Thanks to Freedom of Information Act (FOIA) requests filed by our friends at the Electronic Frontier Foundation (EFF), we now know what many people concerned about e-privacy have long suspected: federal agents and local law enforcement are using social networking to spy on and gather evidence about citizens, sometimes employing fake identities in the process.
After initially refusing to release documents pertaining to the FOIA request, the Justice Department made public a number of internal federal agency documents in response to a lawsuit filed by EFF. Among the documents was one showing that “U.S. agents are logging on surreptitiously to exchange messages with suspects, identify a target's friends or relatives and browse private information such as postings, personal photographs and video clips” (Richard Lardner, “Feds Using Fake Online Profiles to Spy on Suspects,” 3/16/10, AP).
The document, a presentation called “Obtaining and Using Evidence from Social Networking Sites: Facebook, Myspace, LinkedIn and More,” is a product of the Computer Crime & Intellectual Property Section of the Department of Justice.
The presentation teaches that “evidence from social-networking sites can: reveal personal communications; establish motives and personal relationships; provide location information; prove and disprove alibis; establish crime or criminal enterprise,” and provide evidence of the “instrumentalities or fruits of crime.” It is possible that by “fruits of crime,” the DOJ is referring to pictures, status updates or other communications involving expensive items, large amounts of cash, guns or drugs, etc.
Chillingly, the document discusses the “legal and practical issues” of going “undercover on Facebook, MySpace, etc.” The authors write that going undercover on these sites can be useful for agents who want to “communicate with suspects/targets; gain access to non-public information,” and perhaps most alarming, “map social relationships/networks.”
Facebook users take note: the document counsels that Facebook is “often cooperative with emergency requests,” suggesting that the company does not require law enforcement to present court ordered warrants before disclosing information like private messages. This is confirmed by their privacy policy, which leaves open the possibility of disclosing information without a subpoena. Alternatively, according to the presentation MySpace “requires a search warrant for private messages/bulletins less than 181 days old...[and] considers friend lists to be stored content,” presumably also subject to disclosure only with a warrant.
Twitter appears to be the most responsible and protective of its users’ information. The DOJ document evinces that Twitter only retains the last login Internet Protocol number (used to discern the physical location of a user), “will not preserve data without legal process,” and has a “stated policy of producing data only in response to legal process.”
The “Obtaining and Using Evidence from Social Networking Sites” presentation indicates that Facebook may willingly give up information about you to the police and federal agents without any proof of criminal involvement, while Twitter and MySpace evidently have policies on the books requiring law enforcement to get warrants before they will turn over your private information.
For more information about law enforcement and social networking, visit the EFF’s FOIA: Social Network Monitoring website.
Also see this AP story to learn about a case in which the government used social networking to find and apprehend a suspect...all the way from Mexico.
Click here to read Facebook’s privacy policy. In the “How We Share Information” section, you’ll find the following:
"To respond to legal requests and prevent harm. We may disclose information pursuant to subpoenas, court orders, or other requests (including criminal and civil matters) if we have a good faith belief that the response is required by law. This may include respecting requests from jurisdictions outside of the United States where we have a good faith belief that the response is required by law under the local laws in that jurisdiction, apply to users from that jurisdiction, and are consistent with generally accepted international standards. We may also share information when we have a good faith belief it is necessary to prevent fraud or other illegal activity, to prevent imminent bodily harm, or to protect ourselves and you from people violating our Statement of Rights and Responsibilities. This may include sharing information with other companies, lawyers, courts or other government entities."
Contributed by Kade Crockford, of the ACLU of Massachusetts.
Posts
0 comments:
Post a Comment