Authors: Cleaver, O. & Nicklin, G.
Published in National Security Journal, 12 June 2020
However, they were unable to provide a definitive answer to the question of whether accessing personal information placed openly on a social media platform is a breach of individual privacy. The issue is therefore less about access to the data, some of which is available for all to see once a login account has been created, and more about who has control over how this information is used. Perceptions of whether social media profiles and published information are public or private and how that data is subsequently used are likely to play a part in how the public perceives social media use by government agencies. Government uncertainty about whether social media is rightly situated in the public or private domain provides a likely reason for the absence of legislative direction on SOCMINT use to date. Fewer regulations would be expected for the public than the private domain. Ivan et al argue that the intrusive nature of reviewing an individual’s social media posts must be governed by legislation, yet to date no state has succeeded in formulating a legal framework.17 They emphasise that the challenges linked to SOCMINT use are confidentiality, consent and understanding the boundary between what is public and what is private.
Edwards and Urquhart also outline the need to review United Kingdom legislation governing social media intelligence collections.18 They ask valid questions about the ethics and legality of state regulators using SOCMINT. The key question is whether the public interest in policing outweighs the private interests of those monitored. They conclude that the existing law does not provide adequate protection for government SOCMINT use and there is a significant lack of well-defined expectations of privacy. What they mean by ‘adequate protection’ is policy or guidelines that protect both agencies’ legal use of the data, and the public’s rights to privacy.
Privacy is a recurring theme in SOCMINT literature. Questions include the meaning of privacy in public spaces, and how it can be measured, assessed and understood. A key problem is the lack of a single definition or meaning of the word ‘privacy’ – a word that is in common use by the public as well as in philosophical, political and legal domains.19 For example, Privacy International raised concerns about a 2017 submission to the Department of Homeland Security’s Privacy Office seeking the expansion of immigration records to include social media names and associated identifiable information and search results.20 They argued the Department’s proposal was without sufficient justification, and emphasized the gross intrusion into the individual’s right to privacy. They suggested agencies must comply with “international principles of legality, necessity, and proportionality.” This argument resembles the New Zealand SSC statement that covert social media use is a “breach of individuals’ reasonable expectation of privacy.”21
The lack of understanding of privacy is further outlined in a 2012 Canadian study on cybersecurity.22 This study is notable for being from a comparable nation to, and therefore pointing to a possible course of action for, New Zealand.