As the election draws closer, the outcome seems increasingly less certain. Will there be a peaceful transfer of power, or will chaos erupt as one or both major party candidates refuse to accept the results? Many people on each side of the country’s partisan divide are worried about some form of blowback or retaliation — from angry fellow citizens, or even from the government — should the opposing team take power.
This fear has members of some private and public Facebook groups — especially prepper groups — worrying about their online political footprint. Preppers in threads viewed by The Prepared are openly contemplating “going dark” after November 3 by shutting down their social media accounts and/or scrubbing their profiles.
But how realistic and effective is this emergency post-election plan, in the era of “big data” and pervasive private- and public-sector surveillance of online activity? Is there really any need to worry about the government looking at your social media accounts? And if there is, when you delete those politically charged posts, what actually happens to them? Are they gone, erased, disappeared, inaccessible to prying eyes?
The answers are complicated. Let’s dig in.
US law enforcement turns to Big Data
This September, “unicorn” technology firm Palantir became a publicly traded company at a hefty valuation of about $15 billion. Palantir’s customers have so much data that they don’t know what to do with it, so the company offers the tooling and expertise to make that “big data” useful.
High-profile clients include the US Army and various municipal police departments, alongside other large organizations that have something to gain from combing through reams of records.
Palantir CEO Alex Karp used his company’s IPO prospectus to briefly acknowledge the dangers of turning an advanced digital surveillance apparatus on American citizens, stating, “The ethical challenges that arise are constant and unrelenting.” But the market nonetheless gave the IPO a big thumbs-up, with investors bidding up the shares on the premise that these internet-age changes are the future of law enforcement, whatever misgivings the public may have.
So US law enforcement is buying into online data mining in a big way, and whichever political party is in charge next year will control a domestic security apparatus that will make extensive use of online activity for identifying and evaluating threats of different kinds. How worried you should be about this depends entirely on how much you trust those in power, and on what kinds of things you’ve been doing online.
Facebook never forgets
You might think just deleting your posts and/or your entire social media account will keep you safe. But that isn’t quite the quick fix it seems at first glance.
Consider Facebook’s deletion policies. Facebook is the most-used social media platform in America. The company describes its practices in a straightforward manner: “When you choose to delete something you shared on Facebook, we remove it from the site. Some of this information is permanently deleted from our servers; however, some things can only be deleted when you permanently delete your account.”
The account deletion FAQ explains that after 30 days, a deleted account and the content posted by it are no longer accessible to the (former) user, nor to fellow Facebook users. However: “It may take up to 90 days from the beginning of the deletion process to delete all the things you’ve posted.” Furthermore: “Copies of your information may remain after the 90 days in backup storage that we use to recover in the event of a disaster, software error, or other data loss event. We may also keep your information for things like legal issues, terms violations, or harm prevention efforts.”
Facebook’s Data Policy document elaborates on this topic without adding anything of substance. Nowhere is “delete” or “deletion” defined concretely or specifically. Meanwhile, the company’s own documentation demonstrates that its usage of the term is not merely imprecise but inconsistent. Will your information be erased in 30 days, 90 days, or never?
Other companies that provide similar services are much the same, not least due to the technical inconvenience of genuine, thorough deletion. Even a toothy privacy law like GDPR doesn’t change the vagueness of what it actually means to delete something, since backups are exempt (to a degree) from the “right to be forgotten.”
Unfortunately, “leave no trace” is wishful thinking — even naivete. It is easier for tech companies to mark information as being disqualified from public display than to actually remove the data from their own storage facilities. Your posts don’t go off to a Great Database in the Sky, they stay in the regular database, helpfully described as having been deleted while remaining accessible — provided some interest and effort — to the company and anyone it lets in.
Tech companies will hand over your data, “deleted” or not
Why does it matter whether deleted posts still exist in some remote database? Well, when governments come knocking, tech companies open the doors. They have to in order to continue operating. You may think you’re legally protected from this kind of prying, but you’re almost certainly wrong.
The text, spirit, and jurisprudence behind the Fourth Amendment did not deter invasive attacks on journalist Barton Gellman after he reported on the Snowden leaks, nor did it avert the unconstitutionally all-encompassing surveillance that Edward Snowden uncovered in the first place. Snowden himself is a divisive figure, but the revelation and subsequent scandal of the NSA’s PRISM dragnet transformed a whole genre of supposed paranoid raving into documented fact. The chatter around the program has died down, but it never ended — rather it was renewed in early 2020.
Perhaps you’ve heard of national security letters. Since the 1980s, “the FBI has issued hundreds of thousands of such letters seeking the private telecommunications and financial records of Americans without any prior approval from courts,” according to the Electronic Frontier Foundation, a nonprofit which monitors and combats technological threats to civil liberties. “NSL statutes also permit the FBI to unilaterally gag recipients and prevent them from criticizing such actions publicly.”
With an NSL, then, the government can lawfully get your data from a platform without you knowing anything about it.
So if you’re concerned about repercussions for the messages you’ve already posted or sent on social media, then while “deleting” them may hide them from randos online who wish to do you harm. But the government can almost certainly get your past messages if it really wants.
On the bright side, should things get really bad one way or the other in the US, you are probably too insignificant to be worth pursuing.