Without setting the schmaltzy pride of belated parents aside, David Omand, Jamie Bartlett and Carl Miller – as an online first article in Taylor & Francis’ well-established periodical ‘Intelligence and National Security‘ – are ‘Introducing Social Media Intelligence (SOCMINT)‘. What the world needed, was yet another INT, and here it is. Of course, despite the claim of its authors, SOCMINT is nothing new at all in the OSINT domain, but merely a rebranding of one specific range of its application. Thematically rather related is the United Nations Office on Drugs and Crime’s (UNODC) latest publication ‘The Use of the Internet for Terrorist Purposes‘, also a “first of its kind” according to UNODC (maybe a first for them, but probably not for academia, think tanks, security services etc.). So let’s have a quick look at both.
Introducing Social Media Intelligence
The peg on which the authors hang their paper are the intelligence lessons to be learned from the 2011 England riots, and it seems like one prime source of their findings is the admittedly excellent account of the Guardian’s collaborative ‘Reading the Riots‘ project (make sure to check out the pieces on ‘How the English rioters used social media’, ‘Twitter traffic during the riots’, and ‘The England ‘riot commute’ mapped’). Now using social media information for law enforcement purposes is something rather common, although far from being based on a coherent methodological and ethical framework which the authors strive to deliver. Two German examples that come to mind are Hannover police successfully using (or, due to legal unclarities, having used) Facebook to crowd-source hints for manhunts, and the 2011 eviction of Berlin’s Liebgigstr. 14 where Twitter has played a key operational role for dozens of left-wing activists mobilizing hundreds of demonstrators, and directing their – partly violent – response to the ongoing police operation.
In the following, SOCMINT is described – in my words, not the authors’ – as technical law enforcement intelligence, both open or non-open. In our model that would equate to OSINT/TECHINT or NOSINT/TECHINT with the slight difference that we usually focus on national security intelligence requirements.
Some applications – from specific to vague – that come under this definition are crowd-wisdom, GIS and web-mapping (e.g. Ushahidi), social network analysis and social graphs, data journalism, sentiment analysis, near real-time situational awareness, insight into criminal groups, and identification of criminal intent. Google’s Flu Trends, not SOCMINT in a narrow sense, are another example the authors use for demonstrating the predictive power of user-generated queries. Apart from that, it is surprising how little attention is paid to commercial actors who have – besides academia – largely driven the development of the technologies and platforms in question, who are providing the infrastructure, and who are propelled by a very obvious incentive for improving the exploitation of data gathered from social media sources: advertisement and, thus, money. And this is where one has to ask if fewer buzzwords, and a more thorough examination of those very diverse applications would have helped in delivering a more conclusive framework. In other words: how can the authors seriously complain that there is not yet a convincing scientific approach for sampling, processing and analyzing large social media data sets, at the same time calling for the fusion of “data-led explanations of human behavior”, and still almost totally ignore the theoretical and practical breakthroughs of network theory and computational sociology?
Asserting that “[t]he full promise of SOCMINT as a law enforcement tool in addition to its use as an open source of information must be tempered against the reality that the methods employed to protect society rest ultimately on some form of public acceptability and involvement” (p. 6f.), leads to some more evident observations. The rule of law, privacy, civil liberties, and even copyrights are at stake when it comes to SOCMINT, and two distinct approaches have to be considered here: 1. Open- (“non-intrusive”), and 2. Non-open (“intrusive”). While the latter operates under pretty much the same legal rules as any other form of NOSINT or secret intelligence (reading other people’s letters or e-mails), matters of public acceptability and involvement do indeed play a decisive role for SOCMINT to be successful as long as it is carried out in the open. Monitoring a religious zealot’s public Tweets, for example, would be the OSINT/TECHINT equivalent to watching a man cross the street and entering a gun store with regards to the OSINT/HUMINT dimension. Maybe – alone – a morally questionable activity, but at least a publicly accessible and legally available option. Yet, as soon as this sort of monitoring becomes a universal routine expressing a blanket suspicion, trust in both the respective social media platform and government will be tested. A democratic state will not want (and be able) to afford general and permanent mistrust in its ways of safeguarding democracy, and so the authors adjust some Just War criteria in order to form the very necessary ‘rules of engagement’ for SOCMINT: sufficient, sustainable cause; integrity of motive; proportionate and necessary methods; and right authority, validated by external oversight.
After all, “[t]he ‘success’ of intelligence is not the information or even secrets that it collects, but the value it adds to decision-making.” (p. 7) This holds true even more for SOCMINT (as a special subset of SIGINT and COMINT, or ultimately TECHINT) where the signals-noise ratio is particularly unfavorable. Given the potential analytical corruption of samples due to phenomena such as the ‘Online Disinhibition Effect‘, context remains critical.
In addition to the restraining ‘principles’ above serving as the cornerstones for their proposed framework, one more principle requires separate attention: “Recourse to secret intelligence must be a last resort if more open sources can be used.” (p. 21) Needless to say that oftentimes OSINT is a last resort itself when primarily being used for validation and verification of information gathered otherwise instead of targeting information requirements and identifying knowledge gaps. And it is validation and verification of OSINT which pose even more problems, just remember the blurry LiveLeak footage of alleged war crimes in Libya and Syria that was shown by Western TV stations over and over because of their own lack of boots on the ground.
That said, the paper presented may not be as original as its authors claim, but that does in no way lessen the importance of the topics raised, and there will soon be frameworks and doctrine for employing SOCMINT as one element amongst others of what it predominantly is: OSINT. In the meantime, its value for strategic intelligence may prove an interesting research topic.
The Use of the Internet for Terrorist Purposes
According to the UN’s report, the uses of the internet for terrorist purposes comprise propaganda, recruitment, incitement, radicalization, financing (also see Florian Schaurer, Elias Blum, Marten Lindberg: ISN OSINT Report 2/2011: Terrorism Financing), training, planning and execution. Therefore, a government’s responsibilities in the SOCMINT domain include, but are not limited to “[g]athering open-source intelligence by using specialist online surveillance techniques from social networking sites, chat rooms, websites and Internet bulletin boards revealing the activities of terrorist groups (among many other criminal elements).” (p. 68)
What is given much more weight here than in the aforementioned paper are the manifold opportunities for private sector cooperation, with privately operated terrorism monitoring services such as SITE and Internet Haganah, and academic initiatives like the University College Dublin’s Centre for Cybersecurity and Cybercrime Investigation being mentioned. Regarding industry partners (e.g. ISPs), it has to be kept in mind that “private companies typically own [and host] the social media platforms that facilitate the dissemination of user-generated content to a broad audience, as well as popular Internet search engines, which filter content based on user-provided criteria”, (p. 123) so teaming up with them is a sheer necessity for governments.
As a side note, there obviously remain problems, both legally and technically, and surely way beyond SOCMINT, as to ‘intelligence as evidence’, consequently putting additional liability on digital forensics – and on solid prosecution. Even before that, a severe challenge lies in the adequate operational responses to an identified terrorist ‘target’ online, e.g. shutting down a Jihadist forum immediately to stop it from emitting harm, or passively monitoring it to follow its trail?
It comes as no surprise then that the report’s concluding remarks deal with investigations and intelligence gathering in the same chapter, underlining the law enforcement focus also of this publication. For UN online counter-terrorism, the “real intelligence hero is Sherlock Holmes”, without a single doubt.
P. S.: Our German speaking readers are strongly encouraged to also have a look at Guido Steinberg’s latest SWP paper ‘Jihadismus und Internet: Eine deutsche Perspektive‘.