“[Police are] not allowed to go to a protest and start randomly asking people for their IDs unless there is a very clear security risk. So you shouldn’t be able necessarily to replicate that just because they’re tweeting at this event,” said privacy lawyer Tamir Israel, with the Canadian Internet Policy and Public Interest Clinic.
The American Civil Liberties Association recently released a report detailing how Twitter, Facebook and Instagram allowed a company called Geofeedia access to its data through something called an API (Application Programming Interface). The company, which has offices in Chicago, Indianapolis, Ind., and Naples, Fla., specializes in pinpointing social media data based on geographic locations.
All three companies have since blocked Geofeedia from using their data.
While the information was publicly available, privacy experts say it’s not reasonable for police to have such easy, searchable access to such data.
Geofeedia was gathering publicly available data from these social media sites, as well as a handful of others, and selling it to police agencies, marketing itself as a tool to monitor events, like protests, in real-time.
“Even just the suspicion that law enforcement is monitoring peaceful protests and keeping an eye on people could have a chilling effect on people participating in that peaceful protest,” said Brenda McPhail, director of the privacy, technology and surveillance project at the Canadian Civil Liberties Association.
McPhail said it’s likely that Canadian police forces use this kind of technology, as well.
But the RCMP has said in the past that if it reveals what technology it uses, it could impede investigations.
Twitter’s other API, known as the firehose, is more powerful. Firehose is not free, but it gives companies access to a lot more data. And those companies are not subject the same restrictions as those who use the public APIs.
According to the ACLU, Geofeedia had access to Twitter’s firehose via a subsidiary of Twitter called GNIP.
This gave Geofeedia something the average Twitter user — and even average programmer — would not be able to get: easily searchable access to all of Twitter’s public tweets.
“Yes the data is publicly available, but it would take a police officer probably their entire lives to go through the data that was available [via GNIP and Geofeedia] to police at the click of a button,” said Nicole Ozer, technology and civil liberties policy director at the ACLU of California.
In their research, which included documents granted to them through the American access-to-information process, the ACLU said it found a pattern of how Geofeedia’s services were being marketed to law enforcement.
“The examples were primarily activists of colour, and situations like Ferguson and the Freddie Gray protests,” she said.
Gathering public information like this is a grey zone — it’s legal, but some say there should be clear limits on how police can use it.
Most of us wouldn’t expect police to form a profile based on our tweets at a protest, said Dr. Ann Cavoukian, a three-term Ontario privacy commissioner who is now the executive director of the Privacy and Big Data Institute at Ryerson University.
“While people should take greater responsibility of the kind of information they put out there, the reality is, generally speaking, [that] no one considers all the possible consequences of the information,” she said.
She said public distrust of police is at “an all-time high” due to events like Edward Snowden’s NSA document leaks that showed the extent of government spying.
If police want information from social media, Cavoukian said they should have to sift through it like the rest of us — or get a warrant.
“It shouldn’t be delivered to them on a silver platter.”