Facebook Security Keeps a Detailed 'Lookout' List of Threats, Including Users and Former Employees, and Can Track Their Location

An anonymous reader shares a report: In early 2018, a Facebook user made a public threat on the social network against one of the company's offices in Europe. Facebook picked up the threat, pulled the user's data and determined he was in the same country as the office he was targeting. The company informed the authorities about the threat and directed its security officers to be on the lookout for the user. "He made a veiled threat that 'Tomorrow everyone is going to pay' or something to that effect," a former Facebook security employee told CNBC. The incident is representative of the steps Facebook takes to keep its offices, executives and employees protected, according to nine former Facebook employees who spoke with CNBC.

The company mines its social network for threatening comments, and in some cases uses its products to track the location of people it believes present a credible threat. Several of the former employees questioned the ethics of Facebook's security strategies, with one of them calling the tactics "very Big Brother-esque." Other former employees argue these security measures are justified by Facebook's reach and the intense emotions it can inspire. The company has 2.7 billion users across its services. That means that if just 0.01 percent of users make a threat, Facebook is still dealing with 270,000 potential security risks.

[...] One of the tools Facebook uses to monitor threats is a "be on lookout" or "BOLO" list, which is updated approximately once a week. The list was created in 2008, an early employee in Facebook's physical security group told CNBC. It now contains hundreds of people, according to four former Facebook security employees who have left the company since 2016. Facebook notifies its security professionals anytime a new person is added to the BOLO list, sending out a report that includes information about the person, such as their name, photo, their general location and a short description of why they were added. In recent years, the security team even had a large monitor that displayed the faces of people on the list, according to a photo CNBC has seen and two people familiar, although Facebook says it no longer operates this monitor.

You can check out anytime you like

[Anonymous Coward]

,but you can never leave.

Re: Who's on first?

[Type44Q]

... when the Revolution comes?

Finding the real threats among the noise?

[shanen]

On the one hand, I sort of approve of tracking the threats, but on the other hand, who appointed Facebook gawd with the secret inside knowledge of who is and is not a REAL threat that deserves to be tracked?

Actually, it is quite conceivable to me that Facebook has a high-dimension personality profile of each identity. On that basis they might actually have some real basis to know who is actually dangerous and who is just a noisy fool looking for attention. If that hypothesis is valid, then why doesn't Facebook take the next step of discouraging the noisemakers to make it easier to focus on the actual problems?

Facebook will NEVER do it because it would require sharing some of the personal information they've collected on us. They'd have to share it WITH us, and heaven forbid that much honesty. It might reduce the value of OUR personal information that Facebook is hoarding.

Just joking on the theory that Facebook could be more valuable, but it would waste less of my time if the trolls and sock puppets were helped in rendering themselves invisible. (ADSAuPR, atAJG.)

Re:

[drinkypoo]

On the one hand, I sort of approve of tracking the threats, but on the other hand, who appointed Facebook gawd with the secret inside knowledge of who is and is not a REAL threat that deserves to be tracked?

The users that gave away their private information.

Who freely chooses to use Facebook?

[shanen]

Are you trying to claim that the consent was informed? If so, I dismiss you as some sort of Libertarian. If not, then it is possible we have some underlying agreement on at least some aspects of the problem.

Potentially a distracting topic, but I mostly don't waste time with Libertarian BS these days. Last Libertarian-slanted book was Nudge , which was basically a paean to clever manipulation of the suckers for their own good.

Though I have basically started avoiding Libertarians in recent years, back when I

Re:

[drinkypoo]

Informed? Not by Faceboot. But by the hundreds of articles on the subject of their ubiquitous tracking, spying, etc. And by "the users" I don't mean only the direct provision of information by users themselves, but also the other users who provide information about other people by uploading pics and tagging them, gossiping about them, and the like. Remaining willfully ignorant is a choice. Not running a script blocker is a choice. Not running a cookie manager is a choice. Choosing a platform which makes tho

Re:

[shanen]

I'm not doubting your evidence, but I still can't figure out your perspective. However, because I suspect you are blaming the victims it makes me think you are trying to frame the discussion from a Libertarian perspective, where it is "normal" to blame the victims because the Libertarians always think that they themselves are just too damn smart to be victimized. There are various responses (mostly related to information imbalances) that I could offer to your analysis, but if your framing of the "problem" i

Re:

[drinkypoo]

I'm actually left of left, including being left of nobel-prize-for-drone-strikes Obama. I don't think Hillary is personally worse than El Chapo, I think Trump is the biggest shitheel around, etc. But I'm also pro personal responsibility where personal responsibility makes sense. The tools are available. I'm equally disgusted with people who don't read their car's owner's manual.

Re:

[shanen]

Okay, on that basis I will attempt to respond that it's (once again) a matter of time and prioritization. For example, I have stacks of manuals and supporting information around here, and I even used to read computer language manuals from cover to cover, but my time is limited. As I've grown older I've become more aware of how limited my time is to the point where my second email sig is now "It took me so long to learn patience that now I have no time to be patient!" I just can't RTFM (and all the manuals I

Re: Finding the real threats among the noise?

[Type44Q]

Sort of, eh? How decisive.

The Church of Facebook

[Zorro]

The "Church" of Scientology works the same way.

That's a pretty stupid bad guy.

[ITRambo]

I have no idea why anyone that genuinely wanted to do damage would advertise it, unless they really wanted to be stopped first. This seems like a made for TV movie.

Re:

[b0s0z0ku]

Marko Ramius -- "I'm gonna steal this multi-billion ruble submarine and sail it into New York Harbor ... just TRY and stop me, Russkies. MUHAHAHAHAHA!"

Abuse of multiplication

[sacrilicious]

Other former employees argue these security measures are justified by Facebook's reach and the intense emotions it can inspire. The company has 2.7 billion users across its services. That means that if just 0.01 percent of users make a threat, Facebook is still dealing with 270,000 potential security risks.

Nonsense.

There are 6 billion people on this planet. If just 1 in a million of them decides they need to hurt me, I've got six thousand people coming to hurt me. Therefor I need to have a permanent police escort, and patrolling of my house, and wear a bullet proof vest at all times. And there's probably some more.

Re:

[dshk]

But you have no 1 million people interacting with you. And by the way, from my experience, while 0.01 percent is a bit high, but only a bit. 0.001 or 0.0001 is a better estimate for serious threats.

Re:

[geggam]

Pretty sure you just used math to prove why there is no real threat from terrorism

Re: Abuse of multiplication

[Type44Q]

You don't need to break out the quantitative logic to demonstrate that; the qualitative kind will suffice.

Make a threat against Facebook

[Chris Mattern]

and they call out all the dogs.

Make a threat against a Facebook user? Not so much.

Stalkers

[Shotgun]

So, can we all sue Facebook for stalking behavior?

Meh.

[PPH]

Lots of companies do this. Keep track of disgruntled ex-employees or those who make threats against the company or its personnel. And if the threat begins to look credible, they turn that information over to law enforcement authorities to act on it.

It's possible that this can be abused. If you have a paranoid member of management or one that uses the system to carry out personal retribution. Usually law enforcement is smart enough to figure out if the threats are groundless or malicious. Problems arise when the "security professionals" who are handed this information are empowered as mini police forces by themselves. There are companies that employ armed personnel who step beyond protection and conduct further investigations or other actions posing as police or FBI agents. Conducting "sneak and peak" [wikipedia.org] searches when they have no legal warrants nor the authority to act on them.

Re:

[JaredOfEuropa]

Lots of companies do this. Keep track of disgruntled ex-employees or those who make threats against the company or its personnel. And if the threat begins to look credible, they turn that information over to law enforcement authorities to act on it.

That's not unreasonable. But the potential for abuse is a lot less. Most companies will only have your name, address, SSN, and some additional info in your personnel file. FB however is sneaking and peeking all the time. So Imagine a company that has already built up a social profile about you, knows your sexual preferences, tracks what you buy, where you go and where you are, what sites you visit and what news you read, who your friends are, and what your online aliases are... and you are on that compa

Re:

[PPH]

FB however is sneaking and peeking all the time.

I wonder if they are actually entering subjects residences as if they were real live cops executing search warrants. This has been done by others.