Facebook is unique in the way it uses its own product to mine data for threats and locations of potentially dangerous individuals, said Tim Bradley, senior consultant with Incident Management Group, a corporate security consulting firm that deals with employee safety issues. However, the Occupational Safety and Health Administration’s general duty clause says that companies have to provide their employees with a workplace free of hazards that could cause death or serious physical harm, Bradley said.
“If they know there’s a threat against them, they have to take steps,” Bradley said. “How they got the information is secondary to the fact that they have a duty to protect employees.”
Making the list
One of the tools Facebook uses to monitor threats is a “be on lookout” or “BOLO” list, which is updated approximately once a week. The list was created in 2008, an early employee in Facebook’s physical security group told CNBC. It now contains hundreds of people, according to four former Facebook security employees who have left the company since 2016.
Facebook notifies its security professionals anytime a new person is added to the BOLO list, sending out a report that includes information about the person, such as their name, photo, their general location and a short description of why they were added.
In recent years, the security team even had a large monitor that displayed the faces of people on the list, according to a photo CNBC has seen and two people familiar, although Facebook says it no longer operates this monitor.