After years of development, the US government has come up with an official policy to mine the public social media accounts of potential employees during background checks.
The policy was signed on Thursday by Director of National Intelligence James Clapper. It allows intelligence agencies to collect "publicly available social media information," so it doesn't cover anything that's not public information already, and expressly forbids agencies to request passwords or create fake or real social media accounts to interact with the applicants "in order to bypass privacy controls."
Steven Aftergood, the director of the Project on Government Secrecy at the Federation of American Scientists, and an expert in government secrecy, said that this policy has been in the works for 8 years.
"The policy seems innocuous to me, because it relies exclusively on publicly available material," he told Motherboard in an email. "For the same reason, I'm not sure it will have a lot of value for security purposes."
The policy is another case of the government playing catch-up with technology that's been widely deployed and use by all Americans for years.
"It may surprise many readers to know the government only now is codifying its approach to the virtual lives of the people it entrusts with real secrets," Bill Evanina, who leads the National Counterintelligence and Security Center, wrote in an op-ed. "Social media has become an integral—and very public—part of the fabric of many Americans' daily lives. We cannot ignore this important open source in our effort to safeguard our secrets—and our nation's security."
Not everyone is a fan, however. Michael Adams, an information security expert who served more than two decades in the US Special Operations Command, said that this policy is more invasive than it looks.
"The exact agencies Clapper authorized today to collect, collate and retain not only people with security clearances but will incidentally collect data on the people the targeted people interact with," he told Motherbaord in an online chat. "Think as examples, anyone someone with a clearance interacts with on Twitter or anyone with a clearance who interact with their 'Facebook Friends.'"
"This also means for example if I communicate with someone on Twitter who lives in another country," Adams added. "Clapper for all intents and purposes just authorized a Global dragnet for social media."