Sicurezza

Lessons that insurrection selfies hold for legitimate enterprises

The pro-Trump rioters who invaded the Capitol on January 6 came with smartphones to record and celebrate what they thought was a righteous effort to prevent president-elect Joe Biden from taking office two weeks later.

Now those electronic devices, along with the GPS data they generated, are being used to track the location of rioters within the building as federal law enforcement officials continue to make arrests and build criminal cases.

Among the acts being investigated: breaking through police barriers, smashing windows, and assaulting police officers and media members. Five people died including a Capitol Hill police officer who was bludgeoned with a fire extinguisher.

The rioters invaded offices, stole laptops and other items, smeared feces along the marble walls and floors erected a makeshift gallows, and hunted throughout the building for members of Congress and Vice President Michael Pence.

And they used their networked smartphones to record it all, taking videos and selfies, texting messages, and posting updates of their exploits in real time to social media. The result was a treasure-trove of GPS data that already has led to more than 100 arrests, with more to come.

“The Capitol, more than most buildings, has a vast cellular and wireless data infrastructure of its own to make communications efficient in a building made largely of stone and that extends deep underground and has pockets of shielded areas,” the Washington Post reported. “Such infrastructure, such as individual cell towers, can turn any connected phone into its own tracking device.”

(If only the president who “knows more about technology” than anybody had mentioned this useful information during his inspirational speech immediately before the assault on the Capitol!)

The other evidentiary problem for the Capital rioters was the poor coding and security used by Parler, the official social-media platform of the 2021 insurrection. A hacker using the online name “@donk_enby” scraped data from Parler before it was shut down. As Gizmodo reported, this data “offers a bird’s eye view” of Parler users’ actions during the storming of the Capitol.

“According to @donk_enby, more than 99% of all Parler posts, including millions of videos bearing the locations of users, were saved,” Gizmodo wrote. “Unlike most of its competitors, Parler apparently had no mechanism in place to strip sensitive metadata from its users’ videos prior to posting them online.”

The FBI is seeking GPS coordinates from 618 Parler videos as part of its investigation. There might have been even more evidence, but cell networks around the Capitol appear to have been overloaded, PCMag wrote.

There are lessons here for legitimate social media companies, the main one being that you should protect the identity of your users by stripping their posts of metadata. Another is that if you don’t enforce policies against users for inciting violence and overturning governments (not an unreasonable expectation!) you are likely to run afoul of companies such as Amazon, Apple, and Google that provide platforms for you to reach an audience. That’s exactly what happened to Parler; it was dropped by those three providers.

There is a lesson for enterprises, as well: Check out the security of you social-media providers. While the shortcomings like those of Parler are proving to be a boon for law enforcement, similarly lax providers could easily pose privacy problems for lawful businesses and their sensitive.

Individuals should also take note. Their social-media posts may contain time and location metadata they might want to excise in the interest of personal privacy and security.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.