Feds on social networks: What can they do?
Posted on 17 March 2010.
Should law enforcement agents be allowed to go "undercover" on social networks and collect information about the suspects? In the real, physical world, they aren't allowed to pose as a suspect's spouse, child, parent or best friend - but there are no laws stating that this can't be done online.

So far, it seems, the officers are treating social networks as a smorgasbord of information that is freely offered to anyone smart and tenacious enough to look for it. They are encouraged to communicate with suspects, gain access to non-public information and map social relationships between suspects and other users.

The issue of should they or shouldn't they be able to do all this is still not settled by law. Funnily enough, the main rule infringement here is that they violate the terms of service of the different networks they use: Twitter's say that "impersonation is against the terms of service", Facebook's require their users to agree that they won't be creating an account for anyone other than themselves without permission.

According to CNet and an internal IRS document, IRS agents aren't allowed to misrepresent their identity when searching for information on the taxpayers online.

As a recently disclosed confidential presentation by the US Department of Justice revealed, that kind of ban is not put in place for federal police agents (FBI, U.S. Marshals, DEA, and the Bureau of Alcohol, Tobacco, Firearms, and Explosives). In fact, the presentation gives an overview of potential useful information that can be gleaned from the suspects' profile and interaction with other users, urges the agents to use them to unearth information on defense witnesses, and details what kind of cooperation can be expected from the social networks in question when it comes to making data on network use available to law enforcement agencies.

Just in case you were wondering, Facebook is "often cooperative with emergency requests", MySpace "requires a search warrant for private messages/bulletins les than 181 days old", and Twitter is the privacy advocate's darling: preserves and gives data only in response to legal process, has no Law Enforcement Guide, retains only the last login IP, and private messages - once deleted - are gone forever.

There is no doubt that social networks can be very handy when investigating a crime, but the main issue here is the need of setting up and enforcing boundaries - not to mention the problem of preventing abuse. Similar issues have already been raised by the EFF when it comes to access to ISP data.






Spotlight

New Zeus variant targets users of 150 banks

Posted on 19 December 2014.  |  A new variant of the infamous Zeus banking and information-stealing Trojan has been created to target the users of over 150 different banks and 20 payment systems in 15 countries, including the UK, the US, Russia, Spain and Japan.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Mon, Dec 22nd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //