AI intelligence analysis startup Dataminr monitored nationwide protests against the death of Minneapolis man George Floyd using rarely granted, privileged access to Twitter’s “firehose,” the Intercept reported on Thursday. While this seems like a clear violation of Twitter policies against using its tools for surveillance purposes, Twitter says Dataminr was just “news alerting” and thus totally fine.
The so-called firehose is a realtime feed of every public tweet that appears as soon as it’s sent by a user. Dataminr takes that feed and uses what it calls “deep learning AI methods” to quickly build useful overviews of specific events. While its clients include news organisations, corporations, and governments, it’s the utility of this kind of data in surveillance that poses the greatest potential for abuse, as illustrated by a series of controversies involving the company four years ago. Twitter, which owns a stake in Dataminr, became concerned that Dataminr’s contracts with U.S. intelligence agencies were a bad look in 2016 and had the agreements terminated. Dataminr also stopped providing “surveillance” products to joint federal-state and local police intelligence-sharing operations called “fusion centres” that year, but not “news alerts.”
According to the Intercept, while Twitter and Dataminr did make changes in 2016 — such as restricting the flow of data like geolocation to fusion centres and ending sales of a geospatial analysis product to “those supporting first responders” — Dataminr continues to use its privileged access to Twitter’s firehose to sell what looks a hell of a lot like surveillance tools to local police, just labelled as a “First Alerts” news product.
During the nationwide wave of protests, documents seen by the Intercept show, Dataminr kept an extensive schedule of “dozens” of planned demonstrations based on public social media feeds, including other sources like Snapchat and Facebook. It then monitored those protests, asking staff to look for things like “lethal force used against protesters by police or vice-versa,” “property damage,” “widespread arson or looting against government or commercial infrastructure,” “new instances of officer-involved shootings or death with potential interpretation of racial bias,” and instances of “violent protests [spreading] to new major American city.” While all of this information is ostensibly public, Dataminr makes the process of picking out key tidbits much more efficient.
FBI agents used online evidence including an Etsy shop and profiles on LinkedIn and fashion website Poshmark to identify and charge a woman they say set fire to two police cars during recent protests in Philly, according to the Philadelphia Inquirer.Read more
Twitter policy bans developers “from tracking, alerting, or monitoring sensitive events (such as protests, rallies, or community organising meetings)” using its API. A slightly more detailed explanation of that policy in its Developer Agreement states that devs must identify all government clients to the company, explicitly banning redistribution of content to organisations whose “primary function or mission involves conducting surveillance or gathering intelligence”:
In no event shall you use, or knowingly display, distribute, or otherwise make Twitter Content, or information derived from Twitter Content, available to any Government End User whose primary function or mission includes conducting surveillance or gathering intelligence. If law enforcement personnel request information about Twitter or its users for the purposes of an ongoing investigation, you may refer them to Twitter’s Guidelines for Law Enforcement located at https://t.co/le.
Twitter can quibble over the definition of surveillance, but it’s indisputable that police departments conduct surveillance and gather intelligence about protests — many of them have dedicated units literally named that, such as the New York Police Department Intelligence Bureau.
While the documents don’t explicitly identify police clients, Dataminr documents from October 2019 listed “law enforcement footprint” partners that included the NYPD, the Chicago Police Department, the Louisiana State Police, and the Los Angeles Police Department.
The Intercept wrote the only agency that confirmed a link was the LAPD, which told the site it only used Dataminr for trial purposes and hadn’t signed a continuing contract. The others didn’t return its requests for comment or were otherwise unable to be reached. Dataminr also by the Intercept last month showed that relationship is deepening.
The Intercept also obtained Minneapolis Police Department emails via a public records request showing that Dataminr sent the MPD alerts on ongoing protests in the city; geolocation wasn’t automatically collected, but in many cases could be obtained from the posts themselves or was manually written into the alerts by Dataminr staff. Here’s what kind of alerts the MPD got, according to the Intercept:
... on May 31, six days after Floyd’s murder, Dataminr alerted police to a tweet reading “peaceful protest outside US Bank Stadium in downtown Minneapolis. End racism. End police brutality. End inequality and inequities. #JusticeForFloyd #Minneapolisprotest #BlackLivesMatters,” along with a photo snapped by the tweeter. The accompanying caption, provided by Dataminr’s human staff, specified that this group of protesters had been “seen at US Bank Stadium on 400 block of Chicago Avenue.” Another First Alert notification sent to the MPD three days prior tipped off police to this supposed public safety threat: “Protesters seen sitting on street in front of security officers in Oakdale, MN.” Another monitored tweet and accompanying photo relayed to MPD by Dataminr reads, simply, “Peaceful protest at Lake & Lyndale.”
Dataminr executive vice president Jason Wilcox justified the contracts at a staff meeting in June by explaining it wasn’t surveillance but “situational awareness through real time events, [in] many of which people’s lives are at stake, and they can respond more quickly and save lives,” according to the Intercept. He also told staff Dataminr’s tools had identified instances of police brutality during the protests, emphasised that the company does not track or build profiles of individual Twitter users, and that it had restrictions on what keywords police could request alerts on.
In an email to Gizmodo, a Twitter spokesperson sent the same statement it had sent to the Intercept, stating it sees a “societal benefit in public Twitter data being used for news alerting, first responder support, and disaster relief,” distinguishing it from surveillance in that it was simply a form of news alerting. According to Twitter, it permits threat alerting to support first responders and allows for such alerting to specify physical locations.
Dataminr spokesperson Kerry McGee told the Intercept that it does not allow “surveillance,” instead characterising it as a form of news:
“Alerts on an intersection being blocked are news alerts, not monitoring protests or surveillance,” said McGee. “A local news organisation would also cover major intersections being blocked as a news story — this is not surveillance.”
Twitter didn’t further clarify what it does consider to be surveillance to Gizmodo, only claiming that a third-party audit had concluded Dataminr wasn’t conducting it. Dataminr didn’t provide its institutional definition of the term to the Intercept.
“It’s true Dataminr doesn’t specifically track protesters and activists individually, but at the request of the police they are tracking protests, and therefore protesters,” a source with knowledge of Dataminr’s activities told the Intercept, calling claims to the contrary “bullshit.”