet honestly, I tweet passionately: Twitter users, context collapse, and the imagined audience. New Media & Society 13(1): 114–133.

27.

Mayer-Schönberger

Cukier

(2013) Big Data: A Revolution that Will Transform How We Live, Work and Think. New York: Harcourt Publishing.

28.

Meeder

Tam

Kelley

. (2010) RT @IWantPrivacy: Widespread violation of privacy settings in the Twitter social network. In: Web 2.0 privacy and security workshop – IEEE symposium on security and privacy. Available at: http://www.cs.cmu.edu/~bmeeder/papers/Meeder-SNSP2010.pdf

29.

Mitchell

(2010) Sacked and fined £1,000 for a joke about an airport? You cannot be serious. The Guardian, 16 May. Available at: http://www.theguardian.com/commentisfree/2010/may/16/britain-turns-serious-david-mitchell (accessed 25 April 2014).

30.

Mosco

(2004) The Digital Sublime: Myth, Power, and Cyberspace. Cambridge, MA: The MIT Press.

31.

NiceTrack (2014a) NiceTrack Monitoring Center. Nice.com. Available at: http://www.nice.com/intelligence-lea/monitoring-center (accessed 25 April 2014).

32.

NiceTrack (2014b) NiceTrack Open Source Intelligence. Nice.com. Available at: http://www.nice.com/Intelligence-lea/open-source-intelligence (accessed 25 April 2014).

33.

Norris

Armstrong

(1999) The Maximum Surveillance Society: The Rise of CCTV. New York: Berg Publishers.

34.

Omand

Bartlett

Miller

(2012) A balance between security and privacy online must be struck. DEMOS. Available at: http://www.demos.co.uk/files/_Intelligence_-_web.pdf?1335197327 (accessed 25 April 2014).

35.

Papacharissi

(2002) The virtual sphere: The Internet as a public sphere. New Media & Society 4(1): 9–27.

36.

Procter

Vis

Vos

(2011) How riot rumours spread on Twitter. The Guardian, 7 December. Available at: http://www.theguardian.com/uk/interactive/2011/dec/07/london-riots-twitter (accessed 25 April 2014).

37.

Ratcliffe

(2002) Intelligence-led policing and the problems of turning rhetoric into practice. Policing and Society 12(1): 53–66.

38.

Reisinger

(2011) CIA’s ‘vengeful librarians’ track Twitter, Facebook. CNet, 4 November. Available at: http://www.cnet.com/uk/news/cias-vengeful-librarians-track-twitter-facebook/ (accessed 25 April 2014).

39.

Richards

Lewis

(2011) How Twitter was used to spread – And knock down – Rumours during the riots. The Guardian, 7 December. Available at: http://www.theguardian.com/uk/2011/dec/07/how-twitter-spread-rumours-riots (accessed 25 April 2014).

40.

Savage

Burrows

(2007) The coming crisis of empirical sociology. Sociology 41(5): 885–899.

41.

Schneider

(2014) Police image work in an era of social media: YouTube and the 2007 Montebello Summit Protest. In: Trottier

Fuchs

(eds) Social Media, Politics and the State. New York: Routledge, pp.227–246.

42.

SFPD (2014) SFPD anti bike theft. Available at: https://twitter.com/sfpdbiketheft (accessed 10 October 2014).

43.

Shearing

Wood

(2003) Nodal governance, democracy, and the new ‘Denizens’. Journal of Law and Society 30(3): 400–419.

44.

Smith

(2004) Behind the screens: Examining constructions of deviance and informal practices among CCTV control room operators in the UK. Surveillance and Society 2(2/3): 376–395.

45.

Steele

(1992) United States Marine Corps Comments on Joint Open Source Task Force Report and Recommendations, 6 January. Available at: http://www.oss.net/dynamaster/file_archive/060324/9906ba66ee5fe750bb8fe5712b1e20e7/92%20Jan%2011%20Steele%20on%20IC%20OSINT.pdf

46.

Stone

(2010) Tweet preservation. Twitter Blog, 14 April. Available at: https://blog.twitter.com/2010/tweet-preservation (accessed 25 April 2014).

47.

Trottier

(2011) A Research agenda for social media surveillance. Fast Capitalism 8(1).

48.

Trottier

(2012a) Social Media as Surveillance: Rethinking Visibility in a Converging World. Farnham: Ashgate.

49.

Trottier

(2012b) Policing Social Media. Canadian Review of Sociology 49 (4): 411–25.

50.

Trottier

(2013) Crowdsourcing CCTV Surveillance on the internet. Information, Communication & Society 17(5): 609-26.

51.

Van Dijck

(2014) Datafication, dataism and dataveillance: Big Data between scientific paradigm and ideology. Surveillance and Society 12(2): 197–208.

52.

York

(2014) Social media has been privatised. Why do we treat it as a public space? New Statesman, 11 June. Available at: http://www.newstatesman.com/internet/2014/06/social-media-has-been-privatised-why-do-we-treat-it-public-space (accessed 26 December 2014).