Digital Underground: Cyber Thugs, Police, and Virtual Investigations (4 of 8)

This blog will explore the limitations of using social media sites to investigate criminal activity and examine the information available to law enforcement on social media sites.

According to a survey by the International Association of Chiefs of Police of 600 agencies, more than 92 percent of departments now use social media, and 74 percent believe it helps them solve crimes.[1]

One of the biggest concerns with police using social media sites to investigate crimes is violating individual’s privacy rights. The Fourth Amendment guarantees “the right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause….”[2] It protects citizens against unexpected invasions of privacy.[3] When police collect evidence in a way that reveals what a reasonable person might expect would remain hidden, it violates a reasonable expectation of privacy.[4] However, is there a reasonable expectation of privacy on a social media site?

Social media networks make it possible for people to share personal information, pictures and even their location with the simple click of a button. The ability to share information almost instantaneously makes it difficult to determine the limitations of the reasonable expectation of privacy. Generally, individuals have a reasonable expectation of privacy in the contents of their laptops, smartphones, iPads, etc. However, this expectation may be extinguished when a computer user transmits information over the Internet on a social networking Web site.[5]

Many courts have held that there is no reasonable expectation of privacy when information is exposed to a third-party.[6] The third-party exposure doctrine was set forth in Smith v. Maryland, a case where the third party was the telephone company.[7] This would mean that there is no reasonable expectation of privacy in information sent over the Internet because it is automatically exposed to a third-party, the Internet service provider. Although information transmitted using the Internet has been analogized to information transmitted over the telephone,[8] technology is evolving and fortunately, so is the law. Online social networking has fundamentally altered the balance between the public and the private in a way that cannot be constitutionally ignored.[9] Today, social media networks like Facebook and Twitter constantly challenge the parameters of the reasonable expectation of privacy.

Americans spend a significant amount of time on Facebook, more than any other website.[10] Facebook has 1.26 billion users worldwide.[11] There are 200 billion new posts and 200 million photos uploaded to Facebook every day.[12] Facebook has been no stranger to controversy over privacy issues. Since its inception in 2004, Facebook has revised its privacy policy several times over the last revision was December 11, 2012.[13] Registering for Facebook serves as an automatic consent to the terms included in the Statement of Rights and Responsibilities.[14] The Data Use Policy, which is included in the Statement of Rights and Responsibilities, explains how information shared on the site is used.[15]

For the most part, Facebook allows users to control the privacy settings on their individual page. Users can choose the information they want to make public.[16] They can also choose to place limits on the audience that can view their information. Facebook users may decide to keep their profiles completely private, share them only with “friends” or more expansively with “friends of friends,” or disseminate them to the public at large.[17] If a user chooses to make information public, then anyone, including people who do not use Facebook, will be able to see it.[18] This means that the information can be associated with the user “(i.e., name, profile pictures, cover photos, timeline, User ID, username, etc.,) even off Facebook.”[19] This also means that the information can show up when someone does a search on Facebook or on a public search engine.[20] Users can give specific audiences access to their timeline or content they post, such as: status updates, photos or check-ins.[21] However, some information is always public, and available for anyone to see. The following is always public:

Name: This helps your friends and family find you. If you are uncomfortable sharing your real name, you can always delete your account.

Profile Pictures and Cover Photos: These help your friends and family recognize you. If you are uncomfortable making any of these photos public, you can always delete it. Unless you delete them, when you add a new profile picture or cover photo, the previous photo will remain public in your profile picture or cover photo album.

Networks: This helps you see whom you will be sharing information with before you choose “Friends and Networks” as a custom audience. If you are uncomfortable making your network public, you can leave the network.

Gender: This allows us to refer to you properly.

Username and User ID: These allow you to give out a custom link to your timeline or Page, receive email at your Facebook email address, and help make Facebook Platform possible.[22]

https://www.facebook.com/full_data_use_policy

Whether a user’s information is public or private is important to police who use Facebook to investigate crimes. Police investigating criminal activity may access information that a user has made public without a court order.[23]  Nevertheless, information posted by a user using more secure privacy settings reflect the user’s intent to preserve information as private and may create a reasonable expectation of privacy,[24] which requires a court order for access. However, when a user posts information using the “Friends of Friends” setting things can get a little is a little touchy. Ultimately, whether the Fourth Amendment precludes the government from viewing a user’s social networking web site profile absent a showing of probable cause depends, among other things, on the user’s privacy settings.”[25]

How do police get this information?

The International Association of Chiefs of Police Center for Social Media has a database with law enforcement investigative guides for most social media sites, including Facebook.[26] Facebook will disclose information to police if they receive one of the following:

• A valid subpoena issued in connection with an official criminal investigation is required to compel the disclosure of basic subscriber records (defined in 18 U.S.C. Section 2703(c)(2)), which may include: name, length of service, credit card information, email address(es), and a recent login/logout IP address(es), if available.

• A court order issued under 18 U.S.C. Section 2703(d) is required to compel the disclosure of certain records or other information pertaining to the account, not including contents of communications, which may include message headers and IP addresses, in addition to the basic subscriber records identified above.

• A search warrant issued under the procedures described in the Federal Rules of Criminal Procedure or equivalent state warrant procedures upon a showing of probable cause is required to compel the disclosure of the stored contents of any account, which may include messages, photos, videos, wall posts, and location information.[27]

https://www.facebook.com/safety/groups/law/guidelines/

This year Facebook has received 11,000 data-user-account requests covering approximately 22,000 user accounts.[28] The United States has accounted for almost 53% of the total Facebook data-user-account requests worldwide in the first six months of 2013.[29]

Facebook warns users that it may disclose user account information in the Data Use Policy, which reads:

We may access, preserve and share your information in response to a legal request (like a search warrant, court order or subpoena) if we have a good faith belief that the law requires us to do so. This may include responding to legal requests from jurisdictions outside of the United States where we have a good faith belief that the response is required by law in that jurisdiction, affects users in that jurisdiction, and is consistent with internationally recognized standards. We may also access, preserve and share information when we have a good faith belief it is necessary to: detect, prevent and address fraud and other illegal activity; to protect ourselves, you and others, including as part of investigations; and to prevent death or imminent bodily harm. Information we receive about you, including financial transaction data related to purchases made with Facebook Credits, may be accessed, processed and retained for an extended period of time when it is the subject of a legal request or obligation, governmental investigation, or investigations concerning possible violations of our terms or policies, or otherwise to prevent harm. We also may retain information from accounts disabled for violations of our terms for at least a year to prevent repeat abuse or other violations of our terms.

The next blog will explore how police get Facebook evidence admitted in court.


[1] How Police Are Using Social Media Sites to Solve Crimes, wpxi.com (Updated: 6:25 p.m. Friday, Nov. 8, 2013, Posted: 1:21 p.m. Friday, Nov. 8, 2013) http://www.wpxi.com/news/news/local/how-police-are-using-social-media-sites-solve-crim/nbmjG/

[2] USCA CONST Amend. IV-Search and Seizure

[3] Orin S. Kerr, Four Models of Fourth Amendment Protection, 60 Stan. L. Rev. 503, 509 (2007).

[4] Orin S. Kerr, Four Models of Fourth Amendment Protection, 60 Stan. L. Rev. 503, 509 (2007).

[5] 88 A.L.R.6th 319 (Originally published in 2013).

[6] Smith v. Maryland, 442 U.S. 735 (1979).

[7] Id. Developing 21

[8] Developing 21

[9] Nathan Petrashek, The Fourth Amendment and the Brave New World of Online Social Networking, 93 Marq. L. Rev. 1495, 1518 (2010); quoting Clarence Thomas, Associate Justice, U.S. Supreme Court, Address at the University of Florida Levin College of Law Marshall Criser Distinguished Lecture Series (Feb. 4, 2010).

[10] Justin Lafferty Infographic: Everything You Need to Know About Privacy on Facebook Inside Facebook (Nov 12th, 2013) http://www.insidefacebook.com/2013/11/12/infographic-everything-you-need-to-know-about-privacy-on-facebook/

[11] Id.

[12] Id.

[13] Statement of Rights and Responsibilities Facebook https://www.facebook.com/legal/terms

[17] United States v. Meregildo, 883 F. Supp. 2d 523, 525 (S.D.N.Y. 2012); citing http://www.facebook.com/help/445588775451827

[18] Id.

[19] Id.

[20] Id.

[21] Id.

[23] United States v. Meregildo, 883 F. Supp. 2d 523, 525 (S.D.N.Y. 2012); citing U.S. v. Katz, Katz, 389 U.S. at 351,(1967.

[24] Id. at 525.

[25] U.S. v. Meregildo, 883 F. Supp. 2d 523 (S.D. N.Y. 2012); 88 A.L.R.6th 319 (Originally published in 2013).

[27]Information for Law Enforcement Authorities Facebook https://www.facebook.com/safety/groups/law/guidelines/

[28] Justin Lafferty Infographic: Everything You Need to Know About Privacy on Facebook Inside Facebook (Nov 12th, 2013) http://www.insidefacebook.com/2013/11/12/infographic-everything-you-need-to-know-about-privacy-on-facebook/

[29] Id.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: