(NOTE) This article is not intended to be an intellectual analysis of the industry, it is published as a time marker to show where the industry has been, where it is today, and where it may be headed, in our opinion.

What is Social Media Surveillance?

In a nutshell, Social Media Surveillance is the practice of locating and harvesting public online content written by a Person of Interest (POI) in their social media profiles. Content includes photos, text, messages back and forth between this person and their friends, as well as content referenced on friends’ and family members’ profiles.

A (brief) History of the Practice

Social Media Surveillance originally emerged around 2010 as an offshoot of traditional physical surveillance. At its beginning, the only companies performing this kind of search were ex-law enforcement and active-duty officers, looking for activity that would allow more precise targeting for their physical surveillance efforts. The purpose for Social Media Surveillance was, therefore, to place officers or investigators strategically throughout the geographic area to prevent or document illicit activity.

Eventually the court system saw the potential in the data itself, and legislation was created regarding the practice of searching for and capturing social media data, allowing it to be used in its natural state in court.

As the court became more involved, the burden of proof for data harvesting and chain of custody intensified. At the same time, the number of people attempting to harvest data ballooned. Claims adjusters, internal SIU departments for insurance companies and TPAs, beat cops, ex-police officers, surveillance companies, and employers all started launching fake social media profiles and performing searches. The result was a mass “throwing out” of data submitted in court cases due to improper attribution of the data, lack of meta data preservation, and even mis-identified POIs. Sad but true, the content submitted to court was often the content of an unrelated person who had the same name and “sort of looked the same” as the POI.

It was around this time that we launched Fraud Sniffr, Inc in response to this unstructured data harvesting landscape. We were created by a team including a veteran claims adjuster/manager, a data analyst, social media expert, and database expert. Our goal was to solve the problems of POI mis-identification, data storage, data proliferation and target spoliation. Our intent was to provide the ultimate solution to Social Media Surveillance for the industry.

What is Social Media Surveillance doing today?

To be honest, the state of the industry is a full-on land-grab. Or should we say, revenue grab? TPAs and internal SIU departments see Social Media Surveillance as a revenue source that is so easy “anyone can do it.” It’s penny wise and pound foolish — they earn a fee for completing a search, but if the search misses content, or locates the wrong POI, it costs the organization in penalties.

Internal training is often performed by someone who “seems to be pretty good at this stuff”, although they do not have any POI identification standards, data authentication, or data management training.

We are concerned for the practitioners within this industry, because there is currently only minimal training with regard to how to properly store or create chronology with the recovered content. We see adjusters harvesting information via their personal cell phones and emailing that content to their work email addresses while logged into social media. We see SIU fatigue where an identifiable POI is listed as “not able to be found”. We see PDF reports generated for court that do not include post URLs or Metadata. There is room for standardization and consistency.

As long as the industry continues to focus on the initial cost of an investigation, the potential exists for continued claim losses, due to incomplete, incorrect, or inconclusive data recovery.

Add In Cambridge Analytica and GDPR…

This Facebook and general data “wake up call” to government and users alike was surprising only in its timing. Data collection, repurposing and sharing had reached such standards that a breech was inevitable, although no one was sure just when it would happen.

The response to the breech primarily affected advertisers and advertising practices. However, some spill over affected searchers as well: Facebook closed several identification loopholes such as the ability to search for POIs using their phone numbers and email addresses. They disorganized their search function, and scrambled date chronologies for posts in search results. Searching using time tested methods changed overnight. Thankfully our teams at Fraud Sniffr do not use those tactics for search, and our results have been largely unaffected. We use the public database functions within Facebook to assemble data about POIs.

We have also noticed changes in Google+, Maps, Adwords, Linked In, Twitter, Instagram, MySpace, and many other social media venues – we see new privacy statements and changes in way their search functions. We anticipate more changes in the months to come, and we are following the nature of the changes in order to build work arounds.

One very important feature of GDPR that bears note, and that is the requirement for data deletion. GDPR indicates that users should be able to delete their data on request. At Fraud Sniffr we proactively take this requirement one step farther by destroying all records using delete/destroy scripts on our servers upon conclusion of the POI investigation. In this way we protect our clients from any potential GDPR violations.

A Glimpse of the Future:

We see social media venues protecting users’ privacy more and more. Social Media Surveillance will stop being perceived as something that “just anyone” can do well.

We already see browser plugins and phone apps that identify all visitors to all social media profiles, so the POI may eventually be able to see Social Media Surveillance searchers viewing their profiles. Fraud Sniffr has developed technology that cannot be detected by these technologies.

Plaintiff Counsel will also begin looking more closely at new legal methods for throwing Social Media Surveillance reports out. Several technicalities already exist that can invalidate social media findings, surely more will be added. This puts the burden of meeting legal standards for proving chain of custody, data harvesting methodology and authentication squarely in the purview of the searcher.

We anticipate the industry will realize that Social Media Surveillance departments within SIU will need advanced, specialized training. They will also realize that a discrete data storage solution is needed instead of just emailing everything to the adjusters and storing static PDF reports on the corporate server.

We also believe that the practice of ongoing monitoring will become critically important. Looking at a POI once and then retiring the file will not be considered useful. Social media content will start being integrated into overall claims health dashboards as a primary flag for non-compliant behavior throughout the claims process.

We have several other predictions, but this article is already getting long. The Social Media Surveillance industry is in its infancy. Expect rapid and amazing changes in the next five years, and a total system integration in ten years.

###