Friday 17 March 2017 15.05 AEDT Last modified on Friday 17 March 2017 15.14 AEDT
Victoria police are reviewing their use of social media after a staff member was accused of using hundreds of fake accounts to manage the force’s Facebook presence.
Kieran Bennett, a Melbourne activist, accused a Victoria police employee of setting up “at least 300” fake accounts to manage the force’s sprawling Facebook presence in a blog post published on Tuesday.
He told Guardian Australia he had traced hundreds of apparently fake Facebook profiles used to manage the police’s network of community-specific Eyewatch pages back to the personal account of a Victoria Police staff member.
“He appears to have gone and created a separate Facebook account for every single person who will ever need to log into any of these pages,” said Bennett. “... It’s like the most labor-intensive, least secure way to go about it.”
In order to grant the dummy profiles administrative access to the pages, the staff member had friended them on his own account, which was without privacy restrictions, Bennett said.
He said the Facebook friends list created a “massive map of his team”. The page appeared to have been deactivated on Thursday afternoon.
“I was able to see a complete list of every account that he’s got on his friends list, and it gets better: the people using these accounts, the officers who he’s obviously given these to, [in order to] manage the various pages they’ve got, have then gone and friended their personal profiles [and] interacted with members of the public.”
Bennett said he believed that, in setting up the dummy accounts, the staff member was attempting to prevent administrators of police Facebook pages losing control of their personal accounts in the event of their being reported for breaching Facebook’s community standards.
“You don’t want to use your personal account that you rely on to manage a page that’s likely to cop flak,” he said. “The other problem is presumably they don’t want their officers all logging in on their personal pages for work stuff.”
Bennett said this could be easily mitigated through use of a commercial social media management platform such as Hootsuite, and that the police’s apparent use of dummy accounts had made them far more vulnerable to mass-reporting.
Senior constable Alistair Parsons of Victoria police’s media unit did not refute Bennett’s account when contacted by Guardian Australia on Thursday, and said it was “currently reviewing its processes and governance arrangements relating to use of social media for investigative and operational reasons”.
He said the review had been scheduled but been brought forward “after we became aware of the blog and the issues it raised”, and would focus on ensuring communications were “both appropriate and secure”.
Parsons would not give specifics on the force’s use of social media. “As is common practice for law enforcement agencies, we do not believe it to be in the public interest to discuss those [intelligence-gathering] methodologies publicly.
“We would like to conclude the review before commenting further.”
Bennett made the connection after Javed de Costa and other organisers of a public forum on the City of Melbourne’s proposed homelessness ban received a message on Facebook from an individual purporting to be from Victoria police. (De Costa verified Bennett’s account to Guardian Australia.)
The message from the personal Facebook account read: “This is Victoria police. We’ve been informed of your protest action and want to let you know we’ll be monitoring this event with interest”.
Bennett wrote that the account from which it was sent had a profile picture of a Victoria police shield and 80 friends, the “vast majority” of which were identifiable as fake accounts by their “generic names, no content, one Facebook friend and the same blank red profile photo”. Many accounts matching this description were live on Thursday afternoon.
One of its 80 connections was the staff member’s personal page, which had few security restrictions.
Bennett said it was “appallingly bad social media security practice”, not only exposing the police’s social media team but potentially jeopardising its activity on Facebook, leaving its pages open to being reported and subsequently shut down when their administrators were unable to verify their fake identity.
“A campaign of mass reporting could see Victoria police progressively locked out of the accounts they use to manage their sprawling social media presence.”
Victoria Police operates more than 20 Facebook pages “with a combined following of almost 200,000” as part of its Eyewatch initiative, connecting individual stations with their local communities to prevent and solve local crimes.
The force’s Facebook followers have been described as “sort of citizen police” and its Eyewatch pages as “a modern-day Neighbourhood Watch”.
In December last year, the police minister Lisa Neville opened a $15m “state-of-the-art surveillance centre” on Flinders Street with the capacity for “real-time monitoring of social media”.