FB, Google Get Limited Disclosure Approval
Posted on Sat Jun 15, 2013 at 08:59:00 AM EST
Tags: internet privacy, social media privacy (all tags)
The Government has agreed to let Facebook and other web companies publish some details about the number of surveillance requests it has received.
Facebook has already posted their numbers. For the last six months of 2012, it received between 9,000 and 10,000 requests for user data pertaining to 18,000 to 19,000 of user accounts. This includes requests from all government entities in the U.S. (local, state, and federal, and including criminal and national security-related requests)
Here is Facebook's statement on the release. What's allowed to be disclosed: [More...]
all U.S. national security-related requests (including FISA as well as National Security Letters) – which until now no company has been permitted to do.
Continued restrictions:
As of today, the government will only authorize us to communicate about these numbers in aggregate, and as a range. This is progress, but we’re continuing to push for even more transparency, so that our users around the world can understand how infrequently we are asked to provide user data on national security grounds.
FB points out it has over 1 billion users so the requests affect a very small amount of users and data. The numbers also include law enforcement requests for things like missing child investigations.
I'm not sure what FB is crowing about, since Google's Transparency Report has included the number of requests and user accounts affected since 2010. For the last six months of 2012, law enforcement requested information more than 21,000 times on 33,000+ users.
Personally, I think use of all social media sites carry a tremendous privacy risk. Take a look at FB's page on Data Privacy page and see how much information it stores about you. You need to check three places, the Activities Log, Expanded Archives and Downloaded Info and Activity Logs.
To save you some time, I combined them in this slideshow. The complete data use policy is here.
One thing you can do to reduce the amount of information you share is to turn off the locations services on your smartphones and don't connect your accounts to each other. Tell your smartphone NOT to record the location where photos are taken. Otherwise the location is embedded in the photo's data and viewable by anyone who views the photo.
Why would people other than teenagers who live with their parents announce where they are on sites like FourSquare? It tells people you aren't home, it's an invitation for home invasions.
Don't feed Mr. Nosey. If you run across a media site that wants you to log in with your FB or Twitter account to comment, run the other way.
Here are Twitter's Guidelines for Law Enforcement. Its privacy and data retention policies are here. Take a few minutes to read through it and see how much they collect and for how long. You can download all the data in your Twitter account here.
Here's a listing of metadata collected by both Twitter and Facebook (they are different.)
Courts are also getting savvy about giving your social media information -- including content--to prosecutors, defense lawyers and civil litigants. A few things courts have ordered:
- Ordered a juror to “execute a consent form sufficient to satisfy the exception” in the SCA to allow Facebook to produce the juror’s wall posts to defense counsel. Juror No. One v. Cal., No. CIV. 2:11397 WBS JFM, 2011 WL 567356, at *1 (E.D.Cal. Feb. 14, 2011).
- Ordered a party to briefly change his Facebook profile to include a prior photograph so that his Facebook pages could be printed as they existed at a prior time. Katiroll Co. v. Kati Roll & Platters, Inc., Civil Action No. 10 3620 (GEB), 2011 WL 3583408, at *4 (D.N.J. Aug. 3, 2011).
- Recommended that an individual “friend” the judge on Facebook in order to facilitate an in camera review of Facebook photos and comments. Barnes v. CUS Nashville, LLC, No. 3:09cv00764, 2010.
- (4) Ordered parties to exchange social media account user names and passwords, Gallion v. Gallion, No. FA114116955S, 2011 WL 4953451, at *1 (Conn. Super.Ct. Sept. 30, 2011) (court ordered parties to exchange passwords to Facebook and a dating website.) McMillen v. Hummingbird Speedway, Inc., No. 113-2010 CD, 2010 WL 4403285 (Pa. Ct. Com. Pl. Sept. 9, 2010) (court ordered plaintiff to produce Facebook and MySpace login credentials to opposing counsel for “readonly access”)
The location information on your smartphone is the most revealing. It gives a complete picture of your patterns, habits and more. It will disclose if you visit an abortion clinic, a bar, or a political rally and how often.
There are companies out there who specialize in assisting law enforcement (and private parties) in extracting and verifying the information obtained from your social media accounts. They now provide "digital notary services." I can't find the link for where I got this right now, but here's the description:
If law enforcement gets their hand on your phone, it's worse. Check out Cellebrite's description of its signature program, the UFED Touch Ultimate. Here is Cellebrite's page for its Physical Analyzer software.A digital notary attests to the authenticity of a digital item as it is reflected at a particular date and time. In simple terms, digital notaries "seal" a digital item with specialized software in order to preserve the integrity of the item and digitally date and timestamp the item. Digital notaries perform a wide variety of services, including the authentication of the data on computer hard drives, e-mails, website ESI, Internet postings, digital photographs, and text messages or instant messages.
Available with the UFED Touch Ultimate and UFED Classic Ultimate is the UFED Physical Analyzer: the most advanced analysis, decoding and reporting application in the mobile forensic industry. It includes malware detection, enhanced decoding and reporting functions, project analytics, timeline graph, exporting data capabilities and much more.The UFED Physical Analyzer: the most advanced analysis, decoding and reporting application in the mobile forensic industry. It includes malware detection, enhanced decoding and reporting functions, project analytics, timeline graph, exporting data capabilities and much more.
We may not be able to do anything about the government obtaining our data from social media, but we can do things to reduce what it receives in response to its demands.
< TalkLeft Birthday and Open Thread | Saturday Open Thread > |