Social Media Intelligence


What is SOCMINT?

Social media intelligence (SOCMINT) refers to the techniques and technologies that allow companies or governments to monitor social media networking sites (SNSs), such as Facebook or Twitter.

SOCMINT includes monitoring of content, such as messages or images posted, and other data, which is generated when someone uses a social media networking site. This information involves person-to-person, person-to-group, group-to-group, and includes interactions that are private and public.

The methods of analysing social media networking sites vary. Methods may include manually reviewing content as it is posted in public or private groups or pages; reviewing the results of searches and queries of users; reviewing the activities or types of content users post; or ‘scraping’ – extracting the content of a web page – and replicating content in ways that are directly accessible to the person gathering social media intelligence.

Notably, social media intelligence may include tools to collect, retain, and analyse a vast range of social media data and interpret that data into trends and analysis.


What is the issue?

Intelligence and surveillance activities have transformed in recent years, in part due to the increased amount of data being generated about people, which has been enabled through new forms of data collection and processing. SOCMINT is a form of overt and covert surveillance increasingly used by governments and non-state actors.

The term 'social media intelligence’ is often used interchangeably with the term ‘open source intelligence’. However, there is a key difference between the two forms of intelligence collection. SOCMINT can be deployed on content that is private or public, while OSINT is about strictly publicly available content, such as articles, news sites, or blog posts, published in print and on the open internet and clearly intended and available for everyone to read and watch. SOCMINT requires more specific regulation, policies and safeguards that take into account the very unique and specific nature of social media: a privately-owned space (i.e. owned by private companies) where people share freely.

Although the categories of overt and covert surveillance are increasingly blurred, the least regulated aspect of social media intelligence relates to the monitoring of publicly available data on social networking sites. In the social networking site context, information is considered as publicly available when it is accessible not only to your contacts, but to people or organisations who are not logged into a SNS or when a person or organisation is logged in but is not a validated contact (e.g. “friend” on Facebook or “follower’ on Twitter) of the targeted individual user or users.

Any attempt by law enforcement agencies or security services to covertly add the targeted user as a validated contact, to use fake profiles, to obtain further information than what is publicly available, should be treated as undercover and covert surveillance and addressed with constraints and safeguards, similar to those in place for undercover activities taking place in physical space. That is, any attempt to infiltrate person-to-person, person-to-group, group-to-group interactions is covert state action that needs to be strictly regulated by law. As it amounts to an interference with a person’s privacy, it should be demonstrably necessary and proportionate to the achievement of a legitimate aim.

However, law enforcement and other security agencies argue that social media intelligence has little impact on people’s privacy as and when it relies “only” on publicly available information. This inaccurate representation of SOCMINT fails to account for the intrusive nature of collection, retention, use, and sharing of a person’s personal data.  Social media platforms where data is posted online engage individual privacy. By way of example ‘tweets’ posted from a mobile phone can reveal location data, and their content can also reveal individual opinions (including political opinions) as well an information about a person’s preferences, sexuality, and health status.

Instead the idea of “publicly available” information on social media as having no implication for privacy has resulted in this form of surveillance being mostly unregulated or subject to unpublished regulations.

This has led to a situation where law enforcement officials (and intelligence agencies) may believe that everything that a given social networking site sets as publicly available is fair game for them to access, collect, and process with very limited regulation, oversight, or safeguards.


Is SOCMINT unlawful?

The use of social media intelligence it is an intrusion into people’s privacy and therefore must comply with the international principles of legality, necessity, and proportionality.

Whilst it is publicly available information, international human rights standards apply.

The European Court on Human Rights has long held that “there is […] a zone of interaction of a person with others, even in a public context, which may fall within the scope of “private life”. For example, commenting on the use of CCTV, the Court held that “the normal use of security cameras as such, whether in the street or on public premises, where they serve a legitimate and foreseeable purpose, did not raise an issue under Article 8 of the Convention. However, private-life considerations may arise concerning recording of the data and the systematic or permanent nature of such a record”.

And that “elements which the Court has taken into account in this respect include the question whether there has been a compilation of data on a particular individual, whether there has been processing or use of personal data or whether there has been publication of the material concerned in a manner or degree beyond that normally foreseeable.”

In fact, left unregulated, the routine collection and processing of publicly available information for intelligence gathering may lead to the kind of abuses we observe in other forms of covert surveillance or other police operations.

For example, consider the potential abuse would be the systematic targeting of certain ethnic and religious groups by law enforcement agencies. How to guarantee that there is no racial or religious bias in online monitoring if there is no notice, transparency, supervision, and oversight of police SOCMINT activities? The case Raza v. the City of New York filed by the American Civil Liberties Union revealed how the New York police was systematically gathering intelligence on the Muslim communities. Part of the surveillance involved SOCMINT.

It can also have a chilling effect on freedom of expression. Social media intelligence does not just affect the person targeted: it affects all the people within their networks. While one may agree with having a “public” chat on a social networking site (by replying to a tweet for example), it is a different matter if the person you are speaking to is monitored by the police or the intelligence agencies. A study from the Norwegian Board of Technology asked Norwegians if police should be monitoring open social media platforms. Forty percent of respondents said such surveillance would stop them from using specific words they thought police or intelligence agencies would be monitoring.


How is SOCMINT misused by governments?                                               

Governments across the world – democratic and undemocratic alike – have been developing a growing appetite for this “fast, cheap and easy” form of surveillance.

SOCMINT could include a government agent accessing the site as a non-user (e.g. using a web-browser to look through content without logging-in), an authenticated user (e.g. @policeagency following @suspect), using fake profiles (e.g. @GeeSeaAcheQueue following @protestor), intercepting data-streams (e.g. on the user’s device, or at the user’s internet service provider), or by requesting data from the social network itself.

In Thailand, the Technology Crime Suppression Division not only has a 30-person team scanning social media for lèse-majesté – speaking ill of the monarchy – content but it is also encouraging citizens to report lèse-majesté content they find online. In particular, they are targeting young people through a “Cyber Scout” programme, where participants are rewarded for reporting people who have posted content perceived as reflecting badly on the monarchy.

There are also several cases of Palestinians being arrested by the Israeli police for content posted on social networking sites. One such case involves a 15-year-old teenage girl who had posted a Facebook status simply reading “forgive me”. Israeli authorities suspected this could indicate she was about to commit an attack.

In Egypt, the Ministry of Interior issued a call for tender (that was leaked online) in 2014 to procure a social media monitoring system for the police. The Egyptian government’s policing ministry hoped to prevent protests before they happened by identifying leading figures.

In the US, the company ZeroFOX came under criticism when a report they had shared with officials of the city of Baltimore was released. In the report the company showcased how its social media monitoring tool could monitor the riots that followed Freddie Gray’s funeral (Freddy Gray was a 25-year-old African American who was shot by the police.) The report identified 19 “threat actors” among them were two leading figures of the civil rights movement #BlackLivesMatter, qualified as “physical threat.”

In the UK, Guidance produced by the Association of Chief Police Officers of England, Wales, and Northern Ireland on the policing of anti-fracking protest in 2011 suggests that, “Social media is a vital part of any … intelligence picture.” Protests at a widespread cull of badgers in 2013 were closely monitored through social media analysis. A 2013 report suggested that a staff of 17 officers in the National Domestic Extremism Unit was scanning the public's tweets, YouTube videos, Facebook profiles, and anything else UK citizens post in the public online sphere.

The UK Chief Surveillance Commissioner commented in 2015 that

Perhaps more than ever, public authorities now make use of the wide availability of details about individuals, groups or locations that are provided on social networking sites and a myriad of other means of open communication between people using the Internet and their mobile communication devices. I repeat my view that just because this material is out in the open, does not render it fair game”.


Who builds the technologies that allow SOCMINT?

There are two industries creating surveillance capabilities in social media intelligence: the surveillance industry and the marketing industry. Both industries are creating services and capabilities for both public and private sector users.

While companies like NICE (with their NiceTrack Intelligence Services), NTREPID, Kapow Software, and COGITO offer SOCMINT platforms specifically designed for governments, more and more government agencies – and in particular police forces – are turning to tools designed for marketing purposes in order to reduce costs. The phenomenon was documented by Dencik, Hintz, Carey, and Pandya in a report entitled “Managing ‘Threats’: Uses of Social Media for Policing Domestic Extremism and Disorder in the UK”. One of the sources said “A lot of stuff came out of marketing because marketing were using social media to understand what people were saying about their product...We wanted to understand what people were saying so it’s almost using it in reverse.”

Some social media companies have included provisions in their Terms of Service to ban some of the techniques used to collect data, such as “scraping”, a practice banned by SNS like Facebook and Twitter. To counter this limitation, however, some marketing companies purchase the data directly from SNS. This raises important questions as Facebook promises they never sell users’ data.


What are other applications, current or potential, of SOCMINT?

By governments

The technologies used to conduct social media intelligence allow a continuous monitoring of social media on a massive scale.

Predictive policing programmes, which use data to predict the likelihood someone will commit a crime, use data from social media networks. In Kansas City, the Kansas City No Violence Alliance is a programme led by the local police to identify future criminals. The algorithm combines data obtained from traditional policing and drug use but also includes SOCMINT. Political institutions are monitoring social media to understand (and control) public moods. Squeaky Dolphin – the programme developed by the UK spy agency Government Communications Headquarters (GCHQ) to collect and analyse data from social networks – aimed at monitoring the UK’s attitudes towards specific government ministers and sports.

The Chinese government is developing a “social credit” system, which will assign credit scores to Chinese citizens based on personal data – including their internet activity, which could include what they post on social media. Individuals’ credit scores may also be affected by who they are friends with on social networks. For example, their credit score could be influenced by their friends’ credit scores. The credit score will be used not only to determine credit worthiness, but also to determine if a person is entitled to certain social services. Third parties may also use the credit score to determine access to other goods and services, for example to determine loan rates and amounts.


And by private companies

Social media intelligence plays a large role in feeding data to algorithms, which are being used increasingly to make important decisions about peoples’ lives, including decisions such as whether a person can access a loan, get a job, or rent a home.

The use of SOCMINT in the private sector is widespread. An example is the service offered by companies like Afiniti: when you call up a call centre for leading brands including O2, Virgin Media or Sky, before you even speak to a customer service agent they have already searched for what you are posting on social media to match you with a customer service operative. This saves the customer, on average, only 2 seconds per call.

This analysis of social media data is also used to make decisions about an individual. An example of this is the use of SOCMINT to inform credit scoring, particularly for the most vulnerable customers with a limited credit history. These are common in the developing world (for example, Lenddo) but are also a growth area in the North. An example of this is Big Data Scoring (BDS), a company that offers a product that can integrate data from social media sources into a company’s decision-making processes in making loans. With mainstream clients like Admiral, decisions affecting us based on our social media profiles are becoming an increasing part of our lives.

The former head of the UK intelligence agency MI5 went as far as saying that the profiling of individuals conducted by private companies based on SOCMINT, is “just as intrusive” as the surveillance deployed by intelligence agencies.



Social networking sites are a unique space. They are run by private companies that impose their own rules – somewhat like a shop or a mall. Users are not able to decide or influence the rules, unlike the way citizens are able to vote and voice their opinion on laws that regulate public spaces. Unlike a shop or a mall, social networks are a space where if you want to participate, you need to be logged in and therefore provide some data, perform some form of identity check, and provide active consent to the platform’s rules, prior to entry.

Social networking sites therefore emerge as a space of their own, not quite private, but certainly not public. To that effect, users should be entitled to strict protections of the material they post, even if it is publicly available.

Law enforcement agencies, security services, and companies that rely on SOCMINT as part of their business models need to develop strong and auditable rules and procedures, including requiring authorisation when conducting social media intelligence and a record of activity, so that those conducting SOCMINT can be held accountable, and those who are affected can be notified.

Further, considering the risk for the right to privacy that SOCMINT presents both today and tomorrow, a clear and transparent legal framework to regulate the use of social media intelligence is needed.