FBI Orders Up Social Media Monitoring Tool

In an interesting turn of events—and no doubt tangentially connected—the FBI and the White House are contemporaneously calling for the monitoring of social networks to detect mass shooting- and terrorist-related threats. Let’s look at the FBI’s proposal.

The FBI has issued a Request for Proposal (RFP) for a “Social Media Alerting Subscription” and “intends to award a firm-fixed-price contract for the purpose of acquiring subscriptions services to a social media early alerting tool in order to mitigate multifaceted threats, while ensuring all privacy and civil liberties compliance requirements are met.” And with that statement the FBI has laid down the gauntlet for interested parties to bid on providing a tool to basically scrape social networks, analyze content and produce alerts to the FBI on potential threats without interfering with the privacy and civil liberties of those whose information is collected. The RFP due date was originally Aug. 8 but has been extended to Aug. 22.

The statement of objectives contained within the RFP detail the level of effort and the expected outcomes the FBI is looking for from its selected contractor. One question that comes to mind: Is this a means to bypass the checks and balances afforded to U.S. persons, given the verbiage indicates it is an effort to focus on domestic terror? That said, many believe a domestic or foreign-grown threat to society discussed on social networks is something worthy of review.

The FBI’s “Public Source Program Office” is the focal point for this effort, noting, “Virtually every incident and subject of FBI investigative interest has a presence online.” The FBI continued, “Law enforcement gaining lawful access (i.e., access that is authorized, appropriate, and consistent with applicable law and policy) to this data will result in early detection and/or containment of the magnitude of any harm by these threats.” In a nutshell, the means are justified, as the ends will save lives.

The information and social media alerts will be availed across the FBI landscape, to include both headquarters and field divisions. In addition, operations centers, inter-agency fusion centers, command posts and legal attachés (FBI personnel assigned to embassies abroad) will have access to coordinate and liaise with foreign law enforcement.

The desired outcomes are:

  • The FBI receives advanced notifications of mission-relevant incidents.
  • The FBI accesses historical data to identify profiles and ramifications to derogatory groups.
  • The FBI exploits data in a real-time context, in both a proactive and reactive stance, based on location.
  • The FBI receives immediate notification and support by the contractor for any possible computer security breach incidents exposing FBI information.
  • Any information input or provided by FBI personnel for input into the vendor’s interface remains protected.
  • The FBI is informed of any potential or actual computer security incidents involving or potentially involving FBI information or users.
  • The FBI receives training on contractor-related tools and techniques.
  • The FBI personnel with access or other issues obtain support from designated help desk personnel.

The above may remind some of the Arab nations’ reactions following the Arab Spring demonstrations and uprising in the early 2010-2012 timeframe. The UAE was largely spared, some believe because of the wealth of the citizens and the opportunities afforded within the UAE to those citizens. While the UAE may have dodged the bullet in 2012, in 2013 the country set out to acquire the ability to listen, read and understand the social network content of persons of interest. Its efforts no doubt bore fruit, as the UAE continues to enjoy the stability that other Arab nations haven’t had the joy of experiencing.

Fast forward to 2019, and we learned via a Reuters investigative report, “Project Raven – Inside the UAE’s secret hacking team of American mercenaries,” that the UAE’s social media alerting system has been up, running and being used by the government of the UAE to take off the street dissidents, rival leaders and journalists. Perhaps there was more than meets the eye with respect to the UAE’s dodging the Arab Spring bullet.

The Black Raven project, supporting the government of the UAE, utilizes an array of cyber tools to collect what runs free in the wild, as well as hack into targets’ communication devices.

The fly in this ointment, however, is the fact that the UAE was using former U.S. National Security Agency employees to conduct their monitoring and hacking. Those employees found themselves targeting individuals who they would come to learn were U.S. persons. A ticklish spot to be within, indeed.

Which brings to mind the question: Will the prime contractor from the United States who landed the lucrative Project Raven contract be among those vying for the FBI’s attention?

Time will tell. For now, remember going forward, if you post it, the FBI will know it.

Christopher Burgess

Christopher Burgess

Christopher Burgess (@burgessct) is a writer, speaker and commentator on security issues. He is a former Senior Security Advisor to Cisco and served 30+ years within the CIA which awarded him the Distinguished Career Intelligence Medal upon his retirement. Christopher co-authored the book, “Secrets Stolen, Fortunes Lost, Preventing Intellectual Property Theft and Economic Espionage in the 21st Century”. He also founded the non-profit: Senior Online Safety.

burgesschristopher has 186 posts and counting.See all posts by burgesschristopher