How Long Before Facebook Hands Over Your Personal Information to the Government?
Stay up to date with the latest headlines via email.
It’s often done in secret. Law enforcement investigators seek access to private user information stored by Web sites, routinely imposing a gag order that prohibits the Internet company from telling anyone about the demand.
Don’t you at least have a right to know the rules governing such quiet disclosures? When will sites like Twitter, Facebook, PayPal and others – with their hundreds of millions of users and massive caches of everything from cell-phone numbers to unique computer IDs – begin handing personal information over to the government?
Newly available documents shed light on such questions. Digital rights advocates at the Electronic Frontier Foundation have been suing federal agencies for months under the Freedom of Information Act with help from the Samuelson Clinic at UC Berkeley’s School of Law. The goal was to force open policies that explain when social networking sites can be used for government surveillance, data collection and investigations.
Results made public so far by EFF are available for more than a dozen sites in a chart built by the Center for Investigative Reporting (download the chart in .xls or .pdf). Old and new policies alike are posted next to the document year, so you can compare possible changes over time. EFF argues that the variety among them shows how “social networking sites have struggled to develop consistent, straightforward policies.”
“But the police aren’t investigating me,” you say. “My life is pretty boring, and I’m lucky to get a direct message from my mom on Twitter.”
First, in an age where more people than ever before communicate electronically, it’s worth knowing how long eBay and PayPal, for example, will hang onto your transactional records (an answer available in the chart) along with other insights relevant to alleged criminals and non-criminals alike.
Second, the law that protects your right to communicate privately through electronic means was enacted all the way back in 1986, long before email, instant messaging, cell phones and Skype existed.
Advocates believe the Electronic Communications Privacy Act is being overwhelmed by new technology, creating an advantage for government investigations into terrorism and crime, but threatening the ability of consumers to defend against excessive intrusion.
Some argue that the 25-year-old ECPA “affords more protection to letters in a file cabinet than email on a server,” according to a recent New York Times story on the subject:
Internet companies chafe at what they say is the weaker protection under the law afforded online data. They contend that an email should have the same protection from law enforcement as the information stored in a home. They want law enforcement agencies to use a search warrant approved by a judge or a magistrate rather than rely on a simple subpoena from a prosecutor to obtain a person’s online data.
The chart shows what personal data social-media sites will unleash with a mere subpoena, as opposed to private information made available only under judge-approved warrants.
A dust-up that emerged this month between federal authorities and Twitter brings the issue into tighter focus. Justice Department officials directed Twitter through a court order to turn over email and IP addresses (the latter being your computer’s unique ID) tied to the anti-secrecy site Wikileaks, reportedly under investigation by a grand jury in Virginia.
In what appeared to be a rare move for online networking sites, Twitter fought the gag order attached to it, winning the right to inform targeted users of the request. That meant Twitter’s customers affected by the demand had a chance to battle it themselves, leading to applause from some prominent online privacy defenders.