Not Even Fortnite and Parenting Websites Are Safe From Surveillance
ShadowDragon, a company selling social media surveillance technology, is a contractor for the US government, including for ICE. These tools not only target social media but also gather data from video games and advice websites.
Daniel Clemens sits in a darkened room and speaks about why he thinks people should not protest. This applies to “pretty much every different group that’s out there protesting right now. There’s probably a better way to do it,” the bearded Clemens says into his microphone.
Whether its people on the Left or the Right, protesters are “probably not moving the needle at all,” he says, according to a video posted online. “Nobody is going to listen. It’s a bunch of noise. And don’t be surprised when people are going to investigate you because you made their life difficult.”
Clemens concludes the snippet with this closing thought: “My word of advice for anybody that’s feeling invited into the rage mob of the day is, ‘Hey man, get off social media. Go buy a lake house, get a beach house. Do something. Get in debt and get off social media. Don’t get invited into all this rage.’”
In some cases, it is Clemens’s own company that may help with the investigating. Clemens is the founder and CEO of ShadowDragon, a government contractor that is selling social media surveillance technology. According to internal emails obtained by the activist group Electronic Privacy Information Center (EPIC), ShadowDragon’s clients include investigative elements of Immigration and Customs Enforcement (ICE), which recently switched to ShadowDragon after dropping another provider.
Beyond those emails, leaked audio from inside an industry event and a review of ShadowDragon’s public comments provide more insight into the sort of people running a government contractor that says its tools can be used to monitor protests. These tools are also gathering data from video games like Fortnite and images from BabyCenter, a reference and pregnancy-tracking site for new and expecting parents, as well as social media sites for black people, bodybuilders, and the fetish community.
The State Department and the Drug Enforcement Administration have also purchased access to ShadowDragon’s open-source intelligence (OSINT) research, according to public procurement records. OSINT is data that is publicly available, be that from websites or apps, that can be useful to investigators. In one video, Clemens says the company has also worked with the FBI. In an email, Clemens said that the company’s clients also include corporations and nonprofits.
“Companies like Shadow Dragon collect an extraordinary amount of information from social media and other websites about the activities of internet users,” said Jeramie D. Scott, senior counsel and director of EPIC’s Project on Surveillance Oversight, in an email. “This type of mass surveillance, which is available to the government and other entities, creates a chilling effect on online activities.”
Added Scott, “Our interactions, associations, words, habits, locations — in essence our entire digital lives — are being collected for scrutiny now and indefinitely into the future through expanding analytical tools of black box algorithms. The abuse of such tools is not an ‘if’ but a ‘when.’”
“Why Not Take Advantage of Information the Bad Guys Share Willingly Online?”
ShadowDragon first invented its main product, called SocialNet, in 2009, according to a video on the company’s Vimeo channel. SocialNet gathers information from “hundreds” of different sources online, including major social media networks and smaller sites too, according to a ShadowDragon demonstration video. LinkedIn, Reddit, TikTok, and Venmo are all shown in the video.
“Uncover identities, correlations, networks of associates, and available geographical information in just minutes,” a description of SocialNet on ShadowDragon’s website reads.
In one video on ShadowDragon’s website, Elliott Anderson, president and targeting instructor at ShadowDragon, says that with SocialNet, “You can pop in an email, an alias, a name, a phone number, a variety of different things, and immediately have information on your target. We can see interests, we can see who friends are, pictures, videos.”
“Why not take advantage of information the bad guys share willingly online? After all, they have friends lists, too,” one SocialNet video says.
Clemens noted in an email that “we intentionally don’t use any AI [artificial intelligence] or machine learning.” Instead, he said, “our OSINT tools automate the gathering of public information, allowing organizations (government, corporate, and nonprofit) to make their own decisions about what the data means in the context of their investigations and which actions to take, if any.”
One of the videos providing an overview of the SocialNet tool appears to show some of the search parameters available to users. One column of the SocialNet interface shows the ability to search by “ID card — A card used to identify individuals in the Real World,” “Amazon User,” and even “BabyCenter User” and “BabyCenter Photo.” BabyCenter is a site geared towards people expecting or trying to have a baby.
“It sounds highly unlikely that users are aware their data is being scraped by government contractors and equally unlikely that they knowingly consented to that practice,” said Michele Gilman, a University of Baltimore School of Law professor who researches the intersection of digital technologies and low-income communities. “If so, it’s a violation of their individual and family privacy — and their children’s privacy — that could have harmful impacts depending on how the data is being used.”
“This is certainly concerning,” said Eva Galperin, the director of cybersecurity at the Electronic Frontier Foundation, an activist organization. “When people post about their pregnancies to BabyCenter, I think it’s safe to assume they are doing so without the expectation that ICE is watching.”
“In the current legal environment surrounding abortion in the US, I would be extremely wary of efforts to collect data about people’s pregnancies,” she added.
BabyCenter did not respond to a request for comment. “BabyCenter.com is a useful source of publicly available information for investigations relating to child exploitation,” said Clemens in an email.
Other forums and communities mentioned in the search parameters include BlackPlanet, a social media network for black people, Bodybuilding, a popular bodybuilding forum, and FetLife, a social network that caters for people with fetishes such as BDSM.
ShadowDragon monitoring also extends to video-game platforms. In audio recorded at a recent industry event, Jonathan Couch, chief operating officer at ShadowDragon, told an audience, “Fortnite is an interesting one, just because you can actually leverage Fortnite to look at, is an alias registered there? What other aliases are also related to that alias?”
Couch mentioned other gaming platforms too such as those related to Xbox, PlayStation, and Steam, according to the audio recording. Jack Poulson, from transparency organization Tech Inquiry, shared audio of the talk. Couch also mentioned Cash App and what he described as “emotional sites” where people leave reviews, such as Yelp and Tripadvisor. “This is another great source of information,” Couch says.
There is something of a cat and mouse game between companies like ShadowDragon and sites or platforms that may wish to stop such collection. Couch says if WhatsApp makes a change, for example, ShadowDragon may regain functionality in a few days. For Facebook, a few weeks. For Fortnite, just an hour or two.
Couch says, “monitoring can be used for anything from fraud protection, to insider threat, to drug gangs, to protests that are occurring.”
He added, “One customer is talking about using it for monitoring drag racing.”
“The Need to Remain Vigilant”
ICE discusses some of its own ShadowDragon use in the emails shared by EPIC. Specifically, the intelligence section of Homeland Security Investigations (HSI) at one point bought a hundred SocialNet licenses, according to the emails.
“Due to rapidly advancing technology and the need to remain vigilant, [Homeland Security investigators] must continuously identify tools that can enhance and support ICE’s law enforcement and intelligence mission,” one email reads. Other specific units or sections mentioned in the emails include ICE’s Criminal Analysis and Production Division; a Cyber Crime Division; and HSI’s International Intelligence Unit.
“The Government requires a database to filter results on a wide range of variables determined by the user; such as keywords, hashtags, language, author, emoji, dates, times, expression,” another document adds.
The ultimate reason for the switch to ShadowDragon was because at least some of ICE was retiring its use of another tool, according to the emails. “Babel X is expiring, and ShadowDragon will be taking its place as a social media exploitation tool,” one email reads. Babel X is another tool made by a similar company called Babel Street. Customs and Border Protection uses Babel X to screen travelers, which can include US citizens and refugees.
ICE did not respond to a request for comment.
Scott from EPIC added, “ICE should be very transparent about its use of surveillance tools like SocialNet and very specific about how the surveillance tools are used and how many people are implicated.”
As for Clemens’s thoughts on protesters, he added in an email that “my comments from the podcast refer to ALL groups, regardless of affiliation or cause. It was a reminder to everyone that everything we do in public, including social media posts, often lacks a legal expectation of privacy, in the same vein as the [Electronic Frontier Foundation’s] recommendations for protestors.”