‘Fear of contact’: Police surveillance through social networks Open Access

This paper considers the adoption of social media monitoring (SMM) devices by police forces for surveillance purposes. In particular, it examines the use of MM devices in terms of technical, but also social and normative dimensions for police. While existing scholarship focuses on ‘assemblages’ within social networks that augment the scope and reach of policing institutions, such connectivity also provokes concern in relation to the distribution and augmentation of vulnerabilities. In accounting for the production, circulation, and consumption of SMM devices, this paper considers findings from a set of interviews with respondents overseeing the adoption of SMM devices in European police agencies. These interviews indicate that heightened reliance on both private and public partnerships, as well as unclear terms relating to the visibility of both social life and police work, further exacerbate concerns about the acceptability of such devices in practice.

Shortly before Malaysia Airlines flight MH17 was shot down over Ukrainian airspace, Gary Slok took a picture of himself and his mother in the plane’s cabin. He then posted this photograph on Facebook (de Graaf, 2014). What would otherwise be an unremarkable act of networked self-expression became exceptional as a result of the events that followed. This content, at once mundane and enduring, is indicative of how social media communication encapsulates both situated and transcendent forms of communication. By virtue of networked connectivity manifest as both user-led and institution-led digital media cultures, state (and police) extend the scope of visibility of social life. Social media in particular allow ubiquitous connectivity by institutions, and in practice, this amounts to greater access to information about dispersed facets of social life. Rather than a panoptic social engagement (stressing a singular and all-encompassing vantage point), policing through social media in response to these developments is a process of assembling (Haggerty & Ericson, 2000), wherein a central agency may forge temporary partnerships with platform operators, device manufacturers, telecommunication companies, and software engineers based in virtually any jurisdiction in order to obtain targeted access. By fostering social convergence and context collapse by facilitating information flows and leaks between social spheres (Trottier, 2012), social media platforms further aggravate normative concerns for police, including relations between police and other social actors whose connections in turn constitute social media monitoring (SMM) devices (see, for example, Huey, Nhan, and Broll (2013) on the diverging roles that citizens serve in policing through social media). These include relying on digital media users’ content, along with an arrangement of non-state actors that according to one Dutch officer interviewed in our research (NL1) vary on a case-by-case basis. Legal interpretations about the acceptability of these connections collectively determine the societal impacts of SMM devices.

Social media platforms involve perceived risks among users, as well as non-users who may be visible on these platforms through peer content. Among these risks are criminal acts such as harassment and fraud (Citron, 2014), as well as the possibility of privacy violations, social sorting, and (self-)censorship online (Bauman & Lyon, 2012). Yet, law enforcement agencies may also experience uncertainty with regard to social media, as they are coping with an ever-transforming terrain, and a possible jurisdiction where criminal acts and responses are not obviously amenable to current laws and protocols. While the relation of social media surveillance to any specific legal framework is beyond the scope of this study, across jurisdictions and in different investigative branches police forces tend to manage the uncertainty provoked by embarking upon a new terrain through the compulsive production of knowledge ‘in the belief that it will give them greater powers to reduce risk’ (Ericson & Haggerty, 1997, p. 420).

Social media also provide the conditions for increased and widespread scrutiny of personal information (Trottier, 2012), as any single social actor has access to a greater terrain of social activity, along with a greater perception of risk. For police forces, SMM adoption furthers a dependency on partnerships with other social actors, and also heightens the visibility of police work (Goldsmith, 2010). This research considers the process by which communication work in policing is renegotiated as a result of the preponderance of SMM devices. The findings detailed below suggest that the cross-contextual nature of social media communications (manifest as a convergence of social contexts as well as a blurring of national jurisdictions) means that the risk communication of police work is itself subject to institutional risk assessments on the basis of legal limits and internal protocols. The second section of this paper considers the recent emergence of policing and surveillance through social media. Drawing from corporate sources and information from Wikileak’s Spyfiles, the third section categorises these devices in terms of the circuits of visibility they enact, noting those that may preclude police intervention due to social and normative factors. The fourth section considers the institutional contexts in which these technologies are adopted, with an emphasis on technical, procedural, and normative limitations. Interview data with early police adopters in Europe were gathered as part of a broader exploratory investigation in SMM in the EU, along with assessing perceived social costs in terms of governance and privacy. The objective was not to provide a totalising report on social media and police, nor to construct a comparative framework for national differences in legal and institutional responses. Rather, the data given here provide a cross-sectional account of uptake, with an eye to emerging patterns in terms of the negotiation of context-specific burdens when policing through social media.

The interview schedule was developed in June 2012 as part of a European Union project in order to address the perceived costs and conveniences by police of SMM devices. We sought police respondents who oversaw or were familiar with early adoption of SMM devices in European context. Such early adopters were attuned to dilemmas in terms of assessing acceptable practices and mobilising forms of capital during the enactment of a range of surveillance practices on social media. Respondents include Internet experts from national police agencies (n = 7), or from ministries of the interior (n = 3), specialist agents combatting e-crimes and child exploitation (n = 4), security researchers who work in close partnership with police (n = 5), and privacy specialists who follow police uptake of these devices in a professional capacity (n = 14). Respondents were situated in Austria (n = 2), Bulgaria (n = 3), Czechia (then the Czech Republic; n = 1) Germany (n = 2), Great Britain (n = 4), Italy (n = 4), the Netherlands (n = 1), Norway (n = 1), Romania (n = 1), the Slovak Republic (n = 2), Slovenia (n = 1), Spain (n = 6), and Sweden (n = 4). Interviews were face-to-face and semi-structured, and took place between September 2012 and April 2013.

As the technologies described in the document analysis were being trialled during this period, interviews were motivated by how SMM devices intersect with existing police practices. These respondents considered their motivations for adopting SMM devices such as open source intelligence (OSINT) search engines in their jurisdiction, locating this uptake within a context of technological scepticism. Interview questions were organised along four primary themes: (1) the respondent’s agency’s current use of SMM devices, (2) the perceived ‘effectiveness’ of these devices, (3) institutional concerns over budgets, training, and the broader ‘acceptability’ of SMM devices, and (4) societal and legal challenges that informed the perceived ‘appropriateness’ of their adoption. Interviews ranged from 45 minutes to two-and-a-half hours in duration. Upon completion of these interviews, transcripts were translated into English, and a thematic analysis identified data-driven contributions to the above themes, as well as points of overlap between them. Validation of main findings was sought with a series of meetings with institutional stakeholders, including participants and members of organisations represented in the interviews.

Surveillance refers to the close and sustained scrutiny of individuals through the collection and analysis of information, with the intention of heightened knowledge and manipulation of that population (Lyon, 2001). For police agencies, social media platforms may shape risk categories based on new criminal acts (such as revenge porn and doxing) as well as new venues for criminal acts (such as death threats and harassment). These platforms also produce information that renders such risk visible and manageable. Police mandates to gather information lead to partnerships with other institutions, whereby

While newly emerging partnerships with and through networks of social convergence anticipate jurisdictional complications, the police are expected to retain the ability ‘to move through any place as members of expert-systems of risk and security’ (Ericson & Haggerty, 1997, p. 46). Police interventions on social media in particular entail a complex assemblage of privately owned platforms, telecommunication firms, personal information authored by citizens and devices from third-party developers such as NetFalcon that extract, retain, and analyse that information. Moreover, a Spanish investigator (ES2) among our respondents notes that the diverging types of information included on social media come from diverging tools and data sources during an analysis, ranging from facial recognition software to telephone records. These partnerships between police and other actors are internally assessed in terms of their ‘fit within the technological frames of potential users among legal and justice practitioners’ as well as their alignment with the ‘values of the professional and larger communities’ (Bennett Moses & Chan, 2014, p. 656). These concerns are heightened in the case of SMM, where these partnerships as well as other facets of police work can be rendered transparent to a broader public (Goldsmith, 2010).

As a branch of the state, police forces embody a monopoly of the use of force within a given territory, and are poised to assume the expansion of that territory in the case of emerging media platforms, especially in response to high-profile criminal events, as a British investigator (GB1) notes in the context of the 2011 London riots (see also Procter, Crump, Karstedt, Voss, & Cantijoch, 2013). Yet such attempted expansions not only depend on partnerships with a constellation of platform operators, telecoms, and software developers, but also may be impacted by a police agency’s relation within a broader governmental context. Moreover, Shearing and Wood employ the term ‘nodal governance’ to illustrate the proliferation of state and non-state actors charged with security mandates, often in response to ongoing incidents (2003, pp. 402–403). Thus, contemporary police work necessitates an engagement with(in) socio-technical networks that consist of state actors, but also private entities responsible for platforms, devices, and practices. Such surveillant assemblages may temporarily work in concert to fulfil a given mandate (Patton, 1994; in Haggerty & Ericson, 2000). In practice, this amounts to partnerships with an array of social actors that may raise concerns about acceptability and appropriateness of information collection and assessment (Bennett Moses & Chan, 2014). Rather than providing a totalising account of the social network, SMM devices are constituted by distributed relations for police forces that only offer partial access to the visibility of social life therein. Moreover, the ‘loosely coordinated’ (Sandhu & Haggerty, 2015, p. 1) nature of citizen-held devices may in turn render police work visible in ways that complicate their functioning, for example, when citizens record and publicly share footage of police encounters.

While state branches may still be able to exert a central engagement with social media (for example by blocking a platform), many of the techniques described below are more akin to distributed engagement (for example, by mimicking individual user behaviour). Police may have a legal or professional mandate to exert control over social media platforms, yet they often engage with the platform from a situated, user-based position. Rather than acting as a singular force, police personnel act in a more swarm-like fashion through autonomous social media strategies (cf. Galloway & Thacker, 2007). The dispersed and ad hoc nature of these attempts suggests that police struggle to ‘develop a reliable and valid strategic presence’ (Sheptycki, 2007, p. 494; emphasis in original). These struggles, which also bear material costs, stand in contrast to intelligence agencies that rely on SMM devices that are constituted by more centralised and less transparent partnerships with platform operators and third parties, as a Dutch police respondent (NL1) notes when assessing the efficacy of his own branch. Thus, while police forces are in an advantageous position relative to other users, this superiority in terms of access to social media and mandates to exploit data are not realised in the form of a national strategy, but rather in terms of decentralised attempts to expand policing and monitoring practices onto this terrain.

While capable of accessing and exploiting social media information flows, police engagement (manifest in the interview data by reports of legal guidelines that are unaligned with technical possibilities), coupled with a range of entry points for interception, raises concerns about social and normative dimensions of police work that partly determine the adoption of SMM devices. For users in particular, a tension rests between a perceived sense of ownership after investing time and effort in a presence, and coming to terms with having no formal control over that presence. Social media content (in other words, personal information) bisects the distinction between tactic and strategy (de Certeau, 1988), as it is first authored by users who dwell on platforms like Facebook, and is then repurposed as a monetisation strategy by platform owners, or in an attempt by police to securitise the platform. The process of securitisation of social media amounts to an attempt by police to instrumentalise these platforms. They seek to assert strategic access, and this access is typically distributed as a result of the morphology of the social media access-points involving an assemblage of public and private partners. The two following sections respectively consider the devices and the institutional context in which this is attempted.

What follows is an overview of known SMM devices for police and intelligence, and how they are rendered meaningful in relation to social media securitisation. These technologies intercept different points in a communication flow, which distinguish potential relations between police, social media users and platform owners. As ‘devices of connecting and assembling’ (Aradau & Huysmans, 2014, p. 605), they offer police access to further jurisdictions, as well as access to fleeting and more enduring partnerships with state and non-state actors. An important point that contextualises interview findings below is that such connections are typically an ‘experimental, messy, and possibly failing process of assembling’ (Aradau & Huysmans, 2014, p. 605). Even in restricting our scope to technologies and practices that explicitly facilitate police surveillance of social media, five devices may be considered. While the latter two devices are constituted by direct access to targeted social media content, they are in practice precluded as a result of social and normative dimensions in police work.

First, police can perform manual searches on social media platforms. This technique refers to when an investigator navigates a platform’s interface as would a conventional user. In order to bypass privacy settings, an investigator may submit a contact request to a targeted individual, or request to join a private group. A Spanish investigator among our respondents (ES3) offers an example of sending a Facebook friend-request to a member of a political activist group from a fake profile in order to ‘get access to the web pages of its leaders’ as well as to collect other types of information, including places of residence and ideological views. Social media emerged as a possible investigative terrain when individuals affiliated with security and intelligence organisations discovered that they could search these sites for information, as they would in an interpersonal context (Trottier, 2012). Thus, it was a ground-level realisation, rather than a top-down mandate, that introduced social media in the context of police work. At the outset, there was no clear boundary between domestic and institutional knowledge of social media exploitation. While this may seem like a temporary problem, perpetual shifts in terms of new platforms, new user-led practices like cyberbullying (Broll & Huey, 2015) complicate an assertion of official knowledge and guidelines. Second, law enforcement agencies can contact social media companies directly and request specific content about a suspect. This is also a manual process, as investigators have to determine what content they want to obtain. However, the process of collecting the data is offloaded onto the social media company. One can presume that this approach is employed primarily to obtain private data, as police can simply obtain public data from the website. Although legal requests provide police access to targeted data, in Europe, they are manifest through a chain of relations with law enforcement and private institutions across jurisdictions, as one respondent indicates below.

Third, police can search ‘OSINT’ content. This refers to the use of non-private online data for investigations, including social media data not protected by privacy settings. While the agent has to manually specify the search criteria and range, a web crawler will then automatically retrieve this data. These devices can be used for both retrospective and real-time searching. As social media platforms develop a greater presence in social life, their users will continue to submit information, much of which is publicly accessible. As virtually any public information can be enrolled in OSINT, it exemplifies long-standing forms of multisource access afforded to police. In addition to accessing social media platforms by way of formerly disparate public content, it connects this content with newspapers, databases of public records, and blogs, effectively assembling a higher order network of media content. The fact that this content may potentially be appropriated as evidence for police reflects a mandate to securitise social media, among other platforms.

Fourth, lawful interception, when coupled with deep packet inspection, directly targets secure information flows, potentially violating data protection laws and reasonable expectations of privacy. Lawful interception refers to ‘the process of secretly intercepting within a network communications between parties of interest to Law Enforcement Agencies’ (Branch, 2003, p. 1). This poses several functional advantages, including an ability to scan communication data in real time, which can be integrated into other equipment, ‘thus creating the possibility for major economies of scope in implementation’ (Bendrath & Mueller, 2011, p. 1144). While social-media protocols would otherwise render content illegible upon interception, deep packet inspection purportedly transcends these technical barriers. As such, these devices have ‘reinvigorated economic, cultural, and political discussions surrounding the monitoring, censoring, and modifying of communications content in real-time’ (Parsons, 2013, 27). However, both budgeting and legal concerns can preclude the coupling of these devices in police work.

Fifth, investigators can obtain social media information by installing a Trojan on a targeted individual’s computer. This refers to software that masks its actual functions by appearing to perform a separate – and typically more benign – function. Once the Trojan has been installed, it automatically intercepts data generated on the target’s computer. Not only can information obscured by privacy settings be obtained, but user-names and passwords to social media accounts can also be sought. DigiTask Remote Forensic Software, which can also be installed through direct access, social engineering, or falsified software updates, enables access to social media data. However, DigiTask have distanced their activities from social media (Digitask, 2012). This development speaks to the limits of third-party companies asserting a strategic overview of social media landscapes. While they may have technical capabilities to do so, data protection and other laws may oblige companies to withdraw from these capabilities (which may nevertheless be taken up by law-enforcement agencies or other actors). Taken together, these methods suggest that through SMS, police can potentially intercept at any point in the communication chain. This involves mobilising social vulnerabilities through human engineering, as well as exploiting largely unanticipated forms of visibility. Yet the following exploratory interviews suggest that those potentials generate distinct vulnerabilities and limitations.

What follows is a thematic overview of police perspectives towards SMM devices. Respondents address both the initial use of and ambivalence towards the aforementioned devices. They may possess a legal mandate to monitor and intervene in these platforms, although the potential access to personal information may force a reconsideration of existing guidelines.

Interviewees report a case-based consideration of social media platforms in investigations, rather than top-down impositions from commanding officers. The initial absence of an institution-wide strategy for social media platforms echoes prior engagements with sites like Facebook among other types of organisations (Trottier, 2012). An Italian (ITA1) police respondent notes that, following the discovery ‘that some mafia affiliates were using Facebook to exchange messages, monitoring activities have indeed been intensified.’ While this may be framed in terms of new investigative resources that police have the opportunity to draw upon, the presence of other social actors on a social media terrain typically obliges police presence and intervention. Insofar as this activity is designated as social, police are compelled to respond (Newburn & Reiner, 2012). Thus, it is individual officers who elect to adopt SMM in order to engage with assemblages of socially mediated events. This suggests a bifurcation, with only some specific officers within a police agency who act and are identified as early adopters (Rogers, 2003). For police, social media engagement appears to stem from a subset of officers who introduce SMM devices to the broader institution. A German police respondent (DE1) underscores a relevant feature of manual searching: in the absence of external devices or software, surveillance by way of already-enacted computing devices and access to a social media platform can amount to a first step towards a further assemblage. This respondent also adds that in his agency ‘80–90% of the total number of officers are aware of the existence and potentials of social networks,’ but that ‘in practice only a small number would actively and extensively search for information on the web due to a certain fear of contact.’ Such fears are congruent with Ericson and Haggerty’s observations about officer resistance to new technologies due to unfamiliarity, the fear of perceived incompetence, and dependence on external institutions (1997, p. 433). Evidence of relatively novel platforms, such as YouTube in the above example, or Whatsapp more recently (Schoonen, 2016), suggests that this remains a perpetual concern for police institutions. This speaks to a potentially generalisable ‘fear of contact’ that may dampen officer-led attempts to engage with social media (without making their own actions visible to suspected targets or a wider public).

In addition to the migration of social life – including criminal life – to social media, police respondents refer to high-profile events and risks as justification for their interest. While both Italian (ITA2) and British (GB2) investigators foreground child exploitation as the primary reason for intervention, a Romanian officer (ROM1) includes

as justifications for SMM. It is worth noting that disparate forms of risk are articulated in a manner that justifies the same set of interventions. In terms of user practices on social media as well as technical and institutional abilities, it is not clear if SMM can assist in detecting or preventing the above crimes. Yet, they are invoked as risks, which are both ‘articulated with the temporal dimension of proactivity and instantaneity’ as well as recasting social media landscapes in terms of individualised risk factors (Jeandesboz, 2011, p. 9). This rationale also underscores that social media are not simply regarded as a source of intelligence about embodied events, but instead also constitute a platform where criminal events occur. This marks an expansion of police institutions’ perceived responsibility, even when their entitlement to intervene remains unclear.

Police use of SMM renders social life visible, and investigators may experience this access as a complication of police work. A Dutch officer (NL1) frames the volume of online content as a workload issue: ‘With six eyes we see what 60,000 pairs of police eyes cannot see. In other words, we do see a lot. Too much to actually handle.’ Embedded in an unmanageable quantity of data, this respondent cites a range of potential criminal events, including ‘people reported missing, abductions, crimes resulting in death, who is the perpetrator, who communicates about them, cold cases, such as a recent one-car accident we resolved into attempted murder/murder, etcetera.’ Thus, even a single criminal act enrols a range of social actors – including bystanders and commentators – who may warrant police attention. In response to such complications, respondents report taking a complaint-based approach to investigations whereby other social media users are positioned as triggering investigation. A Bulgarian investigator (BUL1) notes their reliance on a ‘signal’ from Internet users in order to consider the monitoring of specific profiles or groups on social media. While this seems like a restrained mode of engagement with SMM, recent scholarship indicates that complaint-based approaches to policing online environments, by placing the citizen at the forefront of a potential investigation, can lead to an equally overwhelming burden for agencies (Broll & Huey, 2015).

SMM entails police partnering with other institutions in order to gain access to personal information. Noting the expansion of topics and areas that are monitored on social networks, an Austrian privacy advocate (AUS1) claims that in terms of partners, ‘Relevant actors are private companies rather than public authorities.’ An Austrian investigator (AUS2) confirms this shift towards private actors when describing a hypothetical attempt to ID a criminal suspect:

Case-based arrangements with platform operators and service providers are thus necessary, but insufficient for identifying criminal suspects online. In particular, the inability to establish a link between an IP address and an individual is illustrative of a failed surveillant assemblage (Aradau & Huysmans, 2014). A Czech privacy advocate also highlights limitations in terms of attributions of online monitoring, drawing links between online and offline stereotyping that are both deemed to be unavoidable: ‘When someone regularly goes to neo-Nazi websites, he is considered to be neo-Nazi. When you drive and you have dreadlocks, you are controlled because of a suspicion of being a marijuana smoker.’ Thus, even when it is possible to connect an individual to activity on a particular site, adequate interpretation of this activity (or rather, the data that stands as evidence of such activity) may not be facilitated by partnerships with private entities. Indeed, misinterpretation of personal information on social media profiles remains a prominent concern for users (Trottier, 2012). In light of these limitations, a Dutch police respondent (NL1) refers to the size and proximity of his own investigative team as a remedy against misinterpreting data yielded through SMM: ‘Especially being the small team that we are we have the advantage of direct interaction between colleagues: how should I interpret this or that.’ While close internal partnerships with other officers may remedy some of the interpretive risks associated with nodal governance, such interpretation may not be feasible in the case of scaled-up operations.

As a principal feature of social media is the convergence of formerly distinct institutional and cultural spheres onto a single platform, effective police uptake requires not only technical literacy, but also literacy in an indeterminate range of cultural contexts. An Italian investigator (ITA1) notes that police agencies specialising in online investigations ‘surely possess high-profile technical and legal qualifications’ adding that ‘there is a certain degree of risk in employing unqualified personnel because, for instance, they could make mistakes in the way in which they acquire evidence.’ Such risks are grounds for a Swedish officer (SWE2) to oversee graduated training in this domain centred on the mediated visibility of the officer to the public. This involves capabilities that extend beyond embodied, ‘patrol car’ police work. The practical effectiveness of SMM devices – the kind of (in)visibility they provide officers – is determined by officers’ compliance with this training process, or in other words, their ‘fit within the technological frame’ (Bennett Moses & Chan, 2014) as devised by early adopters within the institution. A basic understanding of the terrain, and how to navigate, monitor and act upon it, for example, in regard to accessing and posting content on a targeted organisation’s website though a police computer, cannot be assumed on the basis of prior institutional functioning. The above respondent also notes that they occasionally rely on external staff, but that this is not considered ideal, for reasons of confidentiality and security. This suggests a reluctance to partner with other institutions, including third-party developers, in the context of SMM. These internal risks and ambivalences shape potential relations not only between police and the public, but also between police and private partners, such as software developers who render social media content accessible. SMM in practice stands as a tension between an ever-increasing reliance on private partners for police, and an expansion of the categories of skillsets (including technological expertise, knowledge of legal protocols and cultural contexts) expected of an increasingly specialised range of investigative officers.

Some respondents struggle in developing effective strategies for social media investigations. The Austrian privacy official (AUS1) refers to early instances of police intercepting burglars posting photos of their criminal acts, but states that such cases have been overrepresented in professional contexts, adding: ‘There are also burglars who fall asleep at the place of the burglary. Despite this, the strategy cannot consist in hoping that more burglars will fall asleep.’ In addition to exemplary criminal events, core features of social media platforms also provoke uncertainty in law enforcement. Regarding the interpretation of social ties between individuals, a Bulgarian privacy official (BUL2) notes that the fact that ‘it is normal to have more than 600 friends’ complicates being able to interpret the relevance of any single social link in the context of an investigation. A Swedish privacy official (SWE4) also cites the improper assessment of social ties as a concern in both social and mobile platforms in terms of violating data protection regulations. As social contacts are a core feature of social media platforms (personal profiles typically reveal biographic, geo-demographic, and transactional details about peers), targeting one individual in SMM may concurrently involve data collection against other untargeted individuals. Another Bulgarian privacy official (BUL3) notes: ‘Personal data of individuals that are outside the interest of social network monitoring and analysis systems can be handled without legal grounds which would violate their privacy.’ Even if it were possible to isolate an individual target in an SMM investigation, this respondent notes that such investigations could yield a range of multi-contextual information about a target’s movements as well as ‘their personal and social activities, for their health, property and social status, which would exceed the limits of proportionality and go beyond the purposes for which data is processed.’ In the above instances, the broader tendency within digital media cultures to compel individuals to volunteer such a breadth of personal details, including relational data, contributes to regulatory issues when police target user profiles through SMM. The growth of social media populations, as well as practices, generates a seemingly unexpected volume and range of information, which entail not only risks of privacy violations for users, but also the risk of improper use among investigators.

The techniques described above each involve differing partnerships, and thus different equipment, maintenance costs, and training. Precise, budgeted costs for SMM are not readily available in most countries. This is partly due to a lack of top-down initiatives, which are instead replaced by regional experimentation with these technologies. Regarding hardware, a Dutch police respondent (NL1) states, ‘You obviously need a computer to go on the Internet, a fast one, a good connection.’ This respondent hesitated to discuss technology in any great detail, as ‘it distracts from the substance of our work. Because in that case I would arrange my investigations according to the conditions imposed by technology, whereas I want my investigations to be determined by the brain, by interactivity.’ Such hesitation underscores the limiting range of possibilities for social activity imposed by technical infrastructures, notably as the latter become culturally embedded and taken for granted within an institution (Lanier, 2010). In Italy, ‘standard hardware’ such as a ‘500 gig hard disk’ and ‘specific software, like Silent Runner (a real-time data capture and analysis suite that can collect social media data), or the original software of each social network’ (ITA1), is sufficient to manually monitor social media sites.

While some respondents cite budget reasons for relying on freely available software (typically known as shareware), others state a preference for SMM tools that enable police to maintain mediated contact with social media platforms. A Dutch investigator (NL1) describes their ideal partner organisation as one ‘which has a relatively good language filter, which hosts all comments in a data-base, in other words, which has a really good data-base.’ In contrast, he refers to shareware as untrustworthy on the grounds that ‘you do not know how it is constructed, you do not know who constructed it’ and as such states a preference for ‘software whose origins are known, that we have evaluated, that is somehow certified, etcetera.’ This suggests an institutional tension between financial concerns and issues of provenance and risk regarding private software designers that police may rely upon in investigations. As SMM involves the mobilisation of social media platforms and related technologies as police devices, as well as the extension of police jurisdiction onto these platforms, it is understandable that police agencies seek not only transparency of social life on these platforms, but also transparency of devices that render monitoring possible. An Italian officer (ITAPOL) notes that software costs for SMM are higher, as these are ‘not purchased, but leased’. While the Italian Government prefers to lease software since ‘the technology is always up to date with innovation,’ this respondent notes the implication that ‘operatives have to constantly adjust themselves to novelties’ in using SMM tools that are leased. Thus, a financially burdensome engagement with SMM simultaneously augments the burden for operatives to effectively use these tools.

SMM device adoption depends too on interpretations of legal compliance. While police forces may have a mandate to intervene in social life, if that social life is manifest through a socio-technical network, their point of entry within such networks is nonetheless subject to assessment. A full comparative account of compliance and compatibility within various national and collective legal frameworks would be beyond the scope of this exploratory study; yet these preliminary findings support an account of SMM as provoking augmented jurisdiction and protocol-based concerns alongside the augmented visibility of social life. In Bulgaria, an investigator (BUL1) notes that police forces there ‘do not have a legislation regarding the legitimate locating of data. This is not regulated in any law or act. There is no possibility for any law enforcement agency at all to conduct such activities.’ An Austrian police respondent (AUS2) notes that specific laws may be used as grounds for online investigation, since ‘criminal offences like the dissemination of National Socialist propaganda prohibited under the Verbotsgesetz are committed in social networks.’ A Swedish officer (SWE1) observes that the legislation for lawful interception is identical between a landline phone, mobile, and Internet platform. Because the law covers all forms electronic communication, it is ‘legally quite possible’ to listen to Internet traffic. Yet such legal capacities are tempered by technical difficulties, since making sense of captured Internet flows often requires DPI or comparable devices. An Internet stream might contain a hundred ongoing processes, leaving the investigator to decide what to listen to, and how to decode it. While technological possibilities may be curbed by legal limits, it is also possible that what is legally permitted may not be actualisable in terms of available technologies. If we conceive of SMM as an assemblage of state and non-state actors, devices and practices, then it stands to reason that technical constraints in addition to social and normative ones impose limitations on such assemblages. Our respondents also identify a disconnect between technical and legal capabilities, with an Italian officer (ITA1) noting that police forces need ‘technologies that are compatible with the norms. The Budapest Convention has included computer sciences in the forensic disciplines, but the technical side and the legal one are still poorly integrated and an overall view is missing.’ Such observations reflect disconnects between technical and legal possibilities, but also organisational pathologies (Sheptycki, 2004) whereby appropriate protocols may not be integrated on either organisational or nationwide scales.

Respondents note that laws and court rulings are an important consideration in their use of SMM, notably as some forms of data collection may later be determined to be unlawful. A Swedish security researcher (SWE3) told us that in contrast to this hesitation, private companies that perform similar work with social media data would simply proceed until they are told not to. Likewise, A Dutch officer (NL1) refers to a local populist blog as a template of professionalised SMM:

Police may liken their use of social media to individual users – including hackers, engineers, and bloggers – denoting a particular agility and fluidity through which they can potentially access personal data (for instance by ‘friending’ a targeted suspect on Facebook). Yet, in practice, they report being constrained by interpretations of local laws, as well as by complications emerging from the notably cross-contextual (and thus cross-national) nature of social media communications. A Swedish officer (SWE2) notes that as most major social media companies are American, they are protected by American freedom of speech laws. Thus, an investigation against a neo-Nazi group based in Sweden would be restricted based on the tension between the transnational dimension of social media communications, and the applicability of national legislation. Indeed, although Facebook has corporate offices in Ireland, and servers in locations that include Northern Sweden, the perception of Facebook as an American company means that Swedish police are perceived as bound by American laws. Jurisdiction concerns underscore the complexities of social media securitisation, as basic claims about the location of a mediated criminal act and related evidence cannot always be asserted. On the topic of delays in investigations caused by international partnerships, a German investigator (DE1) laments that these partnerships In contrast to such frustrations, an Italian privacy official (ITA3) picks up on the tension between timeliness and compliance, noting that ‘the aim to repress certain crimes, by keeping pace with the speed with which the web can be utilized by hackers and online criminals’ could result in police ‘not complying in full with the procedural norms.’ The possibility of accessing personal information on social media necessarily implicates multiple jurisdictions, with the potential to undermine both an agency’s ability to investigate criminal events that migrate onto these platforms, but also these legal frameworks. Extending from Huysmans (2011, p. 378), complications arise not only from ‘the folding of daily life and security practice’ but also from the folding of global processes and foreign jurisdictions into a national legal context.

The surveillance of social media marks a confluence of everyday life with evidence collection through a global array of devices within localised practices. This process includes a perpetual, context-specific assemblage of disparate private and public actors, subject to their respective – and also disparate – institutional contexts and constraints. Police forces take on both abilities and liabilities when assuming mandates to access and intercept data within social media platforms. Legal guidelines complicate this process in practice, and the transnational nature of social media communications imposes additional burdens. Likewise, rather than taking the form of centralised (though occasionally mediated) access to social life as was the case in relation to earlier police technologies such as municipal CCTV networks, police agencies access social media content through multiple techniques. Such scattered forms of access highlight the necessity for what Shearing and Wood refer to as nodal governance (2003). They also provoke uncertainty for the respondents we interviewed, for whom financial costs, the absence of effective protocols and the opacity of non-state actors are cause for concern. The aforementioned social and normative concerns have complicated the adoption of SMM devices in contrast to intelligence agencies, whose use of such devices is bound to a categorically different set of capabilities (King, 2013).

Social media (and digital media more broadly) continue to be embedded within a broad range of organisational contexts. The extent to which they can render social life visible means that they can be ways to produce risk categories, both in terms of the capture and circulation of embodied criminal acts, but also mediated criminal acts. Yet, police use of SMM depends on the mobilisation of a permutation of telecommunication companies, platform operators, and other (typically private) agencies that in turn invoke their own risks by bringing unforeseen legal concerns or rendering police activity visible. In practice, police-led use of social media may be shaped by what ‘practical decision-makers and other practical actors’ consider to be ‘currently “thinkable”’ (Shearing & Wood, 2007, p. 100). Respondents from European police agencies frame appropriate use of SMM in technical and legal terms. An Italian investigator (ITA1) recommends both the training of officers and courts to acquire technological and normative capabilities, but also the development of ‘technologies that are compatible with the norms’. Other respondents favour a consolidation of potential partners in the context of nodal governance, with an Austrian privacy official advocating for a potential ‘hotline provided by Facebook in German to facilitate these investigations’ that would obviate the need for third-party technologies. Although such hotlines could facilitate information exchange between platforms and police agencies, they would do little to resolve the multi-jurisdictional nature of investigations through social media, nor would they account for newly emerging social platforms and mobile applications.

The above findings present SMM by police in terms of tensions between the ease of access offered through these technologies and the ‘fear of contact’ stemming from partnerships with private entities. Uncertainty in practice speaks to a broader attempt to come to terms with the visibility of social media users’ personal details. Alongside a more robust comparative framework within Europe, subsequent research needs to consider relations between police and public, but also both in relation to the broader social media landscape. In particular, social media users themselves maintain a curious position when it comes to the surveillance of these platforms. While comparatively precarious in their access to and control over platforms, users may exploit the networked nature of these environments to either challenge police efforts (Toch, 2012) or reproduce law-and-order politics through their own initiatives (Trottier, 2017). The latter is an acute source of insecurity, not only for individuals who are targeted by such campaigns, but also for agencies that are largely bypassed in the process. While social media policing – among formal agencies and self-deputized citizens – amounts to an ever-changing set of practices, close scrutiny of how they perform and understand these practices can provide much-needed scholarly and societal insight.

No potential conflict of interest was reported by the author.