Vast Social Media Data Not Fair Game for Intelligence
The DNI sets limits on information trawling for background investigations.
The U.S. intelligence community may not broadly pursue social media information on individuals subjected to federal security clearances, according to a new directive signed May 12 by James Clapper, director of national intelligence (DNI). Security Executive Agent Directive 5 seeks to ensure continued background investigations into social media data without straying into controversial areas.
The directive states, “Only publicly available social media information pertaining to the covered individual under investigation shall intentionally be collected.” Information pertaining to any individuals not being investigated will not be pursued, even if it is collected inadvertently. Nor may investigators require, or even request, individuals to provide social media passwords, log into a private account or otherwise disclose nonpublic social media information.
Exceptions to these directions are permitted only for a national security concern or a legally permissible criminal reporting requirement. Also, security clearance holders can undergo expanded scrutiny for obtaining or maintaining their clearances as long as the scrutiny pertains to clearance guidelines.
The directive forbids agencies from creating new social media accounts or using existing ones to connect with an individual or to enlist a third party to bypass privacy controls. For example, this prohibits investigators from friending an individual on Facebook, either directly or indirectly, to obtain information not viewable by the general public. Neither can agencies compel an individual to connect to an agency account for the purpose of providing agency access to that person’s account.
Agency heads are required to notify the Security Executive Agent (SecEA) of their intent to collect, use and retain publicly available social media information for clearance-eligible individuals. These information collection, analysis, reporting and retrieval processes are to be automated “to the greatest extent practicable.” And agency heads must promptly advise the SecEA of any challenges or impediments to this policy’s implementation.
The new directive does provide for limited information sharing. Agency heads are directed to share “relevant information of a security, counterintelligence or law enforcement concern” with the appropriate officials and agencies are to share best practices for social media collection methods under the directive’s guidelines.