The Federal Bureau of Investigation is recommending police officers use web browser extensions created by online privacy advocates and opt-out from data brokers to protect themselves and their families, according to documents released by the DDoSecrets transparency collective.
“Digital Exhaust Opt Out Guide for Law Enforcement Partners and Their Families” is a 354-page guidebook that provides police officers with suggestions on how to minimize the “potential for threat actors to identify, target, and track anyone affiliated with Law Enforcement via use of open source, Internet-based services offering searches of data aggregated about the American public.”
The guide appears to have been created between September and October 2019, and was shared among law enforcement agencies through the secretive Minnesota Fusion Center at the Minnesota Bureau of Criminal Apprehension in the days following the police killing of George Floyd in Minneapolis, according to communications and logs contained in the widely-shared BlueLeaks dataset.
The FBI publication includes suggestions to use a standalone email address for law enforcement officers’ personal Facebook accounts and to disable facial recognition features. It provides tips on how to identify fake LinkedIn accounts which might “give cyber criminals or Advanced Persistent Threat actors access to important and powerful information” about police. And it provides a guide to deleting Amazon Alexa voice recordings, disabling iPhone applications’ access to contact book data, and suggests turning off the recording of location data in camera phone EXIF metadata.
“These preventative measures are simple enough to employ and operate safely in everyday life, both physically and online, while comprehensive enough to deny spectrum access to threat actors who could gain important operational advantages at the expense of you – a Law Enforcement employee – or your family,” the guidebook says.
Minnesota Fusion Center records show that state law enforcement also suggested that Minnesota police officers freeze their consumer credit reports, internally distributing an excerpt on the topic from the book “Extreme Privacy: What It Takes to Disappear.” The agency also distributed “A Guide to Doxxing Yourself on the Internet,” training material created by The New York Times’ information security team in February 2020 “for freelancers, activists, other newsrooms or people who want to take control of their own security online.”
Also included in the BlueLeaks tranche of documents was a Minnesota Fusion Center bulletin titled “Social Media Security for Public Safety Personnel,” which was originally created in April 2020, but updated and distributed to Minnesota law enforcement agencies on June 4, 2020.
The document says that “criminal actors” may use people-search websites, real estate listings, property tax records, and government meeting minutes to “facilitate doxxing.” It includes a guide to removing home photographs from real estate listing websites, and recommends law enforcement personnel untag themselves in photographs on Facebook as part of a goal of “minimizing indicators of your public safety affiliations.”
“Remove any content from your social media accounts that reference your involvement or affiliation with the public safety sector,” the briefing says. “This will help you ensure no posts or photos affiliating you with public safety are posted online without your consent. Although it is not foolproof, it will assist in lowering your risk.”
Asked for comment, Jill Oliveira at the Minnesota Department of Public Safety said “Thank you for the offer but we’re going to pass at this time.”