Social Networking and E-Mail: Is Privacy Dead?

Facebook has now overtaken Google as the most visited website. How smart is it to share your life on Facebook or other social networking sites? This week, the keynote speaker at the South by Southwest Interactive (SXSWi) festival proclaimed privacy is not dead in the era of social networking, it just needs fixing. The speaker, Danah Boyd, works for Microsoft.

I disagree. It's very much dead, not only for social media but for e-mail. The evidence? Take a look at Facebook's subpoena and search warrant guide -- or Google's or AOL's or anyone else's. Or, take a look at the Stored Communications Act (18 USC 2703) and see how easy it is for law enforcement to get your personal information and contacts, and with a search warrant, the content of your communications.

How are you going to find those guides? I'm not going to publish them, but you can find them on Cryptome.org. I will tell you a little about what they will turn over: [More...]

According to its 2008 guide, Facebook will turn over: an expanded view of your profile, called a "neoprint"; all non-deleted photos you have uploaded to Facebook, and all photos others have uploaded in which you are "tagged" -- this is called a "photoprint"; all of your non-deleted contact information, regardless of whether you have marked it private -- including your phone numbers, email address and AIM screen name (excluding historical data which it does not keep); a user's IP logs, showing the IP addresses of the computer used to log onto Facebook -- they keep this for around 90 days, maybe longer;

You think law enforcement doesn't know about you or your Facebook account? Have you ever signed up to be a member of a Facebook group? Facebook will turn over a list of all members of the group. Once they have the list, there's nothing to stop law enforcement from requesting the information on any or every group member.

AOL is particularly helpful to law enforcement. It's 18 page guide even contains sample language with what information to ask for. In addition to your contact information, they will turn over your billing records and dates and times you were online, your payment source, including credit card and bank account information, your IP address (either the most recent, or upon request, the one used at a specific date and time) and subscriber information for a particular screen name, AOL even offers instructions for when law enforcement is seeking records for more than 10 screen names in a single request.

With a search warrant, AOL will also turn over the contents of your communications, including e-mails, photos and attachments and embedded files, your buddy lists, your address book, the dates you have had service with AOL....even the dates you asked AOL for support with your account. It will turn over this information whether it is in AOL's electronic storage or if AOL is used as a remote computing service. With a probable cause order, they will also turn over X-drive information and contents.

AOL will also preserve the requested information upon receipt of a faxed request, before the court order is obtained.

On to Google and G-Mail. With a search warrant, Google will turn over not only your mail, but the information in other Google services you use, such as your Google reader, calendar, talk, search history, spreadsheets and Finance and Toobar. Once you delete the account, Google may or may not be able to turn it over.

For example, in the recent case of Bear Sterns exec Matthew Tanning (U.S. v. Cioffi et al),in 2009 the Government served Google with a search warrant seeking an email Tanning had written in 2006. Google first responded to the AUSA that because the account had been deleted, it didn't have access to the information. Later, on the eve of trial, Google notified the AUSA it had been able to find a copy of the account (and what was in it) as of November, 2007. It supplied the Government with a cd-rom with the requested information. In it was the e-mail Tanning had written himself (like a diary entry) from November, 2006. The Court found the warrant was overbroad and violated the 4th Amendment. (Opinion here.) But the Government had already seen the contents.

In the Tanning case, other publicly filed documents show Google keeps e-mail and information in closed accounts on its active servers for up to 60 days and indefinitely on its backup servers.

The Electronic Communications Privacy Act (ECPA) (18 U.S.C. §§ 2701-2712) sets forth the appropriate legal process required to compel online services records custodians to disclose customer records and contents. Some can be gotten by simple subpoena (no court order), some require a court order where all they have to show is reasonable grounds to believe that the data is "relevant and material to an ongoing criminal investigation" and only those containing "content" require a search warrant.

There are similar instructional guides for law enforcement put out by everyone from EBay and Paypal to Comcast and Microsoft (Windows Live, Hotmail, MSN Groups.)

Every time you use an online service and your information goes into "the cloud", it's retrievable somewhere, somehow, if someone wants it badly enough. Nothing is private. Not social media, not your e-mail, not your Twitter, YouTube and Flickr accounts, not even the online services you use to store or backup your data, photos and videos.

< Health Care Rules Switch May Be a Game Changer | Will The Health Bills Really Be "The Most Important Thing They Will Ever Do?" >
  • The Online Magazine with Liberal coverage of crime-related political and injustice news

  • Contribute To TalkLeft

  • Display: Sort:
    E-Mail Too (none / 0) (#2)
    by squeaky on Tue Mar 16, 2010 at 12:44:15 AM EST
    The United States Court of Appeals for the Eleventh Circuit rules that once emails have been received by a third party, no Fourth Amendment protection applies to any copies.In Rehburg v. Paulik, among other claims, Charles Rehburg alleged a violation of his constitutional rights by the improper subpoena of his emails from his ISP. Last week, the Eleventh Circuit ruled against him:

    Rehberg's voluntary delivery of emails to third parties constituted a voluntary relinquishment of the right to privacy in that information. Rehberg does not allege Hodges and Paulk illegally searched his home computer for emails, but alleges Hodges and Paulk subpoenaed the emails directly from the third-party Internet service provider to which Rehberg transmitted the messages. Lacking a valid expectation of privacy in that email information, Rehberg fails to state a Fourth Amendment violation for the subpoenas for his Internet records.


    Encryption (none / 0) (#3)
    by Andreas on Tue Mar 16, 2010 at 01:17:29 AM EST
    Encrypting mails might make it more difficult to communicate but it helps to protect privacy.

    Mostly because you can no longer actually (none / 0) (#5)
    by andgarden on Tue Mar 16, 2010 at 01:21:29 AM EST
    email anyone ;-).

    Almost makes you want to reach for the phone, (none / 0) (#4)
    by andgarden on Tue Mar 16, 2010 at 01:20:55 AM EST
    doesn't it?

    Almost, except that in my case (none / 0) (#6)
    by shoephone on Tue Mar 16, 2010 at 01:51:10 AM EST
    it's likely my landline was tapped a few years ago, due to close friendships I've had with certain individuals whose phones were tapped. I use my cell almost exclusively now.

    But at least I've never done Facebook or My Space. As for my gmail account, I never use it. They could easily get into my other, more active account though. I'm not foolish enough to believe I can operate under their radar. It sucks. No way around it.

    I just try to be as boring as possible when online.


    Likewise, anyone (none / 0) (#13)
    by Natal on Tue Mar 16, 2010 at 06:36:39 PM EST
    wanting to read my e-mails or listen to my phone conversations are welcome to do it. But I warn: Be prepared to be bored to tears.

    I can see why Jeralyn might be upset, (none / 0) (#7)
    by Gerald USN Ret on Tue Mar 16, 2010 at 04:05:30 AM EST
    I can see why Jeralyn might be upset.  Many of her clients might have snoops on their phone lines.

    Most people have no worry.  There just isn't enough capacity to watch very many people.

    Encryption will work, but they can get a court order to make you decrypt it, or open your safe, or safety deposit box..

    Cell phones are in some ways easier to tap than land lines.  They don't have to put a device on a cable or a wire.  They just sit in their car and sniff out all the calls in the air.  Yes you would need a warrant to use the info, but armed with that same info without a warrant, a policeman will know where to be the next time you want to do something illicit.

    You can easily get a secure connection and a proxy to use online various places by paying money, or with knowledge and skill get a free one, but with a warrant they can just send you a Trojan with various capabilities by email, or (with a warrant) directly load it into your computer without you knowing it.  Likewise they can put a hardware keystroke logger on your computer hardware. That is preferred I think.  Heard that was done on a Mobster's son.  They found the missing funds and other records.

    I am not going to go into what the "big guys"  can do with the expensive equipment.

    You could go with tradition and meet in a parking garage at night and whisper to your confederate.  But in this day and time I would suggest that you also pick a random garage each time, move away from your cars when you whisper ear to ear, with your hands hiding your mouth and don't take more than 10 to 20 minutes for the meeting because they may have a trace or a tail on your car.

    Also NO PAPER!  Spies are trained to have good memory techniques.

    Better still, ... but you get the idea.


    Have you ever seen "The Conversation" (5.00 / 1) (#12)
    by magster on Tue Mar 16, 2010 at 10:38:32 AM EST
    starring Gene Hackman from 1973?  Seeing what kind of eavesdropping can be done with 1973 technology, imagine what can be done now.

    Most of us (none / 0) (#8)
    by JamesTX on Tue Mar 16, 2010 at 07:52:48 AM EST
    remember when telecommunication, for the average person, consisted of two options. Those were (1) mailing a letter or (2) making "telephone call". Making a telephone call involved meeting the minimal criteria that the person you were trying to contact was in a known, fixed physical location and you knew the telephone number at that location. In the span of a few years, being limited to those options seems like another world -- a place where it would be almost impossible to live today. And it would, for most of us. Without a lot of money, you have no option in the world today except to embrace technology and allow the machine to copy and store everything it wants to about you. It is odd to recall the context in which only the wealthy could afford the technology, and compare it to ten years later -- only the wealthy can avoid it. I have always compared the boom of the last two decades to industrialization. There will be casualties, and the vast majority of those will be the poor. The question is whether or not populism will control this beast. Most Americans live with the assumption that it will, simply because it did so with the machine at the turn of the last century. There are a couple of important issues in that history, though. It took several decades before the machine was tamed, and countless people died and suffered before it was tamed. Also, there is no sign of the populist sentiment that tamed the industrial machine today, mainly because the telecommunications technology can differentially deliver comfort and safety in very precise manner. I...don't think we have a chance!

    Eh (none / 0) (#9)
    by jbindc on Tue Mar 16, 2010 at 08:00:13 AM EST
    They could get information from everyone posting here on this site, if they wanted.  I have a Facebook page.  I've Googled people I want to know about (potential dates, in job interview prep, etc.) and many times get taken to their Facebook page. I'm a lawyer - my info is posted for the world to find on the websites on the various bar associations to which I am a member (even if you ask for them to hide certain info, many won't).  Seems like the average person could find out a lot of information pretty easily even without a warrant - potential employers do these routine checks all the time, and they don't have a warrant.

    I hate to say it, but if unless you are going to live like the Amish, you're going to leave an electronic trail somewhere that someone with basic computer skills could find.

    pretty much (none / 0) (#10)
    by CST on Tue Mar 16, 2010 at 09:58:19 AM EST
    I think by now, most people (should) assume any thing they put online, especially a social networking site, can be accessed by anyone.  Although I will admit the easy access to private e-mail is somewhat unnerving.  There is a mental seperation between the two, social networking is expected to be public to a degree, that's kind of the whole point.  E-mail is a one-on-one correspondence, so we expect a higher level of privacy.

    jeralyn and all of you: (none / 0) (#11)
    by cpinva on Tue Mar 16, 2010 at 10:23:30 AM EST
    the moment you entered any personal data online, your privacy became a thing of your past. it's still out there, in cyberspace somewhere, just waiting to be downloaded by any interested party.

    don't believe me? no problem, i understand completely. do a simple test:

    1. go online.
    2. do a search of yourself. any engine will do, they're all essentially using similar search algorithms.
    3. see what pops up. you'll be surprised.

    now, what you've done is the most basic search, consider what someone with bad intent, and a willingness to expend more resources, could find.

    and there's not a damn thing you can do about it. once it's out there, it's out there for good. just ask anyone who's had less than flattering pictures of themselves uploaded. no court in any land, can issue an order that will get everything back. it just isn't feasible.

    fear of what (none / 0) (#14)
    by diogenes on Wed Mar 17, 2010 at 06:52:22 PM EST
    Is the implication that assorted perverts might come after us after looking at our Facebook sites, which is actually possible though unlikely? Or is the implication that somehow the government will be filled with people who have nothing better to do than to create an enemies list of people who contribute to Talk Left and then do tax audits of us or send out death squads a la Iran?