ACLU takes social giants to task over Geofeedia privacy gaffe

ACLU takes social giants to task over Geofeedia privacy gaffe

The value of a social network largely depends on the quality of data it collects from users. However, it's easy for sensitive data, such as location information, to be abused, and consumers need to hold social companies accountable for their indiscretions.

Data is the lifeblood of social media of companies, the currency with which they operate and the glue that keeps users coming back for more. The data people share on social sites can also come back to haunt them in ways they never imagined. Embarrassing incidents on social are hardly rare, but a recent case of malfeasance suggests individuals should be even more careful about what they share. 

Earlier this month, the American Civil Liberties Union (ACLU) revealed widespread abuse of social data collected from popular sites for the purpose of unwarranted surveillance. Geofeedia, a company that had privileged access to data from Facebook, Instagram, Twitter and at least nine other social networks, reportedly helped law enforcement spy on activists and protesters, according to the ACLU. 

Geofeedia analyzes and repackages location data embedded in social media posts to let clients search for the whereabouts of specific individuals. The company heavily markets to law enforcement, and at least 500 organizations have signed up for its security services to date, according to the ACLU.

ACLU uncovers abuse of social data 

Facebook, Instagram and Twitter all severed deals with Geofeedia that granted the company direct API access to their data after the ACLU confronted the trio of social giants with its findings. The ACLU said it's pleased with that initial reaction, but Matt Cagle, a lawyer with the group, also wrote: "Further steps are required if these companies are to live up to their principles and policies by protecting users of all backgrounds engaging in political and social discourse."  

[Related: Are social media giants betraying your trust?]

The ACLU also called out Facebook and Instagram for not clearly prohibiting user surveillance. "We are concerned about a lack of robust or properly enforced anti-surveillance policies," Cagle wrote. "Neither Facebook nor Instagram has a public policy specifically prohibiting developers from exploiting user data for surveillance purposes." Twitter has a clause in its developer policy that bans the use of its data for surveillance, but the company did not enforce the rule in its dealings with Geofeedia, according to the ACLU. 

"Social media monitoring is spreading fast and is a powerful example of surveillance technology that can disproportionately impact communities of color," Cagle wrote. Geofeedia published a case study that boasted how its tools were used by the Baltimore County Police Department in April 2015 to track activists and protesters in real time following the highly publicized death of Freddie Gray while in police custody. The city of Oakland, Calif., and others have also used Geofeedia to monitor protests, the ACLU alleges. 

Geofeedia says its policies protect free speech and ensure its customers don't inappropriately identify individuals based on race, ethnicity, religious, sexual orientation or political beliefs. "Geofeedia will continue to engage with key civil liberty stakeholders, including the ACLU, and the law enforcement community to make sure that we do everything in our power to support the security of the American people and the protection of personal freedoms," the company wrote in response to the ACLU's report

Facebook facilitated exploitation of data

If the three social sites could have proven ignorance they might not have had to share the blame for aiding Geofeedia's social media surveillance business, but that wasn't the case. uncovered at least one incident in which Facebook used Geofeedia's social media monitoring tool to track and identify a trespasser within its corporate headquarters in 2015. Facebook knew how Geofeedia exploited its user data and willingly participated in wrongdoing to catch an intruder who allegedly took photographs of CEO Mark Zuckerberg's office and uploaded them to social media, according to the ACLU report. 

John Simpson, a consumer advocate and privacy project director with privacy group Consumer Watchdog, says it's one thing if Facebook, Instagram and Twitter didn't know their data was being used by Geofeedia for police surveillance and entirely another if the companies were aware of and encouraged the behavior. "If a [social network] knows that data that they have gathered is being shared and used by a third party for another purpose than what it spelled out in the privacy policy in the notice to users, I think they've got a real problem," he says. "They are very likely committing unfair and deceptive acts and violating section five of the Federal Trade Commission Act." 

Social media sites "have an obligation to see to it that the data that they gather is only used for the purposes that they say it's going to be used," he says. If a partners uses that data outside the scope of user agreements, or even facilitates that use, the social service is "culpable and should be held accountable."

[Related: Inside the shadowy world of data brokers]

Facebook, Instagram and Twitter, and their top executives, have all expressed support for free speech, social justice and the activists involved in movements such as Black Lives Matter, but there is a "severe disconnect between these positions and the data access they have provided" to data brokers such as Geofeedia, Cagle at the ACLU wrote. In some cases, the priorities of social networks also conflict with these causes, because the same data that marketers covet can also be used to potentially infringe on the civil liberties of social media users. 

Geolocation data is tremendously sensitive and poses a clear danger to user privacy when it's used for police surveillance, according to Simpson. Consumers need to take control of the location information they share, "because this demonstrates again [that] you can't have very much faith in social networks to protect you or your data," he says.

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags FacebooktwitterInstagram

More about BaltimoreFacebookFederal Trade CommissionTwitter

Show Comments