Pages Navigation Menu

Released the List of Keywords Used by DHS to Monitor Social Networking Sites

Dept. of Homeland SecurityForced to Release List of Keywords Used to Monitor Social Networking Sites

If you are thinking about tweeting about clouds, pork, exercise or even Mexico, think again. Doing so may result in a closer look by the U.S. Department of Homeland Security.

In a story appearing earlier today on the U.K’s Daily Mail website. It was reported that the DHS has been forced to release a list of keywords and phrases it uses to monitor social networking sites when looking for “signs of terrorist or other threats against the U.S.”

The list was posted by the Electronic Privacy Information Center who filed a request under the Freedom of Information Act, before suing to obtain the release of the documents. The documents were part of the department’s 2011 ’Analyst’s Desktop Binder‘ used by workers at their National Operations Center which instructs workers to identify ‘media reports that reflect adversely on DHS and response activities’.

The information sheds new light on how government analysts are instructed to patrol the internet searching for domestic and external threats. The Daily Mail’s article noted the Electronic Privacy Information Center wrote a letter to the House Homeland Security Subcommittee on Counter-terrorism and Intelligence, describing it’s choice of words as ‘broad, vague and ambiguous’.

What wasn’t disclosed is how the agency actually gains access to the various search engines and social networks to monitor the specified keywords. My guess is the DHS has a “special arrangement” with companies like GoogleFacebookMicrosoftYahoo and Twitter to gain secure direct API access. This type of access would allow it to use distributed cloud technologies to monitor the daily flow of social media and search activity in something close to real time.

I would love to learn more about the technologies used to accomplish this type of social / web monitoring. The applications for monitoring trends and social statics are fascinating when applied to other industry sectors. Given the extent of the monitoring, I’m sure this post itself is now coming up on the DHS radar, so please feel free to leave a comment with any insights.

(Update 1: Reading through the Desktop Binder, I discovered the DHS Twitter account is @dhsnocmmc1 and DHS appears to be using tweetdeck to monitor the various keywords. See Page 38 – Also interesting to note they seem to be using a Mac Mini as a server, and no password vaults. All Passwords appear to be shared in a plain text word document.)

(Update 2: On page 37, DHS instructs analysts to accept invalid SSL certificates forever without verification. Although invalid SSL warnings often appear in benign situations, they can also signal a man-in-the-middle attack.Not a good practice for the security conscience. Thanks to @obra on twitter for the tip.)

Full List of Keywords & Search Terms



  1. And in an age where any idiot can get their hands on real good steganographic software and stick whatever they want into one of millions of porno images of vids anywhere in the web and thus MAKE IT VIRTUALLY IMPOSSIBLE to detect any thing we are led to believe that these immense geniuses are “protecting” us by scanning keyworks?
    Really ? Withouth any correlational analysis of why I am writing about a pig with tubercolosis infection in my grandfather farm who did not have an antiviral in 1920?
    You have got to be kidding……!

  2. Paolo it’s very strange your comment, really ;)

    you say: “Withouth any correlational analysis”
    - why “without”? they do ALL the analysis! ;) this article/ news is about the keywords for MONITORING, then, the rest of the process, is not covered by it, but it exist for sure ;). do you believe that the CIA-like services are so stupid so they can’t do data mining? mah…

Leave a Comment

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>