How long your information is stored and how it could be obtained by the authorities — with or without a warrant — varies greatly among social networks. Some site are more transparent about their policies and how often your information is given to law enforcement, while others keep mum.
Facebook is one of the latter and until now insight into its subpoena process was pretty cloudy. The Boston Phoenix Blog, which recently covered a story about the “digital investigation” of a “Craigslist killer,” has shed light into what Facebook’s response to a subpoena looks like and what’s in it. The blog believes it is the first time anyone has ever seen exactly what Facebook will provide law enforcement when subpoenaed.
Most information on private online accounts hosted by third-party servers, including email accounts, falls under the Electronic Communications Privacy Act, which states information can be accessed without a warrant if it is six months old or older, and the Stored Communications Act. Last year, Facebook released its guidelines for how it will provide information to authorities asking for it, but this was only after some of its procedures were leaked.
Unlike Google, which is very transparent about how often authorities request private user information, Facebook does not release the number of requests it gets. It does state in the guidelines though that information from the site can be obtained from authorities in accordance with the Stored Communications Act. It requires requests to be accompanied with a valid subpoena, a court order or warrant.
As part of its piece on the inner workings of a digital investigation into a so-called Craigslist killer, the Boston Phoenix has felt the information it obtained from the Boston Police Department on what authorities received from Facebook was particularly important to share publicly. The Phoenix reports that the information provided by Facebook on the killer — Philip Markoff who was indited of first degree murder among other charges in 2009 and committed suicide in 2010 — included wall posts, photos (uploaded and ones in which he was tagged), friend lists (with their Facebook IDs) and login and IP information.