Social Media Monitoring

The request was successful.

Dear Sir/Madam,

Freedom of information act request

RE: Social media monitoring / social media intelligence

FOIA REQUEST

For definition of social media intelligence please see background explanation below. We further note the comments of the Office of Surveillance Commissioners Annual Report 2016 cited below.

1. In 2016 the Rt Hon Lord Judge, then Chief Surveillance Commissioner, wrote to all Local Authorities regarding use of social media in investigations. Please confirm whether you are aware you received this letter and:
(a) Provide a copy of your response; (please confirm if you did not respond)

(b) Provide a copy of any internal audit relating to social media use arising out of Rt Hon Lord Judge’s recommendations; (please confirm if you did not conduct an internal audit and state whether any internal audit of social media use has taken place since 2016).

(c) Provide a copy of your corporate policy on the use of social media in investigations. (please confirm if you do not have one)

(d) Please confirm whether a follow up audit was conducted by the Surveillance Commissioner’s Office which was exclusively or partially related to social media use in investigations by your Local Authority.

2. Does your Local Authority conduct overt and/or covert social media intelligence in some or all of its work?

(a) If yes, please specify whether this includes profiling individuals, conducting investigations, monitoring individuals, monitoring groups, monitoring locations, gathering intelligence, for recruitment purposes.

(b) If your Local Authority does conduct social media intelligence/monitoring, please specify whether this includes both or either overt or covert monitoring of social media.

(c) If the Local Authority has conducted covert social media monitoring, please confirm the number of RIPA warrants obtained in the last two years for this purpose.

3. If the Local Authority conducts social media intelligence, please provide a copy of any current guidance/policies/internal guidance/code of practice or any other such written material used by/available to the local authority or those working on behalf of the local authority to conduct SOCMINT, the monitoring or accessing of information published on social media that is either publicly available or requires additional access e.g. to be friends with an individual, to have password and login details.

4. If you conduct overt or covert social media intelligence relating to social media platforms, please provide a copy of:
(a) Relevant [sections of the] privacy policy;
(b) the data protection impact assessment;
(c) privacy impact assessment;
(d) equality and human rights impact assessment
(e) training materials for those conducting social media intelligence.

Please state if you do not have any of the above.

5. Please provide a copy of any other template/form/document currently used (or to be used with the next three months) by the local authority or fraud investigator (or team) in the conduct of social media monitoring

6. Please confirm whether or not your local authority has purchased or uses software and/or hardware to conduct social network / social media monitoring and/or in relation to sentiment analysis.

(a) If yes, please state the name of the company / provider.

(b) If no, please state whether the local authority has developed internal methods to conduct social media / social network monitoring.

7. Please confirm, if not stated in the guidance (question 3), the policy on deletion of data obtained from social networking sites.

8. If no documents (question 3) exist, or if the following is not covered in the documents which do exist, please explain:
a. In what areas of the local authority's work is social media monitoring used
b. What criteria must be satisfied in order for social media monitoring to be carried out
c. Who must authorise the request to conduct social media monitoring
d. What is the process for conducting social media monitoring
e. How long is data collected and retained?
f. Is there any process for requesting deletion?

9. Are you able to state how regularly social media monitoring is used? If so, please provide the figures.

Kind regards,

Camilla Graham Wood

-----------

Background explanation: What is social media intelligence

This is a Freedom of Information Act request in relation to social media intelligence. Social media intelligence (SOCMINT) can also be referred to as social media monitoring, social network monitoring, social media listening, open source intelligence (OSINT) (focusing on social media platforms). Reference to SOCMINT in this FOIA request encompasses all these and any other terminology used to describe the viewing, collection, retention and analysis of data on social media platforms.

SOCMINT refers to the techniques and technologies that allow the monitoring and gathering of information on social media platforms such as Facebook, Twitter and Instagram. SOCMINT includes monitoring of content, such as messages or images posted, and other data, which is generated when someone uses a social media networking site i.e. meta data like location information. This information involves person-to-person, person-to-group, group-to-group and includes interactions that are private and public.

The methods for analysing social media networking sites vary. Methods may include manually reviewing content as it is posted in public or private groups or pages; reviewing the results of searches and queries of users; reviewing the activities or types of content users post; or 'scraping' - extracting the content of a web page - and replicating content in ways that are directly accessible to the person gathering social media intelligence.

It may include looking at content posted to public or private groups or pages. it may also involve "scraping" or grabbing all the data from a social media platform, including content and individual post and data about their behaviour (likes and shares). Through scraping and other tools, SOCMINT permits the collection and analysis of a large pool of social media data, which can be used to generate profiles and predictions about users.

We are sending this FOIA request to you as a local authority being either a London borough, metropolitan district, unitary authority, district council or county council.

Background explanation: Surveillance Commissioner Annual Reports

The Chief Surveillance Commissioner The Rt Hon Sir Christopher Rose’s Annual Report first referred to social network sites in 2012-13 stating that:

“2.4 All public authorities have struggled with the use of the Internet for investigations, particularly social network sites. A particular difficulty is the desire of national bodies to apply a doctrinaire approach which invites error if facts specific to each case are ignored or poorly considered.”

The subsequent report 2013 – 2014 stated that:

“5.30 … Although there remains a significant debate as to how anything made publicly available in this medium can be considered private, my Commissioners remain of the view that the repeat viewing of individual “open source” sites for the purpose of intelligence gathering and data collation should be considered within the context of the protection that RIPA affords to such activity.

5.31 In cash-strapped public authorities, it might be tempting to conduct online investigations from a desktop, as this saves time and money, and often provides far more detail about someone’s personal lifestyle, employment, associates etc. But just because one can, do not mean one should. The same considerations of privacy and especially collateral intrusion against innocent parties, must be applied regardless of the technological advances. It is worth repeating something I said in my 2011-2012 report, paragraph 5.8:

“There is a fine line between general observation, systematic observation and research and it is unwise to rely on a perception of a person’s reasonable expectation or their ability to control their personal data. Like ANPR and CCTV, the Internet is a useful investigative tool but they each operate in domains which are public and private. As with ANPR and CCTV, it is inappropriate to define surveillance solely by the device used; the act of surveillance is of primary consideration and this is defined at section 48(2-4) of RIPA (monitoring, observing, listening and recording by or with the assistance of a surveillance device). The Internet is a surveillance device as defined by RIPA section 48(1). Surveillance is covert “if, and only if, it is conducted in a manner that is calculated to ensure that persons who are subject to the surveillance are unaware that it is, or may be taking place.” Knowing that something is capable of happening is not the same as an awareness that it is or may be taking place. The ease with which an activity meets the legislative threshold demands improved supervision.”

The final report of the Chief Surveillance Commissioner in 2016 , before this was abolished and replaced by the IPCO stated:

“4.3 From time to time my Inspectorate is asked why, given that no authorisation has been granted by an individual authority since the previous inspection some three years earlier, the process of inspection and oversight is necessary. The short answer is unequivocal. While local authorities remain vested with the power to deploy covert surveillance, regardless of actual use, the appropriate structures and training must remain in place so that if and when the powers do come to be exercised, as they may have to be in an unexpected and possibly emergency situation, the exercise will be lawful. So, for that reason alone the process of inspection must continue. There is a further consideration. The inspection may reveal inadvertent use and misuse of the legislative powers. The steady expansion in the use of the social media and Internet for the purposes of investigative work provides a striking example of a potential new problem which came to light through the inspection system. Local authority officials, vested with burdensome responsibilities for, among others, the care of children and vulnerable adults, are, like everyone else, permitted to look at whatever material an individual may have chosen to put in the public domain. This is entirely lawful, and requires no authorisation. However, repeated visits to individual sites may develop into an activity which, if it is to continue lawfully, would require appropriate authorisations. Local authorities must therefore put in place arrangements for training officials into a high level of awareness of these risks. Without the inspection process this problem might never have been identified.

15.2 As discussed earlier one major consequence of the OSC inspections has been the emergence, during the course of discussions, of investigations being made by public authorities through use of social media and the Internet. For example, it may help to show whether counterfeit good are being offered for sale on a Facebook page, or reveal that someone who claims to be living alone as a single parent has a social media page which provides a different story, or perhaps, particularly sensitive, enable a check to be made whether concerns about the welfare of a child or vulnerable adult may be justified. When individuals choose to go public or advertise themselves, they cannot normally complaint that those who look at their social media sites are disregarding their rights to privacy. However if the study of an individual site becomes persistent, issues under the legislation may arise.

15.3 The resources available to the OSC do not enable me to say positively that issues relating to the use of social media sites have arisen or are arising in every local authority. What matters is that this potential certainly exists. Senior officials at local authorities should therefore be made aware of it and have the necessary policy documents and training and awareness arrangements in place to address it. This issue has been recognised in the forthcoming Home Office and Scottish Government Codes of Practice (which will be issued at a convenient date after the introduction of the Investigatory Powers Act 2016). However, in advance of the issue, and because of repeated findings in reports made to me by Inspectors and Assistant Surveillance Commissioners throughout this year, I acted on my own initiative. I therefore wrote to all local authorities in April 2017 explaining my concerns, and urging them to undertake internal checks of the use of social media by no doubt well-intentioned members of their staff, and to ensure that appropriate guidance and training should be provided.

15.4 An extract from the letter reads:

“it has become steadily more apparent that a number of officers working for public authorities, particularly those with responsibilities for the care of children and vulnerable adults have started to use the [social media and internet] sits, acting in good faith and on their own initiative. RIPA issues do not normally arise at the start of any investigation which involves accessing “open source” material, but what may begin as lawful overt investigation can drift into cover surveillance which falls within the legislation. Although the investigation of crime is not normally a “core function” of the Council, the protection of children and vulnerable adults certainly is, and any continuing and deeper study of the social media site in question would only be justified by the exercise of that protective function.

These are complex legislative provisions, and without appropriate training and awareness council officers cannot be expected to appreciate and apply them. They may therefore act unlawfully. Ignorance would provide no defence to them personally, nor to the Council for which they were working.

The Surveillance Commissioners have issued further guidance on this issue, and identified circumstances when an appropriate authorisations under the legislation would be required or advisable. The guidance is available on the OSC website as a public document, with the OSC Procedures Guidance. Note 289 is relevant and I highlight it for your attention.

It would be sensible for an internal audit of the use of social media sites and Internet for investigative or official business made across all departments be undertaken now. That would provide the necessary information about the extent to which formal training or awareness of these complex provisions is required.”

15.5 A copy of this letter was sent to the Chair of the Local Government Association and the national police lead for child protection issues, Chief Constable Simon Bailey of the Norfolk Constabulary.

15.6 As I reported last year, many local authorities have first-class arrangements in place for the use of covert tactics, even if, as a matter of policy, they do not intend to deploy them: others do not. Where necessary arrangements to ensure compliance are not in place, I require a report from the Chief Executive after a given period, say six months, about how the inadequacies have been addressed, and indicating that a further inspection may have to be arranged. There have been, and will continue to be occasional inspection revisits. One such revisit will have taken place by the time this report is published. I should, however, highlight that the problem of the non-compliant local authority should be kept in perspective. These authorities very rarely use or attempt to use statutory powers, and the occasions when they have been in breach of the legislative provisions remain very rare indeed. The point, as one of my Inspectors helpfully paraphrased it, is that while they are vested with these significant powers they should remain “match fit”. The inspection process provides both an encouragement and a check that they are.

The Investigatory Powers Commissioner replaced the Surveillance Commissioner. The Investigatory Powers Commissioner, Sir Adrian Fulford’s Annual Report 2017 states:

4.37 Local authority guidance on surveillance does not always address how investigators should use social media or where they may need an authorisation. The 2018 revised Home Office code of practice for surveillance contains helpful advice local authorities can incorporate into their policy documents and training.

4.38 Our inspectors were particularly impressed by Durham Country Council, whose senior responsible officer commissioned a helpful audit across the organisation on the “Use of social media in Covert Investigations’, to evaluate and report their system is adequate and appropriate for this purpose. We commend this approach.

Freedom of Information, Mid Sussex District Council

Thank you for your email. This is an automated response to let you know
your email has arrived. The FOI/DPA Team may not be able to view your
email immediately (for example if you send your request late
afternoon/evening or on a weekend, it will not be read until the following
working day) and your request will be logged as received when it is first
opened and read by us. If the email contains a request for information,
the 20 working day countdown will start on the first working day after
receipt of this request.

 

The request may be subject to an exemption, which the Authority is
entitled to apply to refuse the request. We will notify you if this is the
case.

 

Once the information has been identified the Authority may also ask that a
fee be paid for processing and delivering the information to you. Details
of any fee to be charged will be notified to you as soon as possible.

 

Any future correspondence you may have in relation to this matter should
be sent to the Senior Information Governance Officer, Mid Sussex District
Council, Oaklands, Oaklands Road, Haywards Heath, West Sussex RH16 1SS or
by return to this email.

 

Information provided under the FOI Act 2000 or the Environmental
Information Regulations 2004 may be not be re-used, except for personal
study and non-commercial research or for news reporting and reviews,
without the permission of the Council. Please see the Council website
[1]http://www.midsussex.gov.uk/my-council/f... for
further information or contact The Digital and Customer Services Team on
01444 477422.

 

 

The information contained in this email may be subject to public
disclosure under the Freedom of Information Act 2000. Unless the
information contained in this email is legally exempt from disclosure, we
cannot guarantee that we will not provide the whole or part of this email
to a third party making a request for information about the subject matter
of this email. This email and any attachments may contain confidential
information and is intended only to be seen and used by the named
addressees. If you are not the named addressee, any use, disclosure,
copying, alteration or forwarding of this email and its attachments is
unauthorised. If you have received this email in error please notify the
sender immediately by email or by calling +44 (0) 1444 458 166 and remove
this email and its attachments from your system. The views expressed
within this email and any attachments are not necessarily the views or
policies of Mid Sussex District Council. We have taken precautions to
minimise the risk of transmitting software viruses, but we advise you to
carry out your own virus checks before accessing this email and any
attachments. Except where required by law, we shall not be responsible for
any damage, loss or liability of any kind suffered in connection with this
email and any attachments, or which may result from reliance on the
contents of this email and any attachments.

References

Visible links
1. http://www.midsussex.gov.uk/my-council/f...

Freedom of Information, Mid Sussex District Council

1 Attachment

Dear Ms Graham Wood,

Thank you for your request. Please find our response below.

1. In 2016 the Rt Hon Lord Judge, then Chief Surveillance Commissioner, wrote to all Local Authorities regarding use of social media in investigations. Please confirm whether you are aware you received this letter and:
(a) Provide a copy of your response; (please confirm if you did not respond)
Our records do not show receipt of such a letter.

(b) Provide a copy of any internal audit relating to social media use arising out of Rt Hon Lord Judge’s recommendations; (please confirm if you did not conduct an internal audit and state whether any internal audit of social media use has taken place since 2016).
We are not aware that this has been covered in any Internal Audit report

(c) Provide a copy of your corporate policy on the use of social media in investigations. (please confirm if you do not have one)
Please see https://www.midsussex.gov.uk/media/3488/... - the use of social media is covered within

(d) Please confirm whether a follow up audit was conducted by the Surveillance Commissioner’s Office which was exclusively or partially related to social media use in investigations by your Local Authority.
We had a RIPA inspection in 2018 by the Surveillance Commissioner’s Office as part of a normal 3 year audit. The social media clause in our revised RIPA policy which is online at https://www.midsussex.gov.uk/media/3488/... was updated as part of that audit.

2. Does your Local Authority conduct overt and/or covert social media intelligence in some or all of its work?
Overt only

(a) If yes, please specify whether this includes profiling individuals, conducting investigations, monitoring individuals, monitoring groups, monitoring locations, gathering intelligence, for recruitment purposes.
We use limited social media intelligence to investigate Benefit, Council Tax or Business Rates Fraud and for tracing for unpaid Council Tax and Business Rates on an overt basis (where information on social media is in the public domain).

(b) If your Local Authority does conduct social media intelligence/monitoring, please specify whether this includes both or either overt or covert monitoring of social media.
Overt only

(c) If the Local Authority has conducted covert social media monitoring, please confirm the number of RIPA warrants obtained in the last two years for this purpose.
None

3. If the Local Authority conducts social media intelligence, please provide a copy of any current guidance/policies/internal guidance/code of practice or any other such written material used by/available to the local authority or those working on behalf of the local authority to conduct SOCMINT, the monitoring or accessing of information published on social media that is either publicly available or requires additional access e.g. to be friends with an individual, to have password and login details.
Please see https://www.midsussex.gov.uk/media/3488/...

4. If you conduct overt or covert social media intelligence relating to social media platforms, please provide a copy of:
(a) Relevant [sections of the] privacy policy;
(b) the data protection impact assessment;
(c) privacy impact assessment;
(d) equality and human rights impact assessment
(e) training materials for those conducting social media intelligence.
Please see https://www.midsussex.gov.uk/media/3488/.... Training was provided for staff in conducting social media intelligence following the previous inspection and we intend to conduct ongoing refresher training.

Please state if you do not have any of the above.

5. Please provide a copy of any other template/form/document currently used (or to be used with the next three months) by the local authority or fraud investigator (or team) in the conduct of social media monitoring
We use one form for Revenues and Benefits, which is attached

6. Please confirm whether or not your local authority has purchased or uses software and/or hardware to conduct social network / social media monitoring and/or in relation to sentiment analysis.
None

(a) If yes, please state the name of the company / provider. Not applicable

(b) If no, please state whether the local authority has developed internal methods to conduct social media / social network monitoring.

7. Please confirm, if not stated in the guidance (question 3), the policy on deletion of data obtained from social networking sites.
See https://www.midsussex.gov.uk/media/3488/...

8. If no documents (question 3) exist, or if the following is not covered in the documents which do exist, please explain:
a. In what areas of the local authority's work is social media monitoring used
b. What criteria must be satisfied in order for social media monitoring to be carried out
c. Who must authorise the request to conduct social media monitoring
d. What is the process for conducting social media monitoring
e. How long is data collected and retained?
f. Is there any process for requesting deletion?
Refer to point 3 above

9. Are you able to state how regularly social media monitoring is used? If so, please provide the figures.
No figures are collated but usage is very limited in accordance with the policy

If for whatever reason you are unhappy with our response you are entitled to pursue any dissatisfaction, in the first instance, by contacting Tom Clark, Solicitor to the Council, Mid Sussex District Council, Oaklands, Oaklands Road, Haywards Heath, West Sussex, RH16 1SS, email: [email address], quoting your Reference Number.

If you still remain dissatisfied with the response you can complain to the Information Commissioner - details available at: https://ico.org.uk/concerns/.

Information provided under the FOI Act 2000 or the Environmental Information Regulations 2004 may be not be re-used, except for personal study and non-commercial research or for news reporting and reviews, without the permission of the Council. Please see the Council website https://www.midsussex.gov.uk/about-us/op..., for further information or contact the FOI Team on 01444 477422.

yours sincerely,

FOI/DPA Team
----------------------------------------------------------------
Digital and Technology
01444 477422
[Mid Sussex District Council request email]
http://www.midsussex.gov.uk/my-council/f...

Working together for a better Mid Sussex

show quoted sections

Dear Freedom of Information,

Thank you for your response

Yours sincerely,

Millie

Freedom of Information, Mid Sussex District Council

Thank you for your email. This is an automated response to let you know
your email has arrived. The FOI/DPA Team may not be able to view your
email immediately (for example if you send your request late
afternoon/evening or on a weekend, it will not be read until the following
working day) and your request will be logged as received when it is first
opened and read by us. If the email contains a request for information,
the 20 working day countdown will start on the first working day after
receipt of this request.

 

The request may be subject to an exemption, which the Authority is
entitled to apply to refuse the request. We will notify you if this is the
case.

 

Once the information has been identified the Authority may also ask that a
fee be paid for processing and delivering the information to you. Details
of any fee to be charged will be notified to you as soon as possible.

 

Any future correspondence you may have in relation to this matter should
be sent to the Senior Information Governance Officer, Mid Sussex District
Council, Oaklands, Oaklands Road, Haywards Heath, West Sussex RH16 1SS or
by return to this email.

 

Information provided under the FOI Act 2000 or the Environmental
Information Regulations 2004 may be not be re-used, except for personal
study and non-commercial research or for news reporting and reviews,
without the permission of the Council. Please see the Council website
[1]http://www.midsussex.gov.uk/my-council/f... for
further information or contact The Digital and Customer Services Team on
01444 477422.

 

 

The information contained in this email may be subject to public
disclosure under the Freedom of Information Act 2000. Unless the
information contained in this email is legally exempt from disclosure, we
cannot guarantee that we will not provide the whole or part of this email
to a third party making a request for information about the subject matter
of this email. This email and any attachments may contain confidential
information and is intended only to be seen and used by the named
addressees. If you are not the named addressee, any use, disclosure,
copying, alteration or forwarding of this email and its attachments is
unauthorised. If you have received this email in error please notify the
sender immediately by email or by calling +44 (0) 1444 458 166 and remove
this email and its attachments from your system. The views expressed
within this email and any attachments are not necessarily the views or
policies of Mid Sussex District Council. We have taken precautions to
minimise the risk of transmitting software viruses, but we advise you to
carry out your own virus checks before accessing this email and any
attachments. Except where required by law, we shall not be responsible for
any damage, loss or liability of any kind suffered in connection with this
email and any attachments, or which may result from reliance on the
contents of this email and any attachments.

References

Visible links
1. http://www.midsussex.gov.uk/my-council/f...