Homeland security is increasing the use of undercover techniques to infiltrate and interact with social media users in order to collect intelligence and target individuals, documents leaked to me reveal.

The new program, called “masked engagement,” allows homeland security officers to assume false identities and interact with users—friending them, joining closed groups, and gaining access to otherwise private postings, photographs, friend lists and more.

A senior Department of Homeland Security official tells me that over 6,500 field agents and intelligence operatives can use the new tool, a significant increase explicitly linked to more intense monitoring of American citizens.

For years, homeland security has been conducting what it calls “Open Source Intelligence” (OSINT) collection, using social media to enhance general "operational awareness” and for investigating targets in a criminal, civil, or administrative context. Each DHS component defines the level of use, which were previously limited to the following practices (defined below):

• “overt engagement”

• “overt research,”

• “overt monitoring,”

• “masked monitoring,”

• “undercover engagement”

Masked monitoring allows officers at agencies like ICE and Border Patrol to use alias accounts to passively observe public online activity. Crucially, this level of monitoring bars DHS representatives from interacting with other users directly. Under masked monitoring, officers are not allowed to ask an admin for entry into a private group or to “friend” a target to see non-public posts.

But with masked engagement (separate from masked monitoring), that firewall has now been dismantled. The only restriction imposed on masked engagement is that DHS officers not the threshold of “substantive engagement”—a term the rules leave conveniently ill-defined.

The new practice of masked engagement allows for operations where a federal government employee or contractor uses fake identities or credentials that conceal their official affiliation. It is a step down from “undercover engagement,” a highly controlled status that is only allowed on a limited and intermittent basis.

You can compare the old vs. new DHS policies in the two screenshots below.

A Customs and Border Protection document I obtained, titled “Component Plan for Operational Use of Social Media,” defines the shift:

“The Operational Use of Social Media using identities or credentials that...conceal a government affiliation, to engage with other users on a limited basis for the purpose of accessing Publicly Available Information...For example, Masked Engagement would include logging in to social media and joining a group, or friending, liking, or following an individual.”

By labeling this a “middle ground” between monitoring and full-blown undercover work, the DHS allows agents to infiltrate private digital spaces without the rigorous internal approvals and legal checks required for a formal undercover “sting.”

“CBP’s expansion into what they’re calling ‘masked engagement’ is cause for real concern, Rachel Levinson-Waldman, Director of the Brennan Center’s Liberty and National Security Program, told me when reached for comment.

She added: “this new capability is being shoehorned in one step below undercover engagement (which already allows for a lot of overreach), it appears CBP believes that friending someone, following them, or joining a group is not as invasive as directly engaging or interacting with individuals.”

Levinson-Waldman called the policy is “insidious” because it might seem to the federal government that it is not particularly invasive, but could yield huge amounts of information about one’s social network and preferences. And all of this would be happening imperceptibly to anyone in a group chat, unaware that the information is even being shared.

“In addition, doing so through an alias account—an account that doesn’t reveal the user’s CBP affiliation, and pretends to be someone else—will weaken trust in government and weaken the trust that is critical to building community both online and off,” she added.

When I pressed the DHS’s spokesperson for specifics like when masked engagement was first adopted and how it defines the restriction on “substantive engagement,” they retreated into the administration’s usual swaggering non-response.

“DHS has utilized its Congressionally directed undercover authorities to root out child molesters and predators for years,” the DHS spokesperson (no name included—fitting, I suppose, for a story about masking) told me in an email. “We will continue using every tool at our disposal to protect the American people as our agents and officers Make America Safe Again.”

The “tools” they’re referring to are increasingly sophisticated. The document that first flagged “masked engagement” for me was produced by Silo, a cloud-based web isolation platform created by Authentic8.

Silo is like a digital mask for federal agents operating on social media. It allows them to browse the web from an “air-gapped” remote server, masking their government IP addresses and spoofing their hardware profiles. To a Facebook admin or a Signal group moderator, the federal agent appears as a local user with a standard smartphone. This technical capability, called “managed attribution,” ensures that while the agent is “engaging” with you, the government’s digital footprint is completely invisible.

According to documents I’ve reviewed, homeland security is using other commercial and proprietary apps and software to conduct managed attribution monitoring, with codenames like GOST, Shadow Dragon, Gecko, Jemini, Axis, and Creepy, which has to be my favorite.

Creepy!

Sources tell me that DHS has already used masked engagement to infiltrate pro-Palestinian groups in the U.S. and to building databases of potential transnational criminals amongst Mexican and Mexican-American communities.

“Open source monitoring has become so ubiquitous that we even have databases of identities used by the department to track our own online engagements,” the senior DHS official also told me.

“Yes, we have safeguards against violating people’s privacy, but masked engagement is just the first step in breaching people’s privacy settings in ways that they are not even aware of.”

Leave a comment

Share

— Edited by William M. Arkin