How Despots Use Twitter to Hunt Dissidents
If you ignore all the self-promotion, ranting, and frog memes, it’s possible to see the Twitter that Jack Dorsey likes to talk about. It’s a “people’s news network,” he wrote in a memo earlier this year—a digital town square that connects voices from around the world. Taken together, the hundreds of billions of tweets that have been created over the past 10 years represent a constantly updating corpus of human conversation. Dorsey, Twitter’s co-founder and chief executive officer, sometimes brings up Salman Rushdie’s allegorical novel Haroun and the Sea of Stories, about a boy who keeps the sea from being poisoned by evildoers who value silence over speech. In Dorsey’s imagining, Twitter is the sea and he is the boy.
Nowhere was the promise of Twitter more fully realized than in Saudi Arabia, where the service was embraced as a way to get around government censors. “People do not trust the official media,” says Hala Aldosari, a Saudi scientist who started tweeting in 2010 about such taboo topics as the kingdom’s guardianship laws, which prevent women from traveling or marrying without a man’s permission. A 2013 study found that 1 in 3 Saudi internet users was active on Twitter, the highest market share in any country. (In the U.S., it’s 1 in 5.) “The only way for us to discuss these issues is through social networks like Twitter,” Aldosari says. “It allows us to create groups of like-minded people.”
But if Twitter provides a rare outlet for criticism of repressive regimes, it’s also useful to those regimes for tracking down and punishing critics. In September 2012 a Saudi Twitter user named Bader Thawab was arrested for tweeting “down with the House of Saud.” In March 2014 an eight-year prison sentence was upheld for a Saudi man who’d mocked the king and religious officials on Twitter and YouTube. The following May, a Saudi man in a wheelchair named Dolan bin Bakheet was sentenced to 18 months in prison and 100 lashes for using Twitter to complain about his medical care. In all, there have been dozens of Twitter-related prosecutions in Saudi Arabia, according to Human Rights Watch.
Twitter is still popular in the kingdom—the service has added 200,000 active users there since 2014, according to the Arab Social Media Report—but it no longer hosts much dissent. Activists are careful to tweet in coded language, if they tweet at all. “People don’t openly discuss important things on Twitter anymore,” says Ali Adubisi, a Saudi human-rights activist. “Twitter is totally different, totally silent, totally weak.”
Critiques about the dark side of Twitter have been around almost since its founding in 2006. Women and minorities have long complained of routine harassment from trolls, leaving them with little recourse beyond deleting their accounts. The tendency of Twitter conversations to end in vitriol or even physical threats has hindered the company’s efforts to attract new users—its user base grew just 1 percent in the second quarter of 2016—and to reach profitability. The prevalence of abuse on the platform also figured in the decision by Walt Disney, a leading candidate to buy the company, to back away in October from a bid, according to people familiar with Disney’s thinking. Twitter’s stock price has fallen 31 percent since reaching a high for the year on Oct. 5. It’s preparing to lay off 300 employees, or about 8 percent of its workforce, according to Bloomberg News.
During an earnings call in July, Dorsey acknowledged that Twitter needed to think harder about how it ensures the safety of its users. “Freedom of expression means little if we allow voices to be silenced because of fear of harassment,” Dorsey said, adding that user safety would be “one of our top five priorities for this year.”
For years, Twitter has offered access to its “Firehose”—the global deluge of tweets, half a billion a day—to a number of companies that monitor social media. Some of those companies resell the information—mostly to marketers, but also to governments and law enforcement agencies around the world. Some of these authorities use the data to track dissidents, as Bloomberg Businessweek has learned through dozens of interviews with industry insiders and more than 100 requests for public records from law enforcement agencies in the U.S.
There’s nothing illegal about selling Twitter data, but it’s uncomfortable for a company that promotes itself as a medium for free speech and protest. Twitter issues regular transparency reports and has gone to court to fight censorship. Dorsey himself marched with Black Lives Matter activists in 2014, regularly tweeting messages of support and appearing at a conference this June wearing a #staywoke T-shirt. But amid Dorsey’s activism, one data user, Chicago monitoring company Geofeedia, was hired by California police departments after pitching its ability to identify civil rights protesters, according to an American Civil Liberties Union report released in September. Twitter, which touts a policy that prohibits third parties from making content available “to investigate, track or surveil Twitter’s users or their content,” cut ties with Geofeedia in October.
Twitter offers a free, stripped-down version of the full Firehose to the public, and in recent years, at least 17 companies besides Geofeedia have marketed surveillance products that make use of Twitter data to law enforcement organizations. One such company, Snaptrends, based in Austin, promoted social media analytics tools to authorities in Azerbaijan, Bahrain, Malaysia, Saudi Arabia, Turkey, and other countries known to suppress online speech, according to confidential company documents and interviews with current and former employees. The company often approached potential customers during moments of social unrest. In a statement, Snaptrends characterizes its business with foreign governments as appropriate and lawful, and says its software was intended for “market awareness around a brand, product, service, issue, or a person.”
According to internal documents, Snaptrends has done business with the United Arab Emirates, whose government last year imprisoned an Omani blogger for tweets insulting the U.A.E.’s leaders. It also provided Twitter data to a law enforcement agency in Bangladesh that’s classified as a “death squad” by Human Rights Watch. As Kevin Hatline, a former customer support manager at Snaptrends, puts it, “We all knew this could be used to put a black bag over someone’s head and make them disappear.”
There are, in essence, two parts to Twitter. The first, the public part, has been embraced by activists, politicians, athletes, navel-gazers, and advertisers. Write some words, throw in a link or a picture, and your tweet will show up on the feeds of anyone who follows you. If your followers like it, they’ll retweet it to the people they follow, and so on. In a matter of minutes, a joke, put-down, or message of dissent can be viewed by millions. It’s possible to make a Twitter account private, but few users do so because it defeats the purpose of the service, which is to make yourself heard. All told, users post 500 million 140-character messages each day, essentially drowning the previous day’s conversations in a fresh stream of content. It’s easy to find a specific tweet by LeBron James but very difficult to obtain records of every person who’s tweeted about LeBron James.
That is, unless you have access to the second part of Twitter: the Firehose, which has spewed almost a trillion tweets to date. Each of those tweets includes the words posted from the blue box on the home screen—what most people think of when they think of a tweet—and also more than 30 other data fields mostly hidden from regular users. With this data, users are sortable by, among other things, the device they tweeted from, the names and locations they give in their profiles, and the number of times tweets have been retweeted. If the user has consented, the data can also include the exact location from where a tweet was sent, a practice known as geotagging. Within the Firehose, the text of the messages accounts for only 3 percent of the data. The rest, says Gerald Friedland, a researcher at the University of California at Berkeley, is “basically, information about you.”
In Twitter’s early years, when it had only a few million users, anyone could tap into the Firehose free of charge. This was partly self-serving: If software developers built innovative products and services around the tweets, they would expose more internet users to Twitter. But as the service caught on and daily volume rose from 65 million tweets in 2010 to a half-billion today, the company started charging for access, both to reduce the strain on Twitter’s servers and to increase revenue.
Twitter still makes some of its historical data available for free to anyone, but it limits the number of tweets that can be returned by a single search query and the number of times users can search within an hour. Twitter’s real-time data are available to everyone, too, though in a more limited way. Nonpaying users can search with keywords, but the number of tweets they see is capped at 1 percent of Twitter’s total output, about 5 million tweets per day.
That’s a lot of data, but if you want everything, you still need the Firehose. Twitter offers a range of access levels. The Decahose, as its name implies, contains a random sampling of 10 percent of Twitter’s real-time output, which can be useful to marketers, academics, or pollsters. Historical PowerTrack lets buyers search the archive of past tweets, all the way back to Dorsey’s initial post in 2006. For the highest rollers, the full Firehose provides 100 percent of the real-time stream, with no limitations.
Twitter doesn’t advertise data prices, but full Firehose access can cost more than $1 million a year, according to a 2012 lawsuit with one of its data partners. In company filings, Twitter reported that its data licensing division generated $67 million in revenue in the second quarter of 2016, a 35 percent increase from the same period in 2015. (Bloomberg LP, parent of Bloomberg Businessweek, buys Twitter data.) Twitter made $535 million, nearly 90 percent of its revenue, selling ads, but that business is growing at half the rate. Given the company’s continued unprofitability, the Firehose is a potential lifeline. “A large part of [Twitter’s] value lies in their ability to monetize the Firehose data,” says Brad Slingerlend, a portfolio manager at Janus Capital Group, which sold all its Twitter shares earlier this year.
But that assumes Twitter can figure out how to make money off the Firehose while not letting its data customers, in Slingerlend’s words, “suppress liberty somewhere in the world.” Doing that is no simple matter. Tweets don’t exist in a vacuum—users are creating additional social media trails on Facebook, Instagram, and YouTube that can easily be linked to their Twitter accounts. The monitoring companies have become adept at deducing names, addresses, and other information that Twitter users may not have intended to disclose. According to Twitter, only 2 percent of tweets are geotagged, but Snaptrends CEO Eric Klasson said his company can identify the location of 30 percent of tweets involving specific events. Former employees say it does this by using data streams from other social networks and analyzing the text of tweets for clues. If a person opts out of Twitter geotagging but opts in on Instagram, it’s not hard for Snaptrends’ technology to connect the two. In a statement, Klasson says that Snaptrends looks only at the language of a tweet and information shared in the metadata to determine a person’s location.
In a 2015 pitch to the police department in Boise, Idaho, Snaptrends said it could help cops understand a suspect’s “geographic patterns of life” and determine “their most important associates.” According to the pitch, its tool could be used to help the Boise police find “the people posting most frequently who oppose [police] efforts.” Impressed, the department paid $24,995 for a year’s subscription to Snaptrends. A Boise PD spokeswoman says the service wasn’t renewed.
The Northern California Regional Intelligence Center occupies the 14th floor of a drab federal office tower in downtown San Francisco. It’s part of a nationwide network of “fusion centers” set up after the Sept. 11 terrorist attacks and funded in part by the Department of Homeland Security. There are 78 facilities in all, each run by state or local police with federal officials on-site. Fusion centers are controversial—supporters describe them as models of modern policing; critics see them as a domestic spying system that often strays from its antiterrorism mission. Either way, they’re among the most enthusiastic buyers of social media monitoring software.
“These tools, they don’t see everything,” says Mike Sena, the San Francisco center’s executive director. Sena, who agreed to meet with Bloomberg Businessweek reporters after learning we had begun filing public records requests, takes pains to convey that when police mine Twitter for information, they’re acting appropriately. Spying on citizens is “not our goal,” he says. “But we need to find threats.” According to Sena, monitoring tools are typically used during big events like the Super Bowl. A police analyst sitting at a computer terminal can gather up any social media posts from the vicinity that contain “gun,” “bomb,” or other keywords, then dispatch officers to investigate.
Over the past few years, fusion centers have developed formal policies for social media monitoring. Officers are told they need a valid law enforcement purpose and are prohibited from examining posts protected by a user’s privacy settings. They’re also instructed to refrain from profiling based on race or religion. “You’ve got to have a criminal case,” Sena says. But the technology is new, and norms are still in flux, especially at smaller police departments. According to internal police documents, an investigator in Round Rock, Texas, set a software tool to look for mentions of the words “Islam” or “Muslim.” Outside Baltimore, as anger over the death of Freddie Gray simmered, an Anne Arundel County Police Department detective used Geofeedia software to capture social media posts being created at a gala dinner and breakfast honoring Martin Luther King Jr. An Anne Arundel County Police spokesman says the monitoring was a security precaution; the Round Rock Police Department declined to comment.
In a fusion center in Salem, Ore., an intelligence analyst working for the state’s Department of Justice used monitoring tools to look for local Black Lives Matter supporters. That led him to tweets that concerned him, including one with an image of a man in cross hairs. The analyst filed a report—and was reprimanded when the image turned out to be the logo of the rap group Public Enemy. The department has since scrapped its use of the tool, and a spokeswoman says the analyst has been fired.
Hatline, the former support manager at Snaptrends, says he worked with about 100 customers, showing them how to use the product and answering their questions. He saw how powerful it could be when it was used for research purposes or for tapping into customer opinions. But he says he became disillusioned with how some companies and foreign governments were using the tool. One customer, the Texas grocery chain H-E-B, used the software in part to find disgruntled workers, according to former Snaptrends employees. Verizon used the software to monitor any “negative social media discussions” and “plans emanating from union and Occupy movement members” during a May 2013 shareholders meeting as part of a test program, internal Snaptrends documents show. Hatline says Snaptrends’ managers are “only thinking about money when it comes to new customers.”
According to a Verizon spokesman, the company didn’t purchase a subscription to the service. Snaptrends said in a statement: “We make decisions on sales of Snaptrends based on legal, business, and policy considerations,” adding that its products are focused on “the safety of persons, buildings, and property.”
H-E-B and Verizon declined to answer questions about their dealings with Snaptrends. But an Austin-based nonprofit, Texans Standing Tall, agreed in September to discuss its use of the service. The organization, which receives federal and state funds to prevent youth substance abuse, has paid for Snaptrends data since 2014, mostly to fight underage drinking. Employees scour social media for signs of a party and alert local police if they find something suspicious.
In the lobby of a South Austin hotel, Brian Lemons, the group’s strategy specialist, opens a laptop to show searches he’s saved on the Snaptrends software. They’re grouped by keywords and the names of Texas towns: Odessa, Georgetown drunk, Georgetown turnt—“turnt” being slang for enthusiastic partying. When Lemons clicks on a post, a history of the user’s social media activity pops up.
Snaptrends’ 2015 user guide says clients can keep tabs on individuals by designating them as “persons of interest,” displaying a social media profile picture, a sort of high-tech mug shot. These online dossiers include summaries of posts, geographic locations, and the network of people each person communicates with most often.
As Lemons shows off the person-of-interest feature, he acknowledges that he sometimes feels like a bit of a stalker. “This feels a little strange doing this to an 18-year-old,” he says.
In November 2015 a group of Bangladeshis showed up in Austin to meet with Snaptrends. A former employee remembers that they were exceedingly polite, wore Western clothes, and declined alcohol when it was offered. For many, it was their first trip to the U.S.; some had brought their families along. This group was, the employee learned, a contingent sent by Bangladesh’s Rapid Action Battalion, an elite antiterrorism unit. The country’s security forces have “a culture of extrajudicial killings,” according to Human Rights Watch, and have been known to deliberately maim political opponents by shooting them in the leg or knee at protests. Human Rights Watch blames the Rapid Action Batallion for at least 800 unlawful killings in the past decade.
The Snaptrends sales staff took 10 of the visitors for a night on the town in Austin, according to former employees. At the end of 2015, the Bangladeshi government paid Snaptrends $73,125 for a software license and more than $41,000 for training and installation. Bangladesh’s national police force didn’t return numerous e-mails seeking comment. Snaptrends would neither confirm nor deny whether it did business in Bangladesh.
Snaptrends also made overtures in Hong Kong, where the government had recently struggled to quell protests over the involvement of the Communist Party in local elections. In December 2014, Brandon Burris, a Snaptrends co-founder and chief technology officer at the time, flew to Hong Kong as part of a $300,000 deal with a local holding company, Faith Concord, according to a confidential monthly operating report distributed that month by CEO Klasson to investors and some employees. (Burris, who left the company earlier this year, declined to comment.) It’s not clear what Faith Concord, which also declined to comment, is doing with the service, but according to corporate filings in China, the company owns BaoLiDa, which markets its ability to monitor citizens’ activities on the internet to the Chinese government. Snaptrends says it never sold any products in Asia.
Snaptrends went to greater lengths to do business in Saudi Arabia, which began cracking down on dissent as Arab Spring protests flared up in neighboring countries. In 2013 the company set out not only to peddle its monitoring tools there, but also to sell its entire international division for $300 million to a Saudi company with ties to the royal family.
According to another monthly operating report by Klasson, Snaptrends executives met in Dallas in June 2013 with a Saudi prince and Mazin Ghazzawi, a Saudi jeweler and businessman, to lay out the terms of a deal. They started with a baby step: Ghazzawi’s company paid Snaptrends $500,000 for the right to sell Snaptrends technology in the kingdom. If sales were high enough, Ghazzawi’s company could acquire Snaptrends’ international division. The next year, Snaptrends representatives flew to Riyadh to meet with Ministry of Interior analysts. Later, Ghazzawi’s company showed the product to Prince Bandar bin Sultan, former Saudi ambassador to the U.S. and former head of the country’s intelligence agency, with the meetings “focused on the use of Snap Trends by the Saudi intelligence agencies,” according to the report.
Ghazzawi didn’t respond to requests for comment, but his company appeared to see potential in social unrest. “This is a test tweet for a customer presentation,” a sales consultant for Ghazzawi’s company wrote as part of a series of tweets that year. “Let’s try a tweet with some words and phrases we can use in a keyword search.” Among the terms selected were “rally,” “rise up,” “protest,” “insurrection,” and “boycott.”
The deal broke down when Ghazzawi failed to hit the sales thresholds. But according to an internal Snaptrends document, the company has continued to pursue the Saudi government. Its sales partner in that effort is Booz Allen Hamilton, the National Security Agency contractor that employed Edward Snowden when he revealed widespread government spying on e-mails and phone calls more than three years ago. Booz Allen declined to discuss its efforts in Saudi Arabia; a spokeswoman says it doesn’t comment on any potential or actual clients.
General Dynamics was also a Snaptrends reseller, but the relationship cooled, according to Klasson’s reports. By January 2015 legal staff at the defense contractor had instructed employees to stand down from Snaptrends partnerships in the Middle East. General Dynamics “has not sold any Snaptrends products or services in the U.S. or internationally,” spokeswoman Lucy Ryan says. Snaptrends declined to discuss dealings with any partners, citing confidentiality agreements.
Defenders of social media monitoring tools point out that the information being gathered has been posted publicly by users of social networks and carries no expectation of privacy. “The purpose of social media is to share,” says Phil Harris, CEO of Geofeedia.
Since its earliest days, Twitter has presented its mission as a noble one. “It didn’t matter where the line is or how angry any government became, because [the tweets] weren’t theirs to do with as they pleased,” said Biz Stone, a Twitter co-founder, in a 2014 interview with Public Radio International. “We always erred on the side of trying to defend and protect the people using Twitter, because we thought of Twitter as a way to foster the freedom of speech around the world.”
This has always been harder than Twitter makes it sound. People who broadcast controversial views, by definition, put themselves at risk of reprisal. Earlier this year, the company prohibited U.S. intelligence agencies from accessing its paid data products, citing its terms of service. But, unwittingly or not, it continued to provide data to companies that offered surveillance products that violated those terms. As this article was going to press—and after months during which Bloomberg Businessweek reporters unsuccessfully pressed Twitter to answer questions about its data business—the company cut off Snaptrends’ data access. “Our legally binding terms and conditions prohibit developers from allowing law enforcement and other entities to use Twitter’s public data for surveillance purposes,” Twitter said in a statement. “When developers violate our policies we have in the past and will in the future take appropriate action—including termination of access—where appropriate.”
It’s unclear whether the suspension of Snaptrends will prevent it from accessing Twitter data in the future. Twitter declines to say how many organizations are allowed to tap into its data, nor will it describe how it monitors those with access. According to a statement from Snaptrends, it’s “working with Twitter to develop a framework where all stakeholders are protected to the fullest degree.” The company notes that it never included paid Twitter data in its commercial offerings and says it intends to focus its future efforts on “brands, products, promotions, services, events, trade shows, etc.”
What is clear, however, is that Twitter hasn’t figured out how to make sure its data isn’t used by repressive regimes to harm or intimidate users, just as it hasn’t figured out how to stop harassment. This is more than an ethical dilemma: Twitter needs more users. It’s tried to bring more people in with a rejiggered timeline, a new section featuring curated news items, and streaming NFL games. None of these efforts has helped much. That may be because the new features aren’t compelling enough, but there’s reason to believe that part of the problem—maybe the core problem—is fear. If Twitter’s most passionate users are hesitant to express themselves openly, why should anyone?
“Right now, no one feels safe,” says Esra’a al-Shafei, a Bahraini activist. Before giving a talk at Twitter’s San Francisco headquarters in 2015, al-Shafei asked the audience not to tweet about her visit so she could avoid attracting attention back home. Bahrain’s ruling family, with the support of the Saudi military, has been cracking down on dissent since 2011. Al-Shafei says many of her friends have been jailed for off-the-cuff statements, and she worries that she’s one tweet away from being arrested herself. When one of her tweets goes viral, she often deletes it. “And I feel cowardly about it,” she says.
—With Max Chafkin, Wenxin Fan, Vernon Silver, and Sarah Frier