So far, it seems, the officers are treating social networks as a smorgasbord of information that is freely offered to anyone smart and tenacious enough to look for it. They are encouraged to communicate with suspects, gain access to non-public information and map social relationships between suspects and other users.
The issue of should they or shouldn't they be able to do all this is still not settled by law. Funnily enough, the main rule infringement here is that they violate the terms of service of the different networks they use: Twitter's say that "impersonation is against the terms of service", Facebook's require their users to agree that they won't be creating an account for anyone other than themselves without permission.
According to CNet and an internal IRS document, IRS agents aren't allowed to misrepresent their identity when searching for information on the taxpayers online.
As a recently disclosed confidential presentation by the US Department of Justice revealed, that kind of ban is not put in place for federal police agents (FBI, U.S. Marshals, DEA, and the Bureau of Alcohol, Tobacco, Firearms, and Explosives). In fact, the presentation gives an overview of potential useful information that can be gleaned from the suspects' profile and interaction with other users, urges the agents to use them to unearth information on defense witnesses, and details what kind of cooperation can be expected from the social networks in question when it comes to making data on network use available to law enforcement agencies.
Just in case you were wondering, Facebook is "often cooperative with emergency requests", MySpace "requires a search warrant for private messages/bulletins les than 181 days old", and Twitter is the privacy advocate's darling: preserves and gives data only in response to legal process, has no Law Enforcement Guide, retains only the last login IP, and private messages - once deleted - are gone forever.
There is no doubt that social networks can be very handy when investigating a crime, but the main issue here is the need of setting up and enforcing boundaries - not to mention the problem of preventing abuse. Similar issues have already been raised by the EFF when it comes to access to ISP data.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.