Spooks and techies to be vetted for their online networks
Who exactly is this smiley character?
Be careful who your online friends are, as they could well damage your career. That is the slightly chilling warning sent to us this week by a reader who works at a senior level providing IT support on a range of Government projects.
He writes: "I'm not clear on what the official line is on Facebook regarding vetting but we are being told to remove ourselves from social networking sites if we are going to Developed Vetting (DV or Positive Vetting) clearance. I think this is mainly because the interviewers are asking candidates to justify their relationship with everyone on their 'friends' list".
He adds: "Social engineering is a complicated art for the boys south of the river and I don't profess to understand all of their knowledge/paranoia. Next they'll be going through our address books. I understand they need to be cautious about who they allow access to top level information but I think there are better ways of establishing trust than this."
In one sense, this is nothing new. If you would like to work on a secure government project, expect your life to come under scrutiny: the more secure the project, the more intense the scrutiny; and at certain levels, your friends and acquaintances are bound to be called into question.
There are, however, two aspects to this process that should give pause for thought. First is the way we use sites such as Facebook, and the ease with which (some of us) click on the "friend" button for individuals who, in real life, we would never describe as anything more than casual acquaintances.
The sad news for anoraks is that research suggests that online promiscuity does not, in the end, lead to us having more friends than we would have in the real world.
How far do the Security Services take this into consideration? Do they downweight online friendship? Or do they take it at face value?
We put these questions to a number of government departments, including the Home Office, who are responsible for providing information about the activities of the Security Service (MI5). The not wholly unexpected answer, given in various shapes and guises, was: "We do not comment on security issues."
Second is the tendency for managers – and in this context, spooks are not very different from information managers - to use the tools available to them. A hot topic within the counter-terror community nowadays is "netwar", a form of social and political activism that is defined by the networked organizational structure of its practitioners.
Theory is closely followed by practice: statisticians are busy creating the theoretical framework for deconstructing network dynamics; and practitioners are turning the math into easily accessible tools. Just feed the data in at one end – and out the other will emerge some concept of network structure and the position of each individual within it.
While these are essentially mapping tools, using the links between individuals within a network to create a picture of the relationships between its members, tools that use transaction data can take matters a good deal further.
In 2008, a group of animal rights activists were found guilty of criminal activity in respect of Sequani Ltd, a company alleged to carry out animal testing. Two individuals received significantly longer sentences than the rest of the defendants on the basis that analysis of telephone call traffic – that is, who called whom, when, not what was said – suggested that they were the ringleaders.
Clearly there is a role for statistical analysis when it comes to crime detection, but it may be that the use of statistical techniques to determine guilt or innocence lies at the edge of what most people are comfortable with.
Speculation aside, the message is clear: what you put out on social networking sites can come back to haunt you. When it comes to vetting, it's not just the embarrassing pictures that matter; embarrassing friends – and possibly even friends of friends – may matter as well. ®