The Federal Bureau of Investigation has quietly been searching for private contractors who could gather and feed to law enforcement tremendous amounts of user data straight from social media platforms such as Twitter, Facebook and Instagram.
The U.S. government needs "real-time access to a full range of social media exchanges" to better fight terrorist groups and domestic threats, the FBI said in its request for bids, which was first reported by the Wall Street Journal.
But the FBI's effort to gain far-reaching visibility into the social media activities of both Americans and foreigners risks clashing with other parts of the federal government that have sought to clamp down on Silicon Valley for data breaches, privacy violations, and other cases in which user information was shared without consent.
The FBI's search began in early July. It calls for providers that can give law enforcement agents advanced warning of violent incidents as well as the ability to summon a given social media user's ID numbers, IP addresses and telephone numbers if necessary.
This is not the first time the FBI has sought access to a wide array of social media data. In 2016, the agency announced it had hired the social media analysis company Dataminr to allow law enforcement to "search the complete Twitter firehose, in near real-time, using customizable filters." Dataminr, which looks at open source information only, is also contracted by media outlets including CNN.
It was not immediately clear whether the FBI aims to expand on Dataminr's capabilities with the new contract, or whether it is already doing some kind of monitoring of Facebook and Instagram. The FBI declined to comment, citing the ongoing nature of the procurement process.
Still, the volume and depth of information sought by the FBI highlights the agency's interest in monitoring internet users on a broad basis. Under the FBI's proposal, winning bidders must help the government "proactively identify and reactively monitor threats to the United States."
Civil liberties advocates warned that the contract could be easily abused.
"This proposal invites dragnet surveillance that history shows will disproportionately harm immigrants, communities of color, and activists, and it invites profit-seeking firms to violate Facebook and Twitter rules designed to keep users safe," said Matt Cagle, an attorney for the American Civil Liberties Union of Northern California. "Treating social media users like suspects won't make us more safe, but it will make us less free."
Social media platforms routinely provide data to law enforcement on specific individuals. But that process relies on law enforcement making individualized requests or subpoenas.
A Twitter spokesperson said the company's terms for third parties prohibit developers from "allowing law enforcement — or any other entity — to use Twitter data for surveillance purposes. Period."
Twitter restricted the amount of information Dataminr could offer to law enforcement in 2016, after critics including the ACLU brought such use to Twitter's attention.
Facebook declined to comment, but referred CNN Business to its existing app developer policies, which prohibit Facebook users' information from being shared with "unauthorized" parties.
"For example, don't use data obtained from us to provide tools that are used for surveillance," the Facebook policy reads.
The FBI procurement effort could be complicated by recent moves by Congress, the Federal Trade Commission and others to step up privacy standards at tech companies.
Last month, the FTC announced a record-breaking $5 billion settlement with Facebook over its leakage of user data to the political consulting firm Cambridge Analytica. The settlement requires Facebook to restructure its board and provide greater oversight over company decisions, though critics of the deal argued it was far too weak and did not do enough to hold CEO Mark Zuckerberg personally accountable.
The FTC declined to comment on the FBI contract. But in a statement, the FTC said its settlement requires Facebook to protect names, geolocation data, phone numbers, IP addresses and other forms of so-called "covered information."
"According to the order, Facebook needs to protect Covered Information under its privacy program," the FTC said. "It is not limited to Covered Information that is subject to a privacy setting or that is set to be non-public.