|Statewatch article: RefNo# 31734
|Statewatch Journal; vol 21 no 3 July-September 2011
|Police forces across Europe are increasingly using social media as an investigative tool to detect criminal activity, a technique that is already commonplace in the USA. The accuracy of this burgeoning practice is unclear, with the risk that innocent people will become embroiled in police investigations.
People communicate, plan and organise online and can mobilise their peers through social media networks. On the basis of data produced through these interactions, criminal prosecutors can not only reconstruct social networks, they can also exploit social network services directly.
Numerous services facilitate communication on the so-called “Social Web”. Via social networks such as Facebook, Xing or LinkedIn, people can create and maintain contacts or expand their personal networks. Platforms such as YouTube and Flickr provide for the publication or exchange of videos and photos. Through microblogging services such as Twitter, short messages or pictures can be sent from computers or smartphones not only to friends but to large groups of interested people. Cooperation and collaboration through services supporting group communication expand the reach of users and allow an online presence. People thereby not only reveal intended information, but also disclose when and where they communicate and with whom.
The growth of social media has also opened up new communications and operational possibilities for criminal prosecutors. The COMPOSITE research project,  which analyses current trends in the police’s use of information technology in ten EU Member States, identified the use of social media as a core challenge. According to the coordinator of the study, Sebastian Denef, the German police are currently devising related strategies at the regional and national level under the banner “Overcoming the digital transformation” (Bewältigung des digitalen Wandels). However, he concedes that this process is still in its preliminary stage.
A survey carried out as part of the COMPOSITE project found that police forces in Europe follow very different strategies with regard to social media – from self-publicity to monitoring social networks and involving the public in specific investigations. Macedonian and Romanian police use YouTube and Facebook only to distribute information about various campaigns and activities. In the United Kingdom, police sometimes inform communities about their daily activities via Twitter. The most comprehensive use occurs in the Netherlands, where police use their website to exchange work experiences with each other. Citizens can subscribe to so-called security updates about their neighbourhood through instant messaging. Through Twitter, the police try to increase their circle of informants or witnesses, and citizens are encouraged to send in tips via SMS alerts. The Burgernet (Citizen’s Net) website, for example, transmits information on the search for missing people, suspects or stolen vehicles via mobile phone. A pilot project is currently testing Skype for similar purposes. Citizens can even contact police avatars in social networks such as Habbo Hotel and Second Life.
Transnational cooperation between police stations located in the German-Belgian-Dutch border region takes place via a common intranet. Police can access information on location, which was previously only accessible at the police station, and police cars have been specially equipped for that purpose. Brandenburg police will soon also be equipped with police cars with the relevant technical functionalities. The use of this technology is intended to reduce the number of police officers and stations needed in rural areas.
Social networks as data suppliers
Interest in using social media services is increasing globally. The USA is contemplating using social media for emergency and disaster communications or to identify societal trends.  Research has shown that Twitter can facilitate terrorist activity as well as discouraging potential terrorists. Based on the evaluation of civilian reactions to the terrorist attacks in Jakarta and Mumbai, researchers developed a framework within which to evaluate civic reactions in a structured manner. This is intended to enable authorities and other decision-makers to react swiftly to terrorist threats. 
According to the COMPOSITE study, police solutions providers anticipate that the demand for techniques to monitor social media will increase, because criminals are using it to coordinate activities. Data published by users, such as photographs, are also useful for the identification of offenders as well as victims. Social media, the study says, is not only a police communications tool but also an investigative one. Characteristics of these new investigative systems are searches in social networks as well as connecting previously separate data sets, such as social network data, information posted on websites and police databases. Online police investigations should, however, “be protected from being made public.” Detailed information is kept confidential in the preliminary study, which will result in the monitoring of trends in four years’ time.
Surveillance and investigation operations
Until recently, the fact that social media data is being used by the police had only been uncovered in the USA. The US civil rights organisation Electronic Frontier Foundation (EFF) responded by submitting a complaint against the CIA and the Defence and Justice Departments, amongst others, under the Freedom of Information Act (FOIA), for the disclosure of information on their use of social-networking websites as investigative, surveillance, and data collection tools. In its complaint, the EFF writes that “Although the Federal Government clearly uses social-networking websites to collect information, often for laudable reasons, it has not clarified the scope of its use of social-networking websites or disclosed what restrictions and oversight is in place to prevent abuse.”
During the court case, the EFF lodged several applications on the basis of the FOIA to find out more about the authorities’ use of social-networking media. A number of documents have been disclosed. Among other things, they showed that the authorities are contemplating using research into social networks for security checks on employees. A related preliminary study found that in more than half of the cases researched, relevant information could be found in publicly available social network profiles.  Drug Enforcement Administration (DEA) presentation slides showed that online tools such as MySpace or YouTube visualisers [document cameras] are already being used to depict visual connections between users. The DEA was able to locate a refugee by analysing his profile, or rather, through his contacts identified through social network media.
MySpace Private Picture Viewer, which can be used to collect private information because of a security leak, was also used by the authorities, thereby violating MySpace user policy. The FBI’s Intelligence Information Report Handbook discloses that undercover accounts are also used to access protected information. Another CIA document acquired through the FOIA describes how “electronic footprints” can be avoided by using “anonymous accounts of an internet service provider” for surveillance activities.
Other documents the EFF obtained show that the CIA systematically evaluates online information in a so-called Open Source Center, not only using radio and TV programmes as sources, but also blogs, chat rooms and social network sites. The FBI on the other hand is interested in the University of Arizona’s Dark Web Project, which systematically collects and analyses all web content generated by terrorists. Via spider networks, online fora are being searched to gain access to hidden websites. The researchers are using a tool called Writeprint, which claims to be able to identify authors of anonymous content.
The US Department of Justice recently caused a stir when it tried to access Twitter users’ personal data, in connection to Wikileaks, with a judge’s order. Twitter, however, informed the users and thereby gave them the opportunity to challenge the decision. Meanwhile, the EFF obtained, again via FOI applications, guidelines on how to deal with prosecutors’ requests from 13 social media service providers, which the group has evaluated in a table.  Facebook proved to be the only provider that explicitly claimed the right to delete false accounts even if they were created by criminal prosecutors.
Reconstructing networks from communication data
What information can data from social networks disclose? Since 11 September 2011 several scientific studies have attempted to identify abnormal behavioural patterns,  predict the interests of certain groups,  identify trends,  and evaluate mobility patterns . The establishment of online services for social networks led to an increasing number of relevant data sets being generated. Blogs, for example, connect with other blogs and generate insights into social networks through link structures and content.  Facebook alone, with more than 600 million users, generates masses of communications data. New tools therefore have to be developed if these large data sets are to be analysed.
These networks can be analysed with relative ease using a number of criteria thanks to the infrastructure offered by providers [ISP’s]. This is not the case with social networks that are created for criminal activities such as the drugs trade, money laundering or terrorism. As a rule, they operate underground, but just like legal social networks they serve communication, collaboration and coordination purposes.  There are attempts, such as the above-mentioned Dark Web Project, to identify networks through web links, or to identify important hubs in terrorist networks via Google’s page rank algorithm. 
The representation of these relationships through telecommunications traffic data can almost be called traditional. As a rule, every communication through internet and telephone generates traffic data that can be analysed. On the basis of this data, strong and weak links between individuals can be identified, as a study by researchers at the Massachusetts Institute of Technology and Harvard University confirmed.  The study conducted interviews and undertook an analysis of mobile phone and Bluetooth communication traffic data for a group of 94 people. This showed that traffic data was most useful for identifying social networks: 96 per cent of personal friendships were identifiable through communication traffic data. Researchers were also successful in answering, for example, the question of how satisfied individuals were in their work. The time invested in the collection of data for the study amounted to 330,000 hours (using traffic data analysis), which translates to 38 years if the data had been collected using traditional field study techniques. The evaluation of traffic data is not only economically efficient, but also accurate. In comparison to methods such as witness interrogation, it also enables the surveillance of large groups of people.
For sufficiently accurate results not everyone in the target group needs to be put under surveillance. A study at the university of Leuven and Rotterdam explored the question of how many individuals needed to be put under surveillance in order to indirectly capture a larger group through the chosen individuals’ third-party contacts.  For this, the scientists looked at the e-mails of around 2,300 people that were sent and received over a time span of three years. For an exhaustive disclosure of network relations, the surveillance of eight per cent of the group was sufficient. A large group of people could be ‘captured’ through a small target group.
The French interior ministry and the development laboratory of the French telecommunication multinational corporation Alcatel (Alcatel Lucent Bell Labs France) recently showed in a common study that communications data reveal social networks, but that they can also be used to detect “suspicious behaviour” with the help of network analysis. To achieve this goal, the researchers developed a tool that enables criminal investigators to access data and filter it according to specific criteria with the help of an interface that presents the data visually as networks.
A 2008 study, commissioned by the German Federal Ministry of Justice and the Max-Planck-Institute for Foreign and International Criminal Law, discusses “environments that are increasingly shaped by the networked, direct and intelligent evaluation of continually generated personal data.” Traffic data, according to this study, inherently carries a high potential for social control and surveillance: “More than other data, they are useful for detecting social networks, identifying relationships and generat[ing] information on individuals.” 
Over the course of the last decade, network analysis has become an important investigation method for criminal prosecutors. The masses of data retained by social media service providers forms a rich reservoir that can seduce prosecutors into legal grey areas in their investigations. At the same time, new methods of analysis are more efficient than traditional investigation forms – in particular because they enable the linking of personal data from social media services with data from a diverse set of other sources: the internet, traffic data and various databases the police have access to. For police (and security) forces, these new methods offer the promise of reconstructing hidden social networks.
A different question altogether is whether identified relationships or connections between data sets give a realistic picture. Considering the fact that the research area is relatively young, it can be assumed that there is a high risk of unrelated persons becoming the target of an investigation and of suspicious cases against them being constructed, which, on closer scrutiny, turn out to be false. A critical and cautious handling of these powerful investigation tools is therefore advisable. An evaluation of the above preliminary research, examining these concerns in more detail, is lacking.
* This article first appeared in Bürgerrechte & Polizei/CILIP 98 (1/2011)
 Denef, S. et al.: ICT-Trends in European Policing, St. Augustin 2011 (Frauenhofer Institute for Applied Information Technology), www.composite-project.eu. (Composite stands for Comparative Police Studies in the EU)
 Kavanaugh, A.: Social Media for Cities, Counties and Communities. Final Grant Report to Virginia Tech – Center for Community Security & Resilience CCSR, Blacksburg 2011:
 Cheong, M.; Lee, V.: A microblogging-based approach to terrorism informatics: Exploration and chronicling civilian sentiment and response to terrorism events via Twitter, in: Information Systems Frontiers 2011, No. 1, pp. 45–59
 Lynch, J.: Government Finds Uses for Social Networking Sites Beyond Investigations. Electronic Frontier Foundation, 2010:
 Lynch, J.: Social Media and Law Enforcement: Who Gets What Data and When?, Electronic Frontier Foundation 2011,
 Zhan, J.; Oommen, B.J.; Crisostomo, J.: Anomaly Detection in Dynamic Social Systems Using Weak Estimators. Computational Science and Engineering Conference, Vancouver 2009,
 Agarwal, A.; Rambow O.; Bhardwaj N.: Predicting interests of people on online social networks, in: IEEE (ed.): International Conference on Computational Science and Engineering 2009, Washington, D.C., pp. 735–740, www.cs.columbia.edu/nlp/papers/2009/agarwal_al_09b.pdf
 Goyal, A.; Bonchi, F.; Lakshmanan, L.: Learning influence probabilities in social networks, New York 2010,
 Giannotti, F. et al.: Mining Mobility Behavior from Trajectory Data, IEEE, Vancouver 2009, http://ebookbrowse.com/ngdm-09-dino-pedreschi-pdf-d75686450; White, J.; Roth, R.: TwitterHitter: Geovisual Analytics for Harvesting Insight from Volunteered Geographic Information, 2010, www.giscience2010.org/pdfs/paper_239.pdf
 Yang, C.; Ng, T.D.: Terrorism and Crime Related Weblog Social Network, in : Intelligence and Security Informatics Conference, New Brunswick 2007, pp. 55-58, www.ischool.drexel.edu/faculty/cyang/papers/yang2007b.pdf
 Daning, H. et al.: Identifying significant facilitators of dark network evolution, in: Journal of The American Society for Information Science and Technology 2009, No. 4, pp. 655-665,
 Qin, J. et al.: Analyzing Terrorist Networks: A Case Study of the Global Salafi Jihad Network, in: Lecture Notes in Computer Science (LCNS) 2005, vol. 3495, Berlin, Heidelberg, pp. 287–304,
 Eagle, N. et al.: Inferring Social Network Structure using Mobile Phone Data, Ithaca 2006
 Danezis, G.; Wittneben, B.: The Economics of Mass Surveillance – and the Questionable Value of Anonymous Communications, Workshop on the Economics of Information Security, Cambridge (UK) 2006, http://weis2006.econinfosec.org/docs/36.pdf
 Bennamane, A. et al.: Visual Analysis of Implicit Social Networks for Suspicious Behavior Detection, in: LNCS 2011, vol. 6588, pp. 388–399, Berlin, Heidelberg, www.springerlink.com/content/b885412441304869/fulltext.pdf
 Albrecht, H.-J. et al.: Rechtswirklichkeit der Auskunftserteilung über Telekommunikationsverbindungsdaten nach §§ 100g, 100h StPO [Legal reality of disclosure of information on telecommunications traffic data according to Articles 100g, 100h Crime Procedures Act], Berlin 2008, pp. 87, 90
© Statewatch ISSN 1756-851X. Personal usage as private individuals/"fair dealing" is allowed. We also welcome links to material on our site. Usage by those working for organisations is allowed only if the organisation holds an appropriate licence from the relevant reprographic rights organisation (eg: Copyright Licensing Agency in the UK) with such usage being subject to the terms and conditions oof that licence and to local copyright law. Statewatch is not responsible for the content of external websites and inclusion of a link does not constitute an endorsement.