WASHINGTON -- The Homeland Security Department needs better rules over its use of Twitter, Facebook and other social media services to improve privacy and legal safeguards, the inspector general wrote in a report Friday.
The report cited confusion over "legal, privacy and information security boundaries," including one case when its investigators were secretly but improperly monitoring people online to detect benefit fraud. Officials later realized the effort broke agency rules about using online tools for undercover work, and they stopped doing it.
The department's acting privacy officer, Jonathan Cantor, disputed the inspector general's report and said he had "significant concerns" over its accuracy and recommendations. Cantor told investigators that the department already had issued agency-wide rules, but the inspector general noted that Cantor was arguing that "nearly all" DHS offices had completed training on the new rules.
"The term 'nearly all' suggests to us that more work is needed," the report said. It added: "Many component employees with access to social media had not heard of the training or had not yet seen the training provided by the privacy office. None of the employees we spoke with had completed the training required by the directive."
The report said the Homeland Security Department monitors social media accounts during natural disasters and police incidents. It cited how social media helped U.S. Immigrations and Customs Enforcement make an arrest as part of a child abuse investigation because it found a photo posted online and cross-referenced a license plate. In another case, the Secret Service noticed that a person who had threatened to disrupt the Republican National Convention in August 2012 was nearby and took action to intercept him.
The report said the Homeland Security Department doesn't have an accurate list of all its official accounts on Twitter, Facebook, YouTube and other social media services. "We determined that multiple inventories had been established by separate offices, with no clear plan for when or how the lists would be updated or maintained," the report said. Cantor also told the inspector general that keeping a master list could compromise security and investigations.
Sometimes, the department discovers unauthorized Twitter accounts belonging to government employees using them for official duties.
"However, unauthorized accounts are rarely discovered," the report said.
The report also said some DHS employees access the agency's official accounts on iPhones or their personal computers from home, which it described as "outside of the standard process."