Facebook's confidential law enforcement manual leaked.
Buried in anonymous comments to a blogger's post about his research regarding Sprint's release of GPS records to law enforcement are the law enforcement guidance manuals issued by yahoo, facebook, and myspace. The main text of the post also contains a link to comcast's manual. Each provides helpful hints for law enforcement regarding the specific data available (some of which may be obtained with a mere subpoena and without any judicial scrutiny), and even sample request language to use in different circumstances. According to the manual, facebook retains IP information (which can show the exact location where you logged on to your account) about its users for 30 days and has an application called "Neoprint" to deliver a handy packet of information about subscribers, including profile contact information, mini-feed, friend listing (with friend's facebook ID), group listing and messages. There is little oversight of this practice in the U.S. because the Department of Justice does not report the number of pen registers issued, notwithstanding a 1999 law requiring reports. Unlike the Electronic Communications Privacy Act, which governs the interception of realtime communications (i.e. a phone call) and requires law enforcement to report on the number of warrants issued, there is no reporting requirement for court orders issued under the Stored Communications Act, which governs the release of all of your electronic data stored online.
The manuals are definitely worth a read, as is the blog post, which outlines the disturbing lack of information about the use of these methods to gather information. Basic information about users (such as the IP address where you check your facebook, your real name and address) may be obtained with a subpoena, which is issued by an attorney without any court oversight.
This information is not particularly surprising, but should give all of us serious cause for concern if you are using these tools to plan actions or civil disobedience.
*Edit:* Fixed broken links. I'm also mirroring some other interesting files posted by the same blogger. And paypal's guide was also leaked. Paypal apparently keeps data "indefinitely."
The manuals are definitely worth a read, as is the blog post, which outlines the disturbing lack of information about the use of these methods to gather information. Basic information about users (such as the IP address where you check your facebook, your real name and address) may be obtained with a subpoena, which is issued by an attorney without any court oversight.
This information is not particularly surprising, but should give all of us serious cause for concern if you are using these tools to plan actions or civil disobedience.
*Edit:* Fixed broken links. I'm also mirroring some other interesting files posted by the same blogger. And paypal's guide was also leaked. Paypal apparently keeps data "indefinitely."