Twitter Says Its API Can't Be Used For Surveillance, But What Does It Think The FBI's Going To Do With It?

from the spies-in-sports-coats-or-just-LEOs? dept

Dataminr, the company whose Twitter firehose access has become somewhat of cause celebre on both sides of the privacy fence, is back in the news. After being told it couldn’t sell this access to government agencies for surveillance purposes, Dataminr had to disconnect the CIA from its 500 million tweets-per-day faucet.

Twitter was pretty specific about what this buffed-up API could and could not be used for. The CIA’s surveillance efforts were on the “Don’t” list. This rejection of the CIA’s access was linked to existing Twitter policies — policies often enforced inconsistently or belatedly. What the CIA had access to was public tweets from public accounts — something accessible to anyone on the web, albeit with a better front-end for managing the flow and an API roughly 100x more robust than those made available to the general public.

The question now is how Twitter defines surveillance.

The FBI will soon be able to search a vast repository of public tweets in real time for hints about potential terrorist attacks and other public-safety crises.

The bureau awarded a sole-source contract to Dataminr, a company that allows customers to churn through Twitter’s “firehose,” which includes more than 500 million 140-character messages posted daily. Twitter’s public API only gives users access to about 1 percent of tweets, according to a FedBizOpps posting.

Now, the question is not whether or not the FBI should have access to publicly-available Tweets. It always will have that access, with or without Dataminr’s assistance. The question is whether Twitter believes the FBI is not engaged in the sort of surveillance it disagrees with.

In the context of its Dataminr access, I’m sure the FBI would have preferred to be thought of as a law enforcement agency. Divorced from the API-access context, it has done much in recent years to place itself on the same level as the CIA. It honestly feels it should be given more foreign intelligence gathering powers — more so than the CIA, which has traditionally handled only foreign-facing operations.

Likewise with the NSA. The NSA’s bulk collection orders under Section 215 were obtained in the FBI’s name, with the data going directly to the NSA and the intelligence agency “tipping” an unspecified amount of the haul back to the FBI for further examination.

What the FBI is going to engage in with this access will be a form of surveillance, albeit one with very few privacy implications. Twitter has yet to speak up about the recently-awarded contract. It may never do so. It may believe the FBI is primarily engaged in law enforcement, even though the agency rebranded in the midst of the Snowden leaks, emerging as the “national security” agency it apparently felt it always should have been.

The statement issued by Twitter suggests it’s only the “surveillance” that bothers them, not so much what each government agency seeking access feels its core mission is. The policy says “government or intelligence agenc[ies]” will be forbidden from purchasing access for surveillance purposes and the FBI certainly can’t deny it’s a government agency.

It also shouldn’t matter which hat the FBI wears when attaching the hose. Twitter yanked Geofeedia’s API access after discovering it was selling access to law enforcement agencies all over the US for the purposes of tracking First Amendment-protected activity. Its policies also list “track” and “investigate” as problematic uses of its API — two things the FBI does often.

Given the agency’s long history of engaging in surveillance of protected political activity, it’s not much of a stretch to believe the FBI will use Dataminr’s tools for the same ends. Then again, Dataminr or no Dataminr, the tweets it’s seeking to analyze are already out there where anyone can see them. All the agency is really buying is a hose and a funnel.

Filed Under: , , , , ,
Companies: dataminr, twitter

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Twitter Says Its API Can't Be Used For Surveillance, But What Does It Think The FBI's Going To Do With It?”

Subscribe: RSS Leave a comment
14 Comments
WeHearYouTim says:

Interesting problem

What do honest developers do to prevent unauthorized use of their APIs?

Sue the government?
First they would need to prove the government(s) used it, standing would be tough as IP addresses don’t always resolve accordingly.

Monitor then block IP ranges using the API?
Then players would decry censorship.

This is an interesting problem Tim.

Might this also apply to Google, Facebook, Yahoo, Reddit, et. and any other site?

Perhaps the approach to use today, is education.
Twitter, educating users that any post they make will end up in multiple government archives, that there is no erase button on the internet and users should be very cautious about providing any information to online sites…

Christenson says:

Hoses and Funnels

Twitter’s position seems to boil down to:
You can’t use dynamite if you want to hurt people!

But dynamite doesn’t know about that…it just goes “Boom!”

And I don’t see twitter getting out of the “dynamite” business anytime soon, since one reasonable way to measure effectiveness of advertising is to ask how many tweet about the product. And I don’t think twitter supervising everyone using their API can be cost effective either.

Not that the FBI shouldn’t *need* a warrant to use dynamite.

Ninja (profile) says:

Considering the messages are public anyway and that the soup letter acronym surveillance agencies will eventually build a solution that does what the API Dataminr offer do even if it means going through the hard way I don’t think it really matters. The issue here is more complex and deep than that.

The fact that law enforcement and intel agencies are actively monitoring the platform (and others) for Constitutionally protected activity is the real issue here. And the fact that they can do so and even harass those engaged in such protected activity just by labeling them terrorists should be the real concern, not the ability to screen all the messages conveniently and quickly.

Anonymous Coward says:

Dear Tim,

"All the agency is really buying is a hose and a funnel."

Uhm… Beside that Mrs. Lincoln, how was the play?

Tim,

Although I appreciate the overall tone of this piece, perhaps you might consider not so playing down the significance of the implications of the FBI having a much more powerful Twitter UI than is available to the general public. Because in doing so, you’re flirting with the same reasoning used by law enforcement to justify ALPR (i.e., because anyone in public can see your license plate, we are justified in the mass/automated collection, indefinite storage, and incredibly powerful search UI of license plate location data – two scenarios which couldn’t be more different).

The same is true with providing the FBI with these types of very, very powerful collection and search UI’s. Because the general public has little to no reference point for understanding how their tweets can be accumulated over time and aggregated with all their other digital data, they are put at a significant disadvantage in understanding the implications of how such information can be used against their best interests. And that is the crux of the the public good issue. I’d appreciate it if going forward, you wouldn’t minimize its significance with such dismissive statements.

Thanks,

AC

John Cressman (profile) says:

I wish...

I wish I lived in a fantasy world with ice cream mountains, lollipop forests, purple gummy unicorns and APIs that the government wouldn’t abuse.

Sadly… we live in the real world and if the governments don’t use Twitter’s API, they’ll just find some other way.

Or like China, the government will simply tell them what the company will provide if they want to do business in their country.

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...