November 18, 2012 in Department of Homeland Security
The following privacy review of the DHS National Operations Center Publicly Available Social Media Monitoring and Situational Awareness Initiative was released November 8, 2012. This website has been listed in three of the four publicly available privacy impact assessments for the program as an example of a website monitored by DHS.
Privacy Compliance Review of the NOC Publicly Available Social Media Monitoring and Situational Awareness Initiative
- 25 pages
- November 8, 2012
The Office of Operations Coordination and Planning (OPS), National Operations Center (NOC), has statutory responsibility to (1) provide situational awareness and establish a common operating picture for the federal government, and for state, local, and tribal governments as appropriate, in the event of a natural disaster, act of terrorism, or other man-made disaster, and (2) ensure that critical terrorism and disaster-related information reaches government decisionmakers. Traditional media sources and, more recently, social media sources such as Twitter, Facebook, and a vast number of blogs provide public reports on breaking events with a potential nexus to homeland security. By examining open source traditional and social media information, comparing it with many other sources of information, and including it where appropriate into reports, the NOC can provide a more comprehensive picture of breaking or evolving events.
In January 2010, to help fulfill its statutory responsibility to provide situational awareness and to access the potential value of public information within the social media realm, the NOC launched the first of three Media Monitoring Capability (MMC) pilots using social media monitoring related to specific incidents and international events. The NOC pilots occurred during the 2010 Haiti earthquake response, the 2010 Winter Olympics in Vancouver, British Columbia, and the response to the 2010 Deepwater Horizon BP oil spill. Prior to implementation of each social media pilot, the DHS Privacy Office and OPS developed detailed standards and procedures for reviewing information on social media web sites. A series of pilotspecific Privacy Impact Assessments (PIA) document these standards and procedures. In June 2010, the Department released its Publicly Available Social Media Monitoring and Situational Awareness Initiative PIA, which incorporated these protections. OPS/NOC and PRIV subsequently updated the PIA in January 2011, and published a Privacy Act System of Records Act Notice (SORN) on February 1, 2011, to allow for the collection and dissemination of personally identifiable information (PII) in a very limited number of situations in order to respond to the evolving operational needs of OPS/NOC.
As of January 2011, the NOC may include PII on seven categories of individuals in an Item of Interest (hereinafter MMC Reports or Reports) when doing so lends credibility to the report or facilitates coordination with interagency or international partners. The seven categories as identified in the SORN are: “(1) U.S. and foreign individuals in extremis, i.e., in situations involving potential life or death circumstances; (2) senior U.S. and foreign government officials who make public statements or provide public updates; (3) U.S. and foreign government spokespersons who make public statements or provide public updates; (4) U.S. and foreign private sector officials and spokespersons who make public statements or provide public updates; (5) names of anchors, newscasters, or on-scene reporters who are known or identified as reporters in their posts or articles, or who use traditional and/or social media in real time to provide their audience situational awareness and information; (6) current and former public officials who are victims of incidents or activities related to homeland security; and (7) terrorists, drug cartel leaders, or other persons known to have been involved in major crimes of homeland security interest, who are killed or found dead.”
As documented in the January 2011 PIA Update, the NOC does not: (1) actively seek PII; (2) post any information on social media sites; (3) actively seek to connect with individuals, whether internal or external to DHS; (4) accept invitations to connect from individual social media users whether internal or external to DHS; or (5) interact with individuals on social media sites.
Privacy Compliance Reviews (PCR) are a key aspect of the layered privacy protections built into this initiative to ensure protections described in the PIAs are followed. Since the June 2010 PIA publication, PCRs have been conducted bi-annually. The DHS Privacy Office conducted this fifth PCR to assess compliance with the January 2011 PIA Update and February 2011 SORN. To address this objective, the DHS Privacy Office developed a questionnaire, interviewed OPS/NOC officials and analysts on issues raised by the NOC’s responses to the questionnaire, analyzed OPS/NOC guidance and standard operating procedures (SOP), and reviewed selected MMC Reports for compliance with the 2011 PIA Update.