DHS Inspector General Report: Additional Oversight Needed of Operational Use of Social Media

The following report was released by the Department of Homeland Security Office of Inspector General on September 13, 2013.

DHS Uses Social Media To Enhance Information Sharing and Mission Operations, But Additional Oversight and Guidance Are Needed

  • 40 pages
  • September 5, 2013


We audited the Department of Homeland Security’s (DHS) efforts to implement Web 2.0 technology, also known as social media. The objective of our audit was to determine the effectiveness of DHS’ and its components’ use of Web 2.0 technologies to facilitate information sharing and enhance mission operations. The scope and methodology of this audit are discussed further in appendix A.

Although DHS prohibits social media access to employees using a government-issued electronic device or computer unless a waiver or exception is granted, the Department has steadily increased its use of various social media sites over the past 5 years. Specifically, the Department and each of its seven operational components have established accounts on commonly used social media sites, such as Twitter, Facebook, blog sites, and YouTube, for outreach purposes. Public affairs employees have had wide success using these sites to share information and conduct public outreach efforts. These initiatives were effectively managed and administered by Department and component level public affairs offices. In addition, component public affairs offices have implemented policies and procedures to provide guidance to employees.

DHS and its operational components have recognized the value of using social media to gain situational awareness and support mission operations, including law enforcement and intelligence-gathering efforts. However, additional oversight and guidance are needed to ensure that employees use technologies appropriately. In addition, improvements are needed for centralized oversight to ensure that leadership is aware of how social media are being used and for better coordination to share best practices. Until improvements are made, the Department is hindered in its ability to assess all the benefits and risks of using social media to support mission operations.

We are recommending that the Department communicate the process to gain access to social media; establish a list of approved social media accounts used throughout the Department; complete the Department-wide social media policy to provide legal, privacy, and information security guidelines for the approved uses of social media; ensure that components develop and implement social media policies; and establish a forum for the Department and its components to collaborate and make decisions on the use of social media tools.

DHS Recognizes Value in Using Social Media To Enhance Mission Operations, But Additional Oversight and Guidance Are Needed

The Department and its operational components have used social media tools to gain situational awareness and support mission operations, including law enforcement and intelligence-gathering efforts. Although social media sites have been beneficial for these activities, components did not have adequate guidelines or policies to prevent unauthorized or inappropriate uses of the technologies by employees. Recent efforts to establish privacy guidelines for operational uses of social media are progressing. However, additional component level policies and procedures are needed.

Social Media Tools Prove Useful for Increasing Situational Awareness The Department recognizes that social media sites are a valuable resource for maintaining timely, accurate, and actionable situational awareness of potential and actual incidents that may require a response. DHS officials told us that the Department benefits from the speed and early warning that come with monitoring social media in conjunction with traditional media. For example, the DHS National Operations Center (NOC) is the primary watch center for situational awareness and is responsible for providing a common operating picture and maintaining communications and coordination to prevent terrorist attacks and manage incidents. To do this, NOC personnel monitor media to discover and track incidents that may affect homeland security by using search terms to find items of potential interest across various websites and, starting in 2010, social media sites.26 For example, in 2012, NOC staff monitored Twitter for updates on a police search for a man with a gun on the University of Maryland Baltimore County campus. NOC staff also monitored the Twitter accounts of multiple news organizations in 2012 to obtain information on a suspicious letter sent to the Speaker of the U.S. House of Representatives. With this type of real-time information, staff can provide notification and guidance on safety measures and other actions that should be taken.

Social media has also enabled FEMA Watch Centers to develop more timely situational awareness to communicate information to emergency managers and government officials and improve incident management decision making. FEMA’s National Watch enter uses social media websites as an additional resource to maintain situational awareness of incidents that may require a coordinated Federal response. Watch Center personnel told us that they conduct searches to identify potential incidents that may predicate a coordinated Federal response. For example, the National Watch Center monitors social media during a storm to follow its progression and see how closely it matches the forecast and news reports. FEMA Watch Center staff also use this information to confirm the locations where weather events, such as tornado touchdowns, actually occurred.

Social Media Technologies Support Additional Mission Operations

Some component program offices have increased the use of social media in law enforcement and intelligence-gathering activities to support DHS’ mission. Using social media technologies, DHS personnel can interact with the public and gain access to additional information. Specifically, DHS law enforcement officials can use social media to gather information about suspects in criminal investigations. For example, ICE officials used social media to research a suspect during a child abuse investigation. Photos posted in the suspect’s account revealed a license plate number and address, which enabled ICE to make a quick arrest. ICE officials told us that using social media for law enforcement purposes enables ICE employees to obtain information that is not always available through other means, such as law enforcement databases.

DHS component program offices also use social media for intelligence-gathering activities to mitigate threats or formulate incident responses. For example, CBP border patrol agents review publicly accessible information from social media sites to gain awareness of potential situations at the border and to alert agents of safety concerns. Similarly, the TSA Office of Intelligence gathers information from several social media sites, including LinkedIn, YouTube, and others, to mitigate threats to the transportation sector, formulate incident responses, and meet situational awareness requirements.

USSS officials told us that they are able to gain information through social media to help prevent potential incidents. Specifically, USSS uses social media to identify potential threats to protectees and protected events. For example, at the Republican National Convention in August 2012, the USSS learned through social media that a particular individual who had threatened to disrupt the event was in the area and relayed relevant information about that individual to the Protective Intelligence Coordination Center for further action.

Insufficient Guidance for Operational Use of Social Media

Although the Department has seen benefits from using social media to support mission operations, some components did not have specific guidelines or documented policies to ensure the proper use of these tools for situational awareness, law enforcement, or intelligence activities.

Personnel using social media to support mission operations told us that there was a need for additional policies or procedures that address the various challenges and questions relating to the use of social media. Component level procedures for employees who want to create new social media accounts for official purposes, or who are using social media for surveillance and interaction with individuals online, had not been developed. This has led to confusion as to what legal, privacy, and information security boundaries exist when using social media to perform operational tasks. For example, one program office used social media sites to monitor the activities of benefit applicants to help detect fraud. However, it was determined that the office did not have the proper authority to use social media for undercover work, and the use of social media was halted within the component.

Incidents of this nature led to the development of new departmental policies to ensure that DHS employees are aware of how social media technologies may be used for authorized activities. For example, in June 2012 the Department issued Directive 110-01, which established a formal privacy policy specifically for the operational use of social media to address access to and collection, use, maintenance, retention, disclosure, deletion, and destruction of PII. The Directive also solidified roles and responsibilities for the Chief Privacy Officer, component heads, and component privacy officers, among others.

At the same time, the Privacy Office released Instruction 110-01-001, Privacy Policy for Operational Use of Social Media, to provide guidance for implementing Directive 110-01. The Instruction provides detailed definitions and Department-wide responsibilities associated with operational use of social media. The instruction also provides baseline “rules of behavior” for the operational use of social media, such as to use online screen names that indicate an official DHS affiliation while performing official tasks. To implement Directive 110-01, components were instructed to complete documents that specify the authority and purpose for each category of operational use of social media. Components were also instructed to establish their own rules of behavior to document operational use of social media, including date, site(s) accessed, information collected, and how that information was used. Components were instructed to develop training for the operational use of social media as well. Components were to provide this information to the Privacy Office for approval within 120 days from the release of the Directive. At the time of our audit, all seven component offices were in the process of developing and submitting the required documentation to the Privacy Office for approval. However, Privacy Office officials stated that stronger enforcement mechanisms are needed to ensure that components comply with this new Directive.

The DHS Office of Policy is drafting a Department-wide social media policy to define how social media may be used. At the time of our audit, the policy was undergoing internal review with departmental social media stakeholders. When implemented, this policy will provide formal roles and responsibilities for the Department’s social media stakeholders and leaders as well as a framework for official uses of social media to conduct communications, operations, intelligence activities, and situational awareness.

Share this: