Full Report
The alleged risks of being publicly identified have not stopped DHS and ICE employees from creating profiles on LinkedIn, even as Kristi Noem threatens to treat revealing agents' identities as a crime.
Analysis Summary
# Main Topic
Self-identification and public exposure of DHS and ICE employees via non-official platforms, particularly LinkedIn, despite concerns over "doxing" and political threats to prosecute those who reveal their identities.
## Key Points
- A website named "ICE List," a crowdsourced wiki, aggregated personal information, relying heavily on data publicly posted by the alleged DHS/ICE employees themselves.
- Nearly 90% of reviewed pages on the "ICE List" cited LinkedIn as a source of information, indicating employees are actively maintaining public professional profiles.
- DHS/ICE has characterized reporting or publicizing ICE officer identities as "doxing" and threatened prosecution, juxtaposing this with the voluntary public activity of its employees online.
- The profiles often display typical professional activity (e.g., New Year's resolutions, motivational posts, #opentowork status).
## Threat Actors
- **Threatened Actors:** DHS and ICE employees/agents.
- **Information Aggregators/Publishers:** Creators and maintainers of the "ICE List" wiki (volunteers).
- **Political Actors:** Kristi Noem, threatening to treat revealing agent identities as a crime.
## TTPs
- **Self-Exposure of PII/Employment Status:** DHS/ICE employees using LinkedIn to list their role/agency, creating easily indexable public profiles.
- **Data Aggregation (Information Harvesting):** Utilization of public sources like LinkedIn, OpenPayrolls, and SignalHire to compile lists of alleged employees.
- **Crowdsourced Verification:** The "ICE List" operates as a wiki with volunteer discretion over verification status.
## Affected Systems
- **Platforms:** LinkedIn (primary source of self-identified data).
- **Data Brokers/Public Record Sites:** OpenPayrolls (public employee salary database via FOIA request), SignalHire (lead generation/data broker).
- **Aggregating Platforms:** The "ICE List" wiki.
## Mitigations
- **Employee Awareness/Guidance:** Need for stricter advisories or policies regarding the maintenance of professional networking profiles (LinkedIn) that explicitly detail current employment with sensitive agencies like DHS/ICE, especially in high-risk environments.
- **Data Minimization:** Employees should review and restrict privacy settings on public professional platforms, or avoid listing highly sensitive current roles.
- **Policy Clarity from DHS:** While not explicitly stated as a mitigation, the discrepancy between prosecuting external actors for doxing versus the internal voluntary disclosure suggests a need for clearer internal guidance on online presence management.
## Conclusion
The primary intelligence finding is a significant internal inconsistency where DHS/ICE employees are voluntarily publishing data confirming their employment on professional platforms like LinkedIn (leading to inclusion on external aggregation sites like ICE List), even while the agency officially frames the exposure of these same identities as illegal "doxing" warranting prosecution. The immediate threat vector is self-exposure via professional social media, not necessarily external hacking or data breaches concerning the primary sources mentioned. Organizations should focus on internal guidance regarding the acceptable disclosure of employment details on public platforms.