I read a story today on Slashdot about an officer working for the Maryland Department of Corrections that was told his Facebook username and password must be provided to his employer so they can read his private messages in order to vet him for his re-certification… for national security reasons.
What bothers me the most was imagining this corrections officer having no problem with the request; simply handing over his credentials because it was “in the name of national security”.
I don’t think that is what happened here, as the ACLU got notified of the case and is stepping in on his behalf.
The weight and fear attached to that phrase (investigation, seizing physical and digital properties, do-not-fly lists, etc.) is significant and most people are aware of this. We are seeing the pendulum of logic swing far to one side, where everything is in the name of security and that includes me rummaging (openly) through your house, records and life while you sit in my pervue and smile… because hey, if you have nothing to hide, you shouldn’t be worried.
What I don’t understand about this method of National Secruity-ing is how least-common-denominator it is. Why would this guy’s Facebook credentials be necessary? What about his Twitter login and a full list of his DMs? What about his Gmail/Yahoo/Hotmail email login? What about his private Flickr account? What about his Skype/IM chat logs? What about the login for his personal machine?
Do these “professionals” not understand that if this person is really a criminal, he is probably isn’t master-minding a plot via Facebook? He probably isn’t coordinating with scary overseas folk via Twitter DMs? He probably isn’t sharing schematics of terrible devices via his Flickr stream? He probably isn’t sending spy-updates to his Eastern-block terrorist-cell via YouTube?
The FBI and CIA certainly understand this. They deal with real criminals all day long. Really sneaky folk that are pushing the boundaries of digital communication to execute their crimes. The FBI and CIA combat this with smarter people, smarter algorithms and smarter tech.
But then on the flip side, it’s like we have this giant, lesser police force walking up and down the street, pounding on your door and coming into your house to search for Terrorism… in the name of national security.
As a friend put it, this is so arbitrary. If Facebook, why not their Okurt account? If Okurt, why not their OK Cupid account? If OK Cupid, why not their Craigslist account? Shit, that is anonymous, which is just the worst… right?
If the Maryland Department of Corrections EVER uncovers a covert plot that threatens national security by logging into someone’s Facebook account or following them on Twitter, I’ll shut up. Until then, I would recommend them being smarter and trying things like psychological profiling of their employees, behavior on the job and shit… monitor their use of work-device. If the criminal is dumb enough to use Facebook to plot the next 9/11, then they are surely dumb enough to do it from a work machine at lunch time… so just catch them then.
Common guys, there is a way to keep things secure and not air your stupidity and lack of understanding out there like a flag.