I happened to read the Community Care piece on social workers and social media this week. I think it is a good piece, it is here
But I mentioned on Twitter that this paragraph troubled me
3. But debates continue about the impact of social media on the confidentiality of service users, and how information shared publicly on social media should be used by social workers, says Birchall. “If a social worker visited a home and saw a dangerous person who should not be present in the family home, they would be wrong not to act on this, but if they looked at a service user’s profile on social media and found out the same information there’s a sense that this breaches the service user’s confidentiality, even though the information is public. There are strong feelings on both sides of the argument. It’s a new world and we’re just getting to grips [with it].”
I mentioned that this is in contravention of the published guidance about members of the State looking at the social media of members of the public (even where the social media is on public settings and open to anyone to view)
Not in any sense a criticism of the author, or Community Care – the guidance has obviously gone under the radar, but it is important
It seems that many people didn’t know about this guidance from the Office of Surveillance Commissioners
Extract from OSC Procedures & Guidance document
Covert surveillance of Social Networking Sites (SNS)
288. The fact that digital investigation is routine or easy to conduct does not reduce the need for authorisation. Care must be taken to understand how the SNS being used works. Authorising Officers must not be tempted to assume that one service provider is the same as another or that the services provided by a single provider are the same.
288.1 Whilst it is the responsibility of an individual to set privacy settings to protect unsolicited access to private information, and even though data may be deemed published and no longer under the control of the author, it is unwise to regard it as ―open source, or publicly available; the author has a reasonable expectation of privacy if access controls are applied. In some cases data may be deemed private communication still in transmission (instant messages for example). Where privacy settings are available but not applied the data may be considered open source and an authorisation is not usually required. Repeat viewing of ―open source sites may constitute directed surveillance on a case by case basis and this should be borne in mind.
288.2 Providing there is no warrant authorising interception in accordance with section 48(4) of the 2000 Act, if it is necessary and proportionate for a public authority to breach covertly access controls, the minimum requirement is an authorisation for directed surveillance. An authorisation for the use and conduct of a CHIS is necessary if a relationship is established or maintained by a member of a public authority or by a person acting on its behalf (i.e. the activity is more than mere reading of the site‘s content).
288.3 It is not unlawful for a member of a public authority to set up a false identity but it is inadvisable for a member of a public authority to do so for a covert purpose without an authorisation for directed surveillance when private information is likely to be obtained. The SRO should be satisfied that there is a process in place to ensure compliance with the legislation. Using photographs of other persons without their permission to support the false identity infringes other laws.
288.4 A member of a public authority should not adopt the identity of a person known, or likely to be known, to the subject of interest or users of the site without authorisation, and without the consent of the person whose identity is used, and without considering the protection of that person. The consent must be explicit (i.e. the person from whom consent is sought must agree (preferably in writing) what is and is not to be done).
So this is guidance to members of the State (such as social workers) as to when they can view social media without consent of the author or going to obtain Regulation of Investigatory Power Act (RIPA) authorisation in the form of a warrant from a Magistrate. (which they are highly unlikely to get)
If a parent has privacy settings, then the ONLY way to view it is with the person’s explicit consent OR a warrant under RIPA from a Magistrate. Anything else is an offence.
The guidance is VERY plain that using dummy or fake accounts to gain access to another person’s social media presence is ‘inadvisable’
The tricky bit is here
Where privacy settings are available but not applied the data may be considered open source and an authorisation is not usually required. Repeat viewing of ―open source sites may constitute directed surveillance on a case by case basis and this should be borne in mind.
(It’s not clear about where privacy settings are NOT available, but as Facebook, Twitter, Instagram and all dating websites have privacy settings, I don’t think this is going to come up very often. Maybe if the parent is posting a lot on Reddit…. )
What this says is that even where a person has no privacy settings on their social media and it is ‘open source’ – i.e available to anyone to go and look at, “REPEAT viewing of open source sites MAY constitute directed surveillance on a case by case basis” (and if it does, RIPA authorisation would be needed)
Note that
Amendments to the Regulation of Investigatory Powers (Directed Surveillance and Covert Human Intelligence Sources) Order 2010 (“the 2010 Order”) mean that a local authority can now only grant an authorisation under RIPA for the use of directed surveillance where the local authority is investigating particular types of criminal offences. These are criminal offences which attract a maximum custodial sentence of 6 months or more or relate to the underage sale of alcohol or tobacco.
And therefore, if in an individual case, the REPEAT viewing of open source social media by someone working for a local authority DOES count as directed surveillance, it will be unlawful. Because a Local Authority can only do this with authorisation, and the authorisation can only be given for investigating particular types of criminal offences (and the “we were doing it to prevent child abuse/drug misuse won’t cut it. Sale of cigarettes to children in a shop is the sort of thing that is okay for getting a warrant for directed surveillance – that sort of hidden camera thing)
And conducting unauthorised direct surveillance is an offence under RIPA. So serious stuff.
What’s REPEAT viewing?
Well, the guidance doesn’t say REPEATED (which implies multiple occasions) and my best guess is that REPEAT means what it says on the tin, more than once.
Any social worker that accesses a parents social media presence (even if they are available to the public) more than once, is at risk of committing the criminal offence under RIPA and having their actions potentially actionable in damages. Local Authorities are obliged to follow the guidance, they can’t just choose to ignore it.
During the Twitter discussion, some people felt that if a parent chooses to publish the material for the public (and doesn’t make use of the privacy settings) then they have effectively waived their privacy. They have, in so far as members of the public are concerned. Any member of the public can go and look at their social media presence.
But an agent of the State can’t do make REPEAT viewings of it, even if the accounts are open to the public. (and no, you can’t just take off your social work hat and put on your member of the public hat)
I look at it this way. The street outside your front door is open to the public – just like your social media account on no privacy settings. Anyone can stand in that street. If they stand there, they can see your front door, and if you don’t close your curtains, can see into your house. But if it is a member of the State doing that, they either need your permission or an authorisation to conduct surveillance without your permission.
It’s the same here – just because you’ve left your curtains open doesn’t mean that the social worker can stand outside your house in a public road and look through your window whenever they want.
As we can see from the case below, failure to obtain the evidence legally doesn’t make it inadmissible, and the family Court won’t be the place to punish any offence under RIPA (that will be a criminal court, boys and girls, so think on)
But I would imagine that representations would be made that if a social worker has made repeat viewings of social media, and not taken this guidance into account, that their assessment is tainted by this and their evidence should be viewed with caution. Whether or not Judges accept those representations is a different question.
Until there’s more clarity on this, given that it is a criminal offence, the advice must be ONCE without consent is as far as it is safe to go. I would also counsel against anyone immediately thinking “well, as long as I only do it once, there are seven workers in my team, so we can get seven bites at it” . If there’s even a tiny risk that what you are doing may be a criminal offence, don’t mess around with taking that risk.
If you get explicit consent from the parent “I’d like to look at your Facebook profile” “Yes, I agree to that”, then you are good. Otherwise, once is the only safe number.
There’s a tricky grey area where a parent has posted something they shouldn’t have done on social media and have been asked to take it down or something defamatory – how can that now be checked? I think the parent would have to consent. (or directed by the Court to produce evidence to show that the offending remarks have been removed)
suesspiciousminds 
I like the comparison with direct physical surveillance, but you could argue that much of social media is closer to publishing a newsletter describing what you’ve been doing.
I’d be interested to know what the legal position would if you regularly left copies of such a newsletter in a public place, or stuck on a public noticeboard. Would it then be okay for a state agent to regularly check without a warrant?
What about if you published a daily column in a national newspaper?
I think that it is very clear there that the person has no expectation of privacy – my thinking on this guidance is that (a) a user of social media might not have understood how to set the privacy settings or (b) as the sites tend to do, when the site updates they reset all your privacy settings to open access and the user may not have realised – so it is not safe to assume that just because a person’s social media is open source that this was what they intended.
As I said to Sarah, if I write you a postcard, the postman is ABLE physically to read the message that I’ve written for you, but I’d still be very unhappy to open my front door and see a postman standing there reading the contents of postcards.
I think social media is more like a group of friends chatting away in their own garden or in the pub and that they would willingly talk to a friendly person and allow them to join in that passed by their garden or who joined in with them in the pub. They wouldn’t however like someone who was eavesdropping in on them by hiding behind a fence or through twitching curtains or behind a nook in a pub, never mind someone sat in a police car with listening equipment taking down notes of the conversation.
This is a very important article.
I know of parents that have been seriously stalked by some SWs on Facebook.
I’m sorry but I’m not redacting or moderating my views on this piece as I usually do ……. and believe me i moderate ALOT of my comments an EXTREME amount in comparison to what id like to say
What a total load of shi* if that’s the case it’s illegal to gather information from Facebook why have I got 3 full cases relating to 5 kids that comprise of several bundles of Facebook print outs alone despite my accounts being locked down tighter than the proverbial nuns c**t why were they allowed to do it by high court judges AND lord justices ????
By all means I don’t care what they use not like anything relating to my children could be viewed negatively but given that my reference to c**t H and that I aired my views on the corruption I faced was predominantly their basis for their continued forced separation of my family under the bs guise of playing lip service and disrespecting authority (truth hurts cry me a river if I hurt you feelings by highlighting your crap I’m more than willing to work with people that work with me lies and games involving my family aren’t appreciated) why then has this legislation been allowed to be openly disregarded????
Are they now saying peoples cases where information was solely gathered off Facebook like mine should be re heard ???
Raging at this utter tosh that las up and down the country ignore daily and have done for years its nowt but another legislation they’ll flout
Stella xx
I obviously don’t know the details of your case, but I don’t think the guidance is saying it is illegal to get information off social media, rather that appropriate permissions have to be sought and gained (not from the person being investigated, rather from someone with the authority to grant permission for surveillance).
Is it possible they have gained the required authorization in you case?
If not, then it does sound like an illegal action on the part of those involved…
It wasn’t, before this guidance. So if it was more than two months ago, it wasn’t considered as directed surveillance or potential directed surveillance then.
I have been asked what the criminal offence might be. I am NOT a RIPA lawyer, so this aspect is not professional legal advice (and in fact, I’m not giving legal advice to ANY of you, if you need it, you should get it from someone who is advising you specifically)
But my four-pennorth
s11 Investigatory Powers Act 2016 (depending on whether you count a website hosting people’s social media as a telecommunications operator)
S261 “Telecommunication system” means a system (including the apparatus comprised in it) that exists (whether wholly or partly in the United Kingdom or elsewhere) for the purpose of facilitating the transmission of communications by any means involving the use of electrical or electromagnetic energy. [Yep, I think that counts]
“Communication”, in relation to a telecommunications operator, telecommunications service or telecommunication system, includes—
(a)anything comprising speech, music, sounds, visual images or data of any description, and
(b)signals serving either for the impartation of anything between persons, between a person and a thing or between things or for the actuation or control of any apparatus. [Yep]
s11
Offence of unlawfully obtaining communications data
(1)A relevant person who, without lawful authority, knowingly or recklessly obtains communications data from a telecommunications operator or a postal operator is guilty of an offence.
(2)In this section “relevant person” means a person who holds an office, rank or position with a relevant public authority (within the meaning of Part 3).
(3)Subsection (1) does not apply to a relevant person who shows that the person acted in the reasonable belief that the person had lawful authority to obtain the communications data.
(4)A person guilty of an offence under this section is liable—
(a)on summary conviction in England and Wales—
(i)to imprisonment for a term not exceeding 12 months (or 6 months, if the offence was committed before the commencement of section 154(1) of the Criminal Justice Act 2003), or
(ii)to a fine,
or to both;
AND NOTE that if I am right about that being the offence (and I may not be, I’m not a criminal lawyer or a RIPA lawyer) then the offence is against the PERSON who committed it, not the agency. So the social worker, not the LA.
You are right but as they do this as an agent then the agency can be liable too. It depends on a number of factors, do they have a compliant policy are others involved or aware, is a blind turned.
It is not as simple as just the person. In criminal and tort law an agency can be liable for the actions of an agent because they act for the agency. Of course in context there would be a difference between private snoop and clearly information being used in proceedings as that needs others involved like manager and legal department etc.
Yes, there are various actions in civil proceedings for breach of statutory duty, and those would be against the agency. I’m not quite sure whether there’s a Data Protection issue too – it does seem to be an act of processing information about an individual, so there’s that potential route.
I looked at this sort of issue in many areas, acts that there is no authority for and found the most effective approach is to preaction notice for writ of mandamus after asking for issue to be addressed and it is ignored.
I do that with issues specified against individual and agency in a drafted application.
The mandamus itself tends to get the required attention and of course if not it is a high court matter that is faster than JR including emergency exparte if needed.
And they are a simple application.
The great thing is as they are a QBD jurisdiction they do not go up the chain 1st and cross cut civil and criminal law, doing something that should not be done or not doing something that should be done.
I have never had to issue one as it sends the Willie’s up most authorities.
I use them sparingly though.
I have even done one in Australia and the judge involved went very pale and immediately modified her behaviour.
Yes… But there are also cost risks in a JR if it gets that far. What’s the name of your RIPA officer and do they know about this will also scare the naughty person off
Yes JR has that issue which is why Mandamus is less problematic because it is not so broad
IPA officer nice I like it
Perhaps a memo to all local authorities up and down the country, because they’re still doing it
Well now most of their legal depts and principal social workers and iros know…
Maybe I should have said a ‘reminder memo’
What about information gleaned whilst watching Jeremy Kyle…. Tricky to use the information though, as you would have to admit that you have been watching Jeremy Kyle.
The shame, the burning shame. But no element of covert there
Reblogged this on | truthaholics.
I’m struggling to understand this theory from the guidance that a single viewing of open material is fine but multiple viewings become directed surveillance. Surely it has to be one or the other.
As soon as you start typing the name into the search bar for the first time, you are directing your efforts towards that individual in the hopes of learning something. It’s not a chance encounter.
Doing that must either be unlawful directed surveillance or lawful open-source research but it feels like a bit of a cop-out to say “it is unlawful, but you get one freebie”.
Not sure I quite follow that logic either, but the guidance just says “repeat”
Perhaps once is enquiry, more than once could be stalking, harassment, abuse of powers etc ?
The guidance is exactly that,it’s guidance. I stopped counting years ago how many agents of the state, I have told that guidance is guidance and policy is not necessarily law, from both sides of the fence (not as a SW )…. If as an agent of the state you direct surveillance at a member of the public, then that is what you are doing, if you do it once or a thousand times it’s still the same thing. but the state always likes to give its self room to maneuver , just bring a private prosecution if a SW looks at your social media once without authorisation and see what happens..
It’s simple I can walk past your house, but if I loiter it’s a potential issue.
Once on FB could be argued as chance, twice not.
But social workers do sit outside people’s houses monitoring them, that much is certain
If they are doing that without a RIPA authorisation, they are taking a big risk.
They take the risk of being caught out lying, falsifying reports, changing names, DOB, sending private information to the wrong person all the time, many feel so untouchable that their perspective is, with no consequences it’s not really a risk at all
can any one give me there opinions on this then, a social worker went to a police station and asked a police officer to look up my daughter profile on facebook, around eighty pages were apparently printed off and then submitted to a court (family court)
the police have stated that this did happen the only thing is the facebook pages that were submitted were all cut and pasted dates were omitted, this was not printed off as how they stated it was, it would off took them a long time to individually cut and paste every page. also the police stated that this took place on a certain date but on the print out it was 4 months later,
facebook was not the only social media that was submitted, they also had a diviant art page of my daughters (50 pages, again all cut and pasted the police were not told of this media by ourselves , they only have mentioned the facebook pages. beause we had made a compliant about my daughters facebook being hacked and that was art of the evidence, we suspect the social worker(court welfare officer) of doing this, which is in the process of being investigated .
when making a complaint to the SW head off department, she also stated that he showed her how he could look a my daughters pages, through there work computers
any help would be greatly accepted,
the SW tried to used as evidence that my daughter was a drug user and alcoholic, the judge even said there was nothing in the pages to suggest she was but the allegations are still on court record for the moment.
It depends when that happened. If before the guidance not anything can be done. If after, worth seeking your own legal advice
Reblogged this on World4Justice : NOW! Lobby Forum..