Leaked intelligence documents: Here's what Facebook and Comcast will tell the police about you - Computerworld Blogs - 0 views
-
The "Facebook Subpoena/Search Warrant Guidelines" from the Cryptome site are dated 2008, so there's a chance they've been superseded. The document spells out how law enforcement and intelligence agenices should go about requesting information about Facebook users, and details what information is turned over. Following is what Facebook will turn over about you, taken verbatim from the guide: Types of Information Available User Neoprint The Neoprint is an expanded view of a given user profile. A request should specify that they are requesting a “Neoprint of used Id XXXXXX”. User Photoprint The Photoprint is a compilation of all photos uploaded by the user that have not been deleted, along with all photos uploaded by any user which have the requested user tagged in them. A request should specify that they are requesting a “Photoprint of user Id XXXXXX”. User Contact Info All user contact information input by the user and not subsequently deleted by the user is available, regardless of whether it is visible in their profile. This information may include the following: Name Birth date Contact e-mail address(s) Physical address City State Zip Phone Cell Work phone Screen name (usually for AOL Messenger/iChat) Website With the exception of contact e-mail and activated mobile numbers, Facebook validates none of this information. A request should specify that they are requesting "Contact information of user specified by [some other piece of contact information]". No historical data is retained. Group Contact Info Where a group is known, we will provide a list of users currently registered in a group. We will also provide a PDF of the current status of the group profile page. A request should specify that they are requesting "Contact information for group XXXXXX". No historical data is retained. IP Logs IP logs can be produced for a given user ID or IP address. A request should specify that they are requesting the "IP log of user Id XXXXXX" or "IP log of IP address xxx.xxx.xxx.xxx". The log contains the following information: * Script – script executed. For instance, a profile view of the URL http://www.facebook.com/profile.php?id=29445421 would populate script with "profile.php" * Scriptget – additional information passed to the script. In the above example, scriptget would contain "id=29445421" * Userid – The Facebook user id of the account active for the request * View time – date of execution in Pacific Time * IP – source IP address IP log data is generally retained for 90 days from present date. However, this data source is under active and major redevelopment and data may be retained for a longer or shorter period. Special Requests The Facebook Security Team may be able to retrieve specific information not addressed in the general categories above. Please contact Facebook if you have a specific investigative need prior to issuing a subpoena or warrant.
-
Comcast The Comcast document is labeled "Comcast Cable Law Enforcement Handbook," and is dated 2007, so there's a possibility that it, too, has been superseded. As with the other documents, it explains how law enforcement agenices can get information, and details what information is available. There's a great deal of detail in the 35-page document, which describes what Internet, phone, and television information will be turned over. For example, here's the IP information it will make available: Comcast currently maintains Internet Protocol address log files for a period of 180 days. If Comcast is asked to respond for information relating to an incident that occurred beyond this period, we will not have responsive information and can not fulfill a legal request. (Comcast can process and respond to preservation requests as outlined below in this Handbook.) As expected, Comcast will also turn over the emails, including attachments, of those who use Comcast's email service, but "In cases involving another entity’s email service or account, Comcast would not have any access to or ability to access customer email in response to a legal request." Information Comcast turns over to law enforcement agencies varies according to the request. For example, a grand jury subpoena will yield more information than a judicial summons, as you can see in the excerpt below. Comcast notes, though, that this is just a sample, and that "Each request is evaluated and reviewed on a case by case basis in light of any special procedural or legal requirements and applicable laws." So the examples "are for illustration only."
-
For those who worry about privacy, though, all of this information is small potatoes. The real worry is about the use of what are called pen registers or trap-and-trace devices, which essentially capture all of your Internet activity --- the Web sites you visits, the emails you send and receive, IM traffic, downloads, and so on. Here's what the document says about them: Pen Register / Trap and Trace Device Title 18 U.S.C. § 3123 provides a mechanism for authorizing and approving the installation and use of a pen register or a trap and trace device pursuant to court order. All orders must be coordinated prior to submission to Comcast. Law enforcement will be asked to agree to reimburse Comcast's reasonable costs incurred to purchase and/or install and monitor necessary equipment. See "Reimbursement," below.
- ...2 more annotations...
-
Wonder what information Facebook and Comcast will turn over to police and intelligence agencies about you? Cryptome, the site that last week posted the leaked Microsoft "spy" manual, has posted company documents that purport to describe what those companies will reveal about you. As with the Microsoft document, the information is eye-opening.