DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
Refcards Trend Reports Events Over 2 million developers have joined DZone. Join Today! Thanks for visiting DZone today,
Edit Profile Manage Email Subscriptions Moderation Admin Console How to Post to DZone Article Submission Guidelines
View Profile
Sign Out
Refcards
Trend Reports
Events
Zones
Culture and Methodologies Agile Career Development Methodologies Team Management
Data Engineering AI/ML Big Data Data Databases IoT
Software Design and Architecture Cloud Architecture Containers Integration Microservices Performance Security
Coding Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Culture and Methodologies
Agile Career Development Methodologies Team Management
Data Engineering
AI/ML Big Data Data Databases IoT
Software Design and Architecture
Cloud Architecture Containers Integration Microservices Performance Security
Coding
Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance
Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks

Law Enforcement Access to Social Platforms

Data brokers have been selling your social information to law enforcement. Is there a way for them to do this ethically?

Kin Lane user avatar by
Kin Lane
·
Oct. 18, 16 · Opinion
Like (4)
Save
Tweet
Share
2.57K Views

Join the DZone community and get the full member experience.

Join For Free

I was learning about Geofeedia providing law enforcement access to social media data from Twitter, Facebook, and Instagram via their API(s) this week. Geofeedia was making money by selling surveillance services to law enforcement built on top of these social APIs. It's something that (I guess) Facebook and Instagram have cut off access to, but they could still have Twitter access through a reseller (Gnip?). 

This isn't something that will just go away. If law enforcement wants access to a user's data on Facebook, Twitter, and Instagram, they are going to get it. I am guessing that the rules regarding what law enforcement can or can't do aren't clear (I will have to learn more), and something that is just left up to platforms to enforce via their terms of service. It is a problem that modern approaches to API authentication, management, and analytics are well designed to help make sense of; we just have to come up with a new layer defined specifically for law enforcement.

Law enforcement should be able to fire up any standard or customized solution they desire to search against social media data via APIs. However, they should be required to obtain an application key and obtain the OAuth tokens that any other developer would need to. Rather than law enforcement being the customer of companies like Geofeedia, they should each get their own app ID and keys, providing an identifying application that represents a specific law enforcement agency. They can still buy the software from providers; they just need the unique identifier when it comes to API consumption.

Along with this access, we also need to begin to define an auditable or regulatory layer where other government agencies or third-party auditors can get access to the access logs for all applications registered to law enforcement agencies. It would be a kind of real-time FOIA access to the API management layer, allowing for a window into how law enforcement agencies are searching and putting social media data to use.

Of course, there will be special considerations regarding the OAuth interactions at play. At what point are end-users notified that their data is being accessed by law enforcement? At what point do other government agencies and third-party auditors have access to log file APIs for the law enforcement applications that are consuming Facebook, Instagram, Twitter, and other APIs?

There is a lot of work ahead to define how law enforcement can put social data to work via APIs, but the tools are there. Modern API infrastructure excels at this when done right. We can give law enforcement access to the data they need all while enabling transparency, making platform operators like Twitter and Facebook feel better, and respecting the privacy of US citizens. We need to just hammer out the OAuth scopes for these relationships similar to how we do it for energy, healthcare, and other vital data being served up via APIs.

This is a problem that will keep popping up. We can't just rely on groups like ACLU to find the companies who are acting as brokers and waiting for the platforms to play whack a mole when these companies are singled out. We need a formal definition to guide how law enforcement is obtaining access to increasingly vital social media and network data via APIs. We need some transparency and consistency in the process, something that APIs do well when executed properly.

While it makes cringe think about, I predict that many companies will be required to have API access in the future specifically for this purpose. My hope is that there is also some transparency and consistency baked into this approach, leveraging what web APIs do best: allow law enforcement to get what they legally need, allow other government agencies, watchdog groups, and journalists to get self-service, and predefined access to understanding what law enforcement is up to when it comes to surveillance using online services.

I will spend more time on this subject and mapping out how it might work across top platforms like Twitter, Facebook, and Instagram. I'm hoping that we can make some movement in this area before too many other episodes occur.

Law (stochastic processes)

Published at DZone with permission of Kin Lane, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

Popular on DZone

  • Cloud-Based Transportation Management System
  • Memory Debugging: A Deep Level of Insight
  • Beginners’ Guide to Run a Linux Server Securely
  • Handling Virtual Threads

Comments

Partner Resources

X

ABOUT US

  • About DZone
  • Send feedback
  • Careers
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • Become a Contributor
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 600 Park Offices Drive
  • Suite 300
  • Durham, NC 27709
  • support@dzone.com
  • +1 (919) 678-0300

Let's be friends: