Chris Sumner on Twitter tracking at Hacks/Hackers London

Sadly I didn’t get the chance to go to October’s Hacks/Hackers London gathering - but it did at least remind that I was yet to publish my notes on the talks that had been given at September’s event. Rather belatedly last week I posted about Wendy Grossman’s talk on the early years of the internet and the battles over copyright and astroturfing that involved the contentious Church of Scientology.

Today, here are my notes from Chris Sumner’s talk about using tools to map social networks across the web, and what that means for information security and digital journalists.

Chris Sumner at Hacks/Hackers London

“Does anybody use Twitter here? Ok, everyone” was how Chris Sumner opened his talk at Hacks/Hackers London about information security and what he called “Social networking special ops”. By day he is a corporate information security officer, by night he is some kind of data ninja interested in data analysis and data mining. He gave us a glimpse into the fertile and sometimes disturbing world of the amount of evidence people leave casually on the web about their day-to-day existence.

A chunk of the talk from Chris was given over to data-mining skateboard legend Tony Hawk’s annual treasure hunt. He eventually mined a load of data from the event and produced some maps using, he says, “Paterva’s fantastic Maltego product, some hideous Perl script and some spreadsheet print outs with a pen and paper”. Hideous Perl scripts you say? I’m hooked on the story already. Anyway, rather than write-up my notes on this section I can just point you to the essay on Chris Sumner’s blog - “Data Mining Tony Hawk’s Twitter Hunt with Maltego”. I did, though, make the following line in my notes worth sharing:

“Seriously, he is doing investigative journalism and source-checking in the medium of code. Which is possibly Perl.”

Chris also said he was wiling to share the code - which is perhaps where the analogy with investigative journalism breaks down, since the possession and retention of the secrets of the contact book is the nearest equivalent to the code.

Another interesting section from Chris was about tracking down people with links to 419 scams. These people were clearly up to mischief, but his over-riding theme, though, was to warn us all about the actions we are performing on the web. He said there is an incredible air of people walking around thinking they have nothing to fear, because they have nothing to hide - when it probably isn’t true.

(I’ve seen this first-hand thanks to Nicola Hughes doing some digging around my activity on the web on a big screen in front of the Guardian’s tech team, and proving that the electronic audit trail from followers of @currybet to lesbian midget pr0n was entertainingly short.)

I think there is an important lesson for journalists here. There are a lot of tools out there that will track and map your social connections on the web. They provide a great opportunity to uncover stories and uncomfortable connections. But those tools can also be used against journalists. Are you unwittingly betraying your sources and tip-offs with your social media activity? Chris Huhne’s miss-tweet the other week made it fairly easy to deduce who he might be given off the record briefings too because a DM from him could only go to people he followed. In Western democracy the consequences may only be mild embarrassment - but what about when we are using social media material from places with repressive regimes? Are we putting these people, and their social media connections, at risk - in a way that we would never do with “traditional” source material? It was definitely food for thought.

Next...

Later this week I should have write-ups of two brilliant talks from London IA by Ben Bashford and Jonty Sharples. In the meantime, you might want to catch up with the live blog of the Guardian Hack Day that I was editing on Friday.