Application security, Compliance Management, Network Security, Privacy

ACLU seeks Mass. police’s browsing history after tweet reveals possible monitoring of activist groups

The ACLU on Tuesday announced that it officially filed a public records request seeking the bookmarks and browsing histories of every computer at the Commonwealth Fusion Center of Massachusetts, after a seemingly innocuous tweet sent by the state police last month may have inadvertently revealed recent intelligence gathering activities.

Sent on Sept. 13, 2018 by the Fusion Center's MSP Watch Center, the tweet featured a screenshot showing an online map of local areas affected by a series of gas explosions in the Massachusetts cities of Lawrence, Andover and North Andover. But it also showed a series of web page "bookmarks" that a user had set via the Google Chrome browser, according to various news reports. And these bookmarks potentially provide some insight into the fusion center's browsing history and intelligence-gathering efforts, including possible targets.

This September 13 tweet from MSP Watch Center, later deleted, reveals several web pages that users at the facility had bookmarked. (Image sourced from the ACLU.)

The organizations whose websites were visibly bookmarked consisted of police watchdog and progressive activist groups, including Mass Action Against Police Brutality, Coalition to Organize and Mobilize Boston Against Trump (COMBAT), 413 Action, MA Activism, and Resistance Calendar. The bookmark bar also contained links to a surveillance drone company and a site about open-source intelligence techniques.

Shortly after posting the revealing tweet, the MSP deleted it and then posted a new image of the map, with the bookmarked websites cropped out. Later, the MSP reportedly released a statement claiming that they were monitoring these sites to prepare for any possible large public gatherings. However, "We do not collect information about -- nor, frankly, do we care about -- any group’s beliefs or opinions," the statement continued.

The ACLU hopes that the public records request will help shed light on the situation. "The best disinfectant is sunlight, which is why we filed this public records request seeking more information about the types of websites visited by state police employees assigned to the fusion center," said ACLU Fellow Nasser Eledroos in a blog post announcing the records request. "We look forward to reading their response and to more scrutiny of law enforcement surveillance."

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Related

GitHub search exploited for malware distribution

Malware-laced GitHub repositories using popular names and topics are being advanced by threat actors through automated updates and fraudulent stars meant to manipulate the leading software developer platform's search rankings as part of a new open-source supply chain attack, The Hacker News reports.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.