Terrorists use the internet to disseminate propaganda, solicit new members, communicate, gather intelligence, seek money, and inspire and plan attacks. In 2015, the San Bernardino, California, terrorist attack brought the use of social media intelligence (SOCMINT) by the Department of Homeland Security (DHS) and U.S. Citizenship and Immigration Services (USCIS) to vet immigration benefit seekers under scrutiny. Republicans and Democrats in both the House and Senate indicated support for using SOCMINT to screen individuals entering the United States. In 2016, DHS expanded its use of SOCMINT under Secretary Johnson’s command.
USCIS “administers the nation’s lawful immigration system, safeguarding its integrity and promise by efficiently and fairly adjudicating requests for immigration benefits while protecting Americans, securing the homeland, and honoring our values.” USCIS began conducting SOCMINT research and development projects to test the automation of “bulk screening of social media information” supplemented with human analyst review “across a number of high-priority populations.” The Office of the Inspector General (OIG) investigated and reported on DHS’ preliminary efforts as if they were pilots rather than research and development projects. Based, in part, on the OIG findings and Freedom of Information Act (FOIA) releases, the skeptics of SOCMINT argue against its use. These critics contend that the number of social media platforms, posts, and foreign languages used, context ambiguities, constitutional implications, data management issues, and targets’ evasion efforts make the DHS open-source SOCMINT capability unviable.
A. RESEARCH QUESTION
Terrorists’ use of the internet, DHS’ response, and the critics’ claims create a novel research question. To what degree can an open-source SOCMINT gathering and analysis capability assist USCIS in accomplishing its homeland security mission? Determining if open-source SOCMINT is viable for DHS and identifying how to maintain a successful open-source SOCMINT capability requires answers to various questions. For example, how can DHS analyze the large volume of social media content on hundreds of social media platforms efficiently? How can DHS maintain an open-source SOCMINT capability consistent with constitutional requirements? How can DHS differentiate the context of social media content, e.g., legitimate threat versus satire? How can DHS efficiently navigate an endeavor involving numerous languages? Do targets’ evasion efforts make the DHS open-source SOCMINT efforts futile? This thesis answers these related questions during the effort to answer the research question.
This thesis seeks to fill a gap in the literature—the lack of immigration-related SOCMINT scholarship—by exploring the necessity and efficacy of open-source SOCMINT in identifying potential fraud, public safety, and/or national security concerns (threats) from immigrants seeking immigration benefits from USCIS. In terms of practical implications, the thesis provides policymakers an inventory of the critics’ objections to SOCMINT. It offers insights into DHS’ policy and procedural safeguards to avoid the perils related to the critics’ objections. It evaluates and rebuts the critics’ claims, where possible, by providing a more fulsome review of the applicable documents about the DHS SOCMINT efforts than exists in the public discourse.
C. RESEARCH METHODS
This thesis examines the qualitative data of the issue rhetoric—the debate and discussion—between the critics and supporters of implementing SOCMINT. This rhetoric exists in the open-source literature, e.g., books, scholarly journals, articles, news stories, FOIA-released documents, and government reports and memorandums. In addition, quantitative data from the Profiles of Individual Radicalization in the United States (PIRUS) dataset provides insight into the viability of using SOCMINT to identify threats among immigration benefit seekers.
D. RESULTS AND CONCLUSIONS
The research results show that the critics’ objections are mostly unpersuasive. Open-source SOCMINT is a viable means for USCIS to identify and mitigate threats among immigration benefit seekers for the following reasons:
• The PIRUS dataset confirms that the propositions for SOCMINT are valid.
• A broader analysis of the OIG report and FOIA-released documents undermines the allegation that efforts to deploy a SOCMINT capability to date have been fraught with problems.
• Insights from the 9/11 Commission, other experts, a rational, objective reading of the OIG and FOIA reports, and the PIRUS dataset undermine the argument that the nation is safe enough without SOCMINT.
• A broader analysis of the OIG report and FOIA-released documents refutes the claims about yield in identifying threats. The critics’ automation arguments about scope and scale are unpersuasive because USCIS is not relying on automated SOCMINT for the process of reviewing posts. Safeguards are in place to mitigate language and context misinterpretation and any potential derivative adverse outcomes. The PIRUS dataset contradicts the critics’ encryption claim for both internet users and social media users. The critics’ claim about identity resolution is questionable.
• The critics’ arguments about misinterpretation from data sharing are unpersuasive because there is no reasonable expectation of privacy in open-source social media data.
• The nature of the social media data collected, privacy rules, and the information collected from non-social media data collection efforts undermine the argument about SOCMINT privacy intrusiveness.
This thesis offers SOCMINT policymakers a number of recommendations:
• USCIS should continue to use open-source SOCMINT to identify fraud, public safety, and/or national security threats. Agile leveraging of authorities and technology to meet threat identification needs is critical. It is important to look broadly beyond DHS for expertise and best practices on SOCMINT among law enforcement agency partners’ initiatives, e.g., Social Media the Internet and Law Enforcement conferences, Five Eyes members, and Real-time Open Source Analysis of Social Media.
• DHS should use care in appropriately designating efforts as pilots or research and development projects and ensure a unified understanding, management, and messaging across DHS components. DHS components should resist merely concurring with OIG findings to silence concerns versus defending actions on their merits. Senior DHS leadership should publicly defend ill-informed narratives from critic and media echo chambers that confound fact-based public interpretation of DHS initiatives.
• DHS should consider supplementing the open solicitation and commercial tool approach for SOCMINT tool development in favor of a model more aligned with the United Kingdom’s Detecting and ANalysing TErrorist-related online contents and financing activities and reTriEval and aNalysis of heterogeneouS online content for terrOrist activity Recognition project approaches.
• DHS should research the viability of creating a centralized Center of Excellence for DHS’ SOCMINT capability modeled on the United Kingdom’s Centre of Excellence in Terrorism, Resilience, Intelligence & Organised Crime Research Open-source Intelligence Hub.
• USCIS should ensure data and constitutional protections are robust. Policies, procedures, and training are in place to prevent problems. However, as with any human-based system, efforts at the front end may not guarantee employee conduct during execution. Policies, procedures, and training are not 100 percent effective, despite best intentions. Consequently, USCIS must also remain equally vigilant in its oversight efforts to protect the principles of the U.S. homeland.