According to a set of guidelines produced by a UK police body, Facebook users may have a reasonable expectation of privacy over their social media postings.
Cops are all over social media, using monitoring tools to keep tabs on sporting events, protests, and more. These tools often aren't just about gathering public posts or tweets; sometimes, they're used to scrape metadata in aggregate and map out somebody's movements over time too.
But according to the UK's National Police Chiefs' Council (NPCC), which coordinates police forces across the country, you might have a reasonable expectation of privacy over your social media posts, even if they are public.
Included in the NPCC's Guidance on Open Source Investigation/Research, obtained by Motherboard through the Freedom of Information Act, is a section on "private information."
"Two people holding a conversation on the street or other public place may have a reasonable expectation of privacy over the contents of that conversation," the document from April 2015 reads. It was written by Jennifer Housego, head of digital at Kent and Essex police.
That expectation of privacy likely translates over to social media too, including those only visible to friends.
"This proviso is likely to apply to Social Media Sites whether or not access controls such as the 'friends' control in 'Facebook' have been activated," the document continues.
A number of UK police forces already use social media monitoring tools. According to ITNews, London's Metropolitan Police monitored some 32 million social media articles during the 2012 Olympics. In October, Motherboard found that the British Transport Police (BTP) had spent £40,000 on a piece of software called RepKnight, which can be used to infer the "mood" of a population.
At the time, the BTP said it used the software "in line with national guidance." In response, Motherboard requested a copy of the national guidance from the NPCC, which said it was not aware of any national level guidance on social media monitoring software. Instead, it presented this more general document on open source investigations.
According to the document, there are five different levels of open source research for UK police officers. The first is "overt open source investigation" carried out by a first responder, which includes looking at maps, auction sites, or any publicly available site which does not require registration to use. Then there's "core" used for intelligence and investigation; it appears to be similar, but requires officers to evidentially capture and store what they are investigating. The third level is "advanced," and may require authorization under the Regulation of Investigatory Powers Act 2000, one of the UK's surveillance laws. This applies to open source units.
Level 4 and 5 are redacted, however. In another section that appears to apply to undercover investigations, the document says an officer should not adopt the identity of a person known, or likely to be known, to a subject of interest without the consent of the person whose identity is being assumed.
Get six of our favorite Motherboard stories every day by signing up for our newsletter.