In the spring of 2022, I was sitting in my college apartment studying for an exam when I received a call from an unfamiliar number. Not thinking anything of it, I answered and was stunned to meet a Secret Service agent asking about an unsavory tweet I’d posted about former president George W. Bush four months earlier.
“When making that tweet,” asked the federal agent on the line, “were you talking about George Bush Sr. or George Bush Jr.?”
My eyes darted between the Detroit Field Office’s list of contacts on its website and my friend in my room, afraid that I’d be indicted on a federal crime at 20 years old.
“George Bush Jr.,” I responded. “Cause he’s still alive.”
It was unbelievable to me that a federal agent saw my old drunken tweet and considered it important enough to be investigated, much less to find my contact information and call me to confirm whether or not I was a threat.
Back then, I had an unhealthy relationship with Twitter. I’d hoped to grow an audience on the social media site so I could sell my Substack like my favorite internet micro-celebrities. But drunk one night, after arguing with my roommates about 9/11 and the unjust war in Iraq, I tweeted that George Bush should be dead, and I went to bed. It wasn’t uncommon for me to throw out inflammatory remarks. My roommates, usually more cautious and forward-thinking than I was, advised me to delete it. Ignoring them, I kept it up for reasons like ego and fallacious integrity. Four months later it came back to bite me.
While my college classmates and I were worried about the federal government interfering in the lives of everyday citizens, it’s not the only area of surveillance I should have been concerned about. Internet service providers and platforms like Twitter and Facebook all regularly moderate their service in ways that can either thrust users into the eyes of law enforcement or keep them safe from surveillance. That’s a distinction that’s often left up to those in power to make. Whether it’s a stupid tweet or a legitimate complaint depends heavily on who’s in charge of making that call.
“Governments in Iran and China are centralized and control service providers, or have very strict rules on who is operating them and how,” says University of Michigan computer science professor Roya Ensafi, founder of Censored Planet. “In a lot of other countries, though, service providers are commercial entities like Comcast and Verizon, so the government has to rule through policy to figure out how to implement censorship. Although it's different, the government always has a good idea of what the ISPs are doing,” she elaborates.
The US government isn’t usually inclined to release data on its own surveillance activities, but the American Civil Liberties Union, along with other similar organizations, have a mountain of data about the often racist and invasive activities of American intelligence agencies. Plus, social media companies have a long history of cooperating with intelligence agencies in gathering information on their users.
Unfortunately, my thought process wasn’t that complex when I suddenly had to talk to a federal agent on my phone about what I’d posted to Twitter.
“Can I take a second just to verify that you are, in fact, calling me?” I stammered out, recalling that I had a right to verify the agent’s identity–or perhaps call a lawyer before responding with anything that may be incriminating. An investigation by the Secret Service goes through the federal judicial system, after all. I hoped I didn’t need to pay for a fancy-pants federal defense attorney.
“Sure, but if you don’t call me back, we would have to show up to your address in Ann Arbor,” he replied.
I called the Chicago Field Office, as the Detroit Field Office was closed that day. “Hi, I’d like to request some information,” I said to the man on the phone.
“May I ask you why?” he asked.
What was I supposed to say to this guy? This wasn’t a FOIA request. I swallowed the lump in my throat and nervously capitulated. “I’m currently being investigated, and I wanted to verify that this agent works at the Detroit Field Office from this number before I give any information.”
The investigator checked. This agent did indeed work for the Secret Service. I called him back and was met with more dejected quasi-threats. He listed my father’s name and occupation, my (deceased) mother’s name and occupation, and my sister’s age. He dropped the first four numbers of my social security number before I told him I understood he was legit. As the debacle continued, I realized I’d accrued the equivalent of a seditious parking ticket.
“Alright, I’ve got no more questions for you. If you pull anything like that again, though, we will not hesitate to show up armed at your door. Can I call a friend to corroborate the information you’ve given me?” the agent asked. I obliged. I thought to myself that it was probably better not to let this thing escalate.
Returning from my exam later that day, I finally told my roommates what had transpired. They were surprised that all of my posturing and bloviating about the “Feds” actually came to bite me. I was embarrassed that I actually ended up in this situation.
When I told my father what happened, he was hysterical.“Is this going to cost you a job?” he finally asked. It was a good question. I wasn’t sure of the answer, and even though I hoped the whole thing was over, I had no way to know if I were on some kind of watch list going forward.
So was there any real way to monitor my digital footprint so I wouldn’t be targeted, or to keep myself safe in the future so this wouldn’t happen again? When I asked Ensafi, she brought up the General Data Protection Regulation in the EU, and California’s Consumer Privacy Act. However, both laws aim to make individuals aware of what commercial entities can and can’t do with your data, not what they can and can’t hand over to law enforcement or government bodies.
“I don’t know whether the day-to-day lives of Americans are affected by surveillance, but I can assure you that one thing we found in our VPN study was that vast numbers of users in the United States using VPNs think that they’re protecting their privacy and security from service providers,” Ensafi says. The presence of internet influencers advertising VPN software has long made me wary of how effective they actually were. Ensafi agrees.
“Years ago my students and I decided to look into the ecosystem through systematic investigation on how weak implementations are, how weak VPN services are, if they’re leaking DNS data or implementing a kill switch properly or not, as well as understanding users’ perspective better as to why they use VPN services. Do they know what a VPN actually provides? Where do they find VPNs from? They think VPNs are a tool to save the day, but that isn’t always the case.”
I know for a fact that a VPN probably wouldn’t have helped in my case. I have identifiable information publicly available, and a link to some other stuff in my Twitter profile and bio. But Twitter does hand over user information—usually at the behest of a subpoena, but other times whenever it chooses to. Take for example, the case of @PRGuy17. Twitter was ordered to hand over the user’s personal information by a court in Australia during a defamation case. That’s not even considering any actual data-sharing agreements the platform—or other platforms—may have for their own purposes, and who knows what the third parties do with your information.
VPNs are helpful, but they aren’t especially useful if you find yourself in my situation. One easy solution, of course, is to simply be careful what you say publicly, regardless of whether you’re identifiable or not. Another simple internet hygiene tip I recommend is to avoid suspicious users. I’m not joking. The FBI spends millions of dollars on user surveillance of social media. If it seems like a user is trying to coerce information out of you, especially that of the illicit kind, don’t comply. Don’t click suspicious links, either. These are viruses most of the time, but it’s not just scammers and con artists that set up fake websites to “honeypot” users and grab their IP addresses and other personal information. I don’t expect any of you to be criminals, but you can’t be too careful. If you absolutely must, use secure and encrypted messaging clients like Signal.
I still post opinionated takes on social media, and I try to use sarcasm and satire to comment on government surveillance and conspiracy theories. But I stopped joking about the demise of presidents. Do I know exactly how to avoid this in the future, or how to put a stop to it entirely? Not entirely. It’s hard to offer tips when your words are stuck between private companies and the global surveillance complex. I think I did the right thing by cooperating and trying to minimize the potential fallout from a drunken tweet. But what if the agent—or anyone who potentially reported my tweet—had more dirt on me, or had some kind of personal or political vendetta?
What I can say for sure is that it’s always good to be careful. I know now to watch what I say and only say things I truly mean. So, above all else, exercise caution. And remember that when you speak on the internet, you never know who’s listening.
