Social Media & PAEI - Legal and Policy Considerations

Domestic and foreign threat actors are increasingly active on social media platforms as a means to engage and target individuals for recruitment, radicalization or enticement to share classified or sensitive information.

The data resident to these platforms presents a potential wealth of information for U.S. counterintelligence and personnel security investigative activities (e.g. individuals undergoing a background investigation for security clearance). An increasingly relevant question for these potential use cases: how do current legal and policy frameworks support (or prohibit) the use of social media data for these activities?

The use of social media information for intelligence and investigative intents can create challenges related to individual rights under the Fourth Amendment. The scope of protections under the Fourth Amendment has continued to broaden as society evolves beyond concepts of physical privacy considerations.

In Katz v. United States, the U.S. Supreme Court (SCOTUS) held that information that a person intends to keep private, even in a publicly accessible area, may be constitutionally protected. The Court held in Katz that protection under the Fourth Amendment is not dependent on a property right, but rather focuses on whether the area in which a person’s privacy was invaded was one in which there was reasonable expectation of freedom from governmental intrusion.

The Director of National Intelligence has promulgated policy regarding the use of social media in background investigations. Security Executive Agent Directive 5 (SEAD-5) permits the collection and use of publicly available social media information in connection with the security background investigation process for gaining insights into the investigated subject’s behavior, associations, and conduct that may be pertinent to adjudicative guidelines to determine initial or ongoing eligibility to access classified information. The policy expressly prohibits agencies from creating or otherwise using social media accounts to become “friends” with the investigated subject to access non-public social media information. SEAD-5 also prohibits any requirement that the investigated subject provide password information or other access to personal social media accounts. Finally, the policy states that an agency may only collect or use public available social media information upon receipt of consent via the Standard Form 86, Questionnaire for National Security Positions (SF-86).

The Department of Defense also issued guidance regarding the collection of publicly available information under DoD Directive 3115.18, DoD Access to and Use of Publicly Available Electronic Information (PAEI). DoDD 3115.18 affirms appropriate and legal access to PAEI in accordance with applicable law, but prohibits use of false identities or organizational affiliations without complying with required policies. The DoDD also mandates compliance with relevant terms of service and social platform-specific regulations.

The Privacy Act of 1974 states that federal agencies may not maintain records “describing how any individual exercises rights guaranteed by the First Amendment unless expressly authorized by statute or by the individual about whom the record is maintained or unless pertinent to and within the scope of an authorized law enforcement activity.” (5 U.S.C. 552a(e)(7)) While this section of the Privacy Act applies only to records that describe First Amendment-protected activity, agencies interested in these activities must be aware of this requirement when collecting and maintaining information related to extremism, including through the use of social media information.

Generally speaking, the current state of policy suggests that there has been a disinclination in the federal community to permit agency searches of an individual’s non-public information, even in the insider threat context. However, in light of domestic extremism concerns and the potential for insider threats to federal facilities, employees, and information, an Inter-agency working group led by the Department of Homeland Security has signaled a desire to use publicly available information, including social media, in both personnel security vetting and identification of extremism or other insider threats. One of the group’s recommended actions regarding how the government can best prevent, detect, and respond to these threats was to initiate a comprehensive review of SEAD-5 to establish clearer guidelines for the use of social media in personnel security vetting. The working group emphasized that this information, when paired with other data sources, can provide powerful insights into a person’s trustworthiness and potential to create risk to the government.

In today’s dynamic and technology-focused world, the federal government must innovate and leverage all tools at its disposal to gain mission insights and safeguard its resources. The use of publicly available and social media information may be one of those tools. Yet, if the federal community broadens its use of publicly available information, it must do so in a thoughtful manner that protects civil liberties, civil rights and privacy and is consistent with legal and policy requirements. This will require a review and knowledge of Constitutional and privacy law and jurisprudence.

ISA offers training and consulting services which can support your organization’s strategic decisions and policy development efforts around complex issues like the one discussed here. Our team includes seasoned policy analysts, legal experts, researchers, and data scientists with diverse backgrounds from the defense and intelligence communities. For more information on ISA services, please reach out to info@isallc.net.