How long your information is stored and how it could be obtained by the authorities — with or without a warrant — varies greatly among social networks. Some site are more transparent about their policies and how often your information is given to law enforcement, while others keep mum.
Facebook is one of the latter and until now insight into its subpoena process was pretty cloudy. The Boston Phoenix Blog, which recently covered a story about the “digital investigation” of a “Craigslist killer,” has shed light into what Facebook’s response to a subpoena looks like and what’s in it. The blog believes it is the first time anyone has ever seen exactly what Facebook will provide law enforcement when subpoenaed.
Most information on private online accounts hosted by third-party servers, including email accounts, falls under the Electronic Communications Privacy Act, which states information can be accessed without a warrant if it is six months old or older, and the Stored Communications Act. Last year, Facebook released its guidelines for how it will provide information to authorities asking for it, but this was only after some of its procedures were leaked.
Unlike Google, which is very transparent about how often authorities request private user information, Facebook does not release the number of requests it gets. It does state in the guidelines though that information from the site can be obtained from authorities in accordance with the Stored Communications Act. It requires requests to be accompanied with a valid subpoena, a court order or warrant.
As part of its piece on the inner workings of a digital investigation into a so-called Craigslist killer, the Boston Phoenix has felt the information it obtained from the Boston Police Department on what authorities received from Facebook was particularly important to share publicly. The Phoenix reports that the information provided by Facebook on the killer — Philip Markoff who was indited of first degree murder among other charges in 2009 and committed suicide in 2010 — included wall posts, photos (uploaded and ones in which he was tagged), friend lists (with their Facebook IDs) and login and IP information.
The Phoenix has released the documents it obtained from the Boston PD’s case file, redacting much of the sensitive, personal information of friends of Markoff who may have been included in the documents Facebook gave to authorities. What is the Phoenix hoping will happen by making public this information? It states, “we’re hoping the social media, law, and privacy experts out there can glean insight from it.”
Tech Crunch, which has reviewed the documents, states this information reveals two things: 1) your record on Facebook is pretty comprehensive and much of it will be shared with authorities who have the proper grounds to obtain it; and 2) the information provided by Facebook isn’t just on the subpoenaed target but also “intersects with a bunch of people who had nothing to do with the investigation.”
The Atlantic Wire has more on how this latter bit of information — how much is revealed about people associated on Facebook with a person under investigation — could be the most interesting facet of what Facebook provides authorities:
Perhaps most worrying for people who aren’t currently under a police investigation is that it also included a full list of the user IDs and full names of everyone the target was friends with. That means if police subpoena the profiled a criminal and you’re “friends” with them, you’re now permanently connected to them. Does this mean you could consorting online with a known felon?
It doesn’t seem as if this particular investigation expanded to anyone beyond the main suspect, but it wouldn’t take much imagination for police to use that list to start asking Facebook for more profiles, if only to widen the dragnet. If you posted a photo of criminal, maybe they want to know what else might you have posted and who else might you be talking to online?
Check out the Facebook documents on the Markoff case obtained by the Phoenix from the Boston PD: