Department of Justice Response to Foia Obtaining and Using Evidence From Social Networking Sites 2010
Download original document:
Document text
Document text
This text is machine-read, and may contain errors. Check the original document to verify accuracy.
U.S. Department of Justice
Criminal Division
Washington, D.C. 20530
CRM-200900732F
MAR 32010
Mr. James Tucker
Mr. Shane Witnov
Electronic Frontier Foundation
454 Shotwell Street
San Francisco, CA 94110
Dear Messrs Tucker and Witnov:
This is an interim response to your request dated October 6, 2009 for access to records
concerning "use of social networking websites (including, but not limited to Facebook, MySpace,
Twitter, Flickr and other online social media) for investigative (criminal or otherwise) or data
gathering purposes created since January 2003, including, but not limited to:
I) documents that contain information on the use of "fake identities" to "trick" users "into
accepting a [government] official as friend" or otherwise provide information to he government
as described in the Boston Globe article quoted above;
2) guides, manuals, policy statements, memoranda, presentations, or other materials
explaining how government agents should collect information on social networking websites:
3) guides, manuals, policy statements, memoranda, presentations, or other materials,
detailing how or when government agents may collect information through social networking
websites;
4) guides, manuals, policy statements, memoranda, presentations and other materials
detailing what procedures government agents must follow to collect information through socialnetworking websites;
5) guides, manuals, policy statements, memorandum, presentations, agreements (both
formal and informal) with social-networking companies, or other materials relating to privileged
user access by the Criminal Division to the social networking websites;
6) guides, manuals, memoranda, presentations or other materials for using any
visualization programs, data analysis programs or tools used to analyze data gathered from social
networks;
7) contracts, requests for proposals, or purchase orders for any visualization programs,
data analysis programs or tools used to analyze data gathered from social networks.
8) guides, manuals, policy statements, memoranda, presentations, or other materials
describing how information caHected from social-networking websites is retained in government
databases or shared with other government agencies."
While processing your request, we located one record totaling 33 pages. After careful
review of this document we determined to release this item in part. We are withholding portions
of the record pursuant to the exemption in 5 U.S.C. 552(b)(6)which permits the withholding of
personnel and medical files and similar files the disclosure of which would constitute a clearly
unwarranted invasion of personal privacy. The withheld material consists of work telephone
numbers and e-mail addresses ofDOJ attorneys.
We wiH continue to search for any additional documents that may be responsive to your
request. We estimate that it make take approximately fourteen days to complete the processing
of your request.
Although your ForA request is the subject oflitigation, I am nonetheless required by
regulation to inform you that you that you have a right to an to an administrative appeal of this
partial denial of your request. Your appeal should be addressed to: The Office ofInformation
Policy, United States Department of Justice, 1425 New York Ave., NW, Suite 11050,
Washington, DC 20530-0001. Both the envelope and the letter should be clearly marked with
the legend "ForA Appeal." Department regulations provide that such appeals must be received
by the Office ofInformation Policy within sixty days of the date of this letter.
Sincerely,
~N- GoI1~ale;z.. G:J1~
Rena Y. Kim, Chief
Freedom ofInformationiPrivacy Act Unit
Office of Enforcement Operations
Criminal Division
W
\ Computer Crime & Intellectual Property Section
Obtaining and Using Evidence from
Social Networking Sites
- . --
""":~'
"'~,;O'_"_
Facebook, MySpace, Linkedln, and More
John Lynch
Jenny Ellickson
Deputy Chief, Computer Crime
Computer Crime & Intellectual Property Section
Trial Attorney
Computer Crime & Intellectual Property Section
\, Computer Crime & Intellectual Property Section
AGENDA
Introduction to Social Networking Sites
Overview of Key Social Networking Sites
Additional Legal and Practical Issues
, Computer Crime & Intellectual Property Section
AGENDA
Overview of Key Social Networking Sites
Additional Legal and Practical Issues
_ "'-'o.'\..'-);~} •
i?f.7P'~
.jJ
"
. h,
'.
'r), Computer Crime & Intellectual Property Section
\i
.-/!j
!'~l
\\,.!t:1
'~~IHE
Introduction to Social Networking
RISE OF ONLINE SOCIAL NETWORKS
1997
SixDegrees.com
2003
Friendster, Linkedln
2004
MySpace
2005
Facebook
2008
Twitter
Computer Crime & Intellectual Property Section
Introduction to Social Networking
POPULAR SOCIAL NETWORKS
Worldwide: Facebook
u.s. and Canada:
MySpace, Linkedln, Twitter
Europe: MySpace, Twitter, Hi5, V Kontakte
Latin America: HiS, Orkut, Tagged
Asia: QQ, Friendster, Xiaonei, Orkut, Mixi, HiS
Middle East and Africa: Maktoob, HiS
l
Computer Crime & Intellectual Property Section
WORLD MAP OF SOCIAL NETWORKS
;,;g
CY'Norid
Facebook
II
Hi5
Iii! H",'es "'",.
III lw;~,_"""
fj[,l lide
~ Maktoob
• Mixi
.. MySp.ce
•
II
NetS"za-klasa
od~6ttlaSSniki
1:1 One
•
•
Ol'kut
QQ
SI,yrock
"
V Kontakte
n:~ Wretch
Zing
Image courtesy Vincenzo Cosenza (www.vincos.it). data based on Alexa and Google Trends
:!'r~Computer Crime & Intellectual Property Section
"4~,
~~
'0 0'
.
j~1
'"'S:,"~
Introduction to Social Networking
POPULARITY IN THE UNITED STATES
Most-visited websites in the U.S. (August 2009)
1.
2.
3.
4.
0
5.
Google
Yahoo
Facebook
YouTube
MySpace
• • •
13. Twitter
• • •
27. Linkedln
Source: Alexa.com - August 12, 2009 list of Top 100 websites in United States.
:1
,Computer Crime & Intellectual Property Section
, p
Introduction to Social Networking
THE BASICS
Most social-networking sites allow users to:
•
•
•
•
•
Create personal profiles
Write status updates or blog entries
Post photographs, videos, and audio clips
Send and receive private messages
Link to the pages of others (Le., "friends")
How can LE obtain data from these sites?
• Some info may be public
Z~
• Use~CPA'~,O get info from ~providers (7 . )
• Undercover operations? (
"\
,,'--/
"
'.--.-=:---_•.
/
!
\. Computer Crime & Intellectual Property Section
Introduction to Social Networking
UTILITY IN CRIMINAL CASES
(
Evidence from social-networking sites can '(
•
•
•
•
•
'J
Reveal personal communications
Establish motives and personal relationships
Provide location information
Prove and disprove alibis
Establish crime or criminal enterprise
Also: instrumentalities or fruits of crime.
· I,.
Computer Crime & Intellectual Property Section
AGENDA
Introduction to Social Networking
Additional Legal and Practical Issues
:,1, Computer Crime & Intellectual Property Section
Overview of Key Social Networking Sites
FACEBOOK
Founded in 2004, primarily catering to students
Now over 250m active members worldwide
Over 10b photos in Oct 2008; adds over 1b monthly
Applications run on Facebook platform
True names encouraged but not guaranteed .
Privacy model is highly granular; present different
information to different groups or individual users
Messaging includes mail, real-time chat, "wall"
Now used in private background checks
~oobface -
virus/worm vector
G~
! Computer Crime & Intellectual Property Section
Overview of Key Social Networking Sites
FACEBOOK
,'lij Vemi Moore IFactbook- Mic;~:iohl·~'t.,,~ BcplC,lrl!f Ptovide~- by Criminal DivisiQ~'t.~',~", ,-i,:;!,/,-')i
-(~:G :tj:.L~,;~;;~~;~;~;;~~~~r.d~i~~~;:~:.":
E'tle Edit liew F,!vcrites
'~'o;;;:;;"'';':-'Ii~'s~~
100ls
._-
':", -;,","., ,~!~,:".'
:i:i'~"4:J~~~~'~:{ ·:::'::~!ff.~::~:? :~:':f~~:";!~~ ;;;;:;~;:,>,
"
.'
, ..•. ,_,,_,
'._ ',' . _,.
. . ----.,---'---.. ,'-'''-='''..
--'-'{£.,--::~
' - " ..,', ,,"""'.~J'''"'', __
. _..,-. , •. -"~~-,~.'~."''''-'"'~-.",.,,,;--;c''="".,"'''''=c';'"_ ..
ffi1 ..
~:',...,.,..
Dellli Moore Is 011 Facebook
Wall
Info,· Photo"s
VouTu~ Sox
r~ "lS-E~~~-·:-·®'-T£al' ~ »
__.-~=~,."·~ ..·.,.,..",'..."·r•.,.,,..~.-.,.. ,"'",
1ll~"'''''''ls~'9ii;,,;,;,;.;, FacebllQI\ to connect" wrth Deml MQore.
Ifotes
Infcum3.tion
LlIS./l.IlgI:IelI,CA
llir!!'d3~;
No\'.mbu 11
P iF·"
.t!dp
·;)~]~'~:~;~~;;:~:;~'-'~·:~-··:·-·'~=~~'='~·~:~=.r'::::i---·--·"---'--·'·'···
.. ",n",.~~_,,-,....,'".""
.J. ~!LX.,f:, L;l'~[~arm
,.• ~.
Demf Moore P[!; help get the word ollt t In 8 AmerlCll~ is ilt risk of hunger. Jotn a
community that carEs. Go to IItr,w.facelJoolconv'ketloggCilrES and become a FAN
f.n\!<
to h~lp end us h1J11ger. watch the-video below th~we aeatedwlth all of YOUtI let
Gof 1, 115,626 f",rn
me know h::w,yolJ like It •••
"..
) Computer Crime & Intellectual Property Section
}<<;-----:~---------.....;~-:..._--------------------
p1i
~-'7
1i;S§i",<.";",,,;;;:r~
<
<
Overview of Key Social Networking Sites
FACEBOOK
TYB:H= Bll'!i' nameN tag:
--------,
·cw d!:n:ms·ea
pe rS(HiJ ~
_."
,--
o Caroline Pryce
o Chrissy rvlingay
o James Norman
D
Bareham
o Tim Gunton
o Aaron Cheang
o Ad rvlajora Natus Sum
o Adamr"!acer
,
Katy
o Alex Higham
j
0
AlexTariina
[ Tag
I [ Cancel]
V
';;;;,,;;.,'
Computer Crime & Intellectual Property Section
Overview of Key Social Networking Sites
FACEBOOK
iii
Who Can Find. YOll
0" Facebook?
lit
Who Can See This?
Friends
o
or
o friends
o Some Friends
e
Friends.
Friends
(~) rrlc-ndsof friends
~-h
Frfends.
Mj;' fn!.",!.!:;. -9.r,G the-' j'r,£"j::, ;..--",~ !'ee this.
(: ;,-;
~.
C1 -DnlV Frrends
~: ... ,; (- q.
,:;.(
;.'"c"
~C:';'
1:'·
Onliy
D.r;;·~· frje;~jj~ Co;;;'.'1 ~>::.~
Ch;::,\:',;,~
th<:>-.
!T.,e;dfi<: i'ri,,:'rlo '" ..nc<
-c:-::'~ ~",e
t\1 i :>-.
Onry Me
Networks
On\' YI;!:U~fld ::;i,ll;;r.u:::/ i"1€::','•.::,rK(i" ':2('1' !;8.9 this,
Networks
_-,-_
CN'
...... ;, ~~~f My N"l:W()fk~~", ...
fc~·.1.·:
...
(am::-cl
J
'i,
Computer Crime & Intellectual Property Section
Data is organized by user ID or group ID
Standard data productions (per LE guide):
Neoprint, Photoprint, User Contact Info,
Group Contact Info, IP Logs
HOWEVER, Facebook has other data available.
Often cooperative with emergency requests.
('] ~
l
Computer Crime & Intellectual Property Section
Overview of Key Social Networking Sites
MYSPACE
Founded 2003, now owned by Fox Interactive Media
2006: Most popular SN; passed by Facebook in 2008
Currently tens of millions of active users monthly
True names less encouraged than Facebook
Messaging through messages, chat, friend updates
Application platform rolled out early 2008
Young user base, history of child safety concerns
.---_.-_.--------..
Pnvacy is currently less granular than Facebook
~-, --'
_
'
_.'
-
,
--- -,
._- .. ,----~_._-_._
_
~_
----~
Computer Crime & Intellectual Property Section
Overview of Key Social Networking Sites
MYSPACE
Status and Mood
Michelle FaIrplay ;.1y Re\'>' f.avcrile OBJltE: 1.lanonlll1e~!Go c:hectltlem Out..lImilzlng!
Wood: lIf1lorOllS ~ 11 G:1S FM JIII:<4
Mlc:hene fairplay ['Ill lost a 112 [nell off ~ hl~s~
Llood: exhlllldad@ iUe:DlPlfiJol1.;!:j
LtichemE Fairplay Is tilllmg Spec;ial KaM watting. ouL
F.!Md: JmlgMed'$ !iI 1;;:-(1 FMJ:1 t~
Michelle Fairplay Is gettlng reatiy 10 slvn a contrllcl that colllO change my llje.'!:~ HenG Sh!lIlghlll China!'
@
Mood: lICCCHI1prlSh~il
;,1 12:~ PI!. J~\ a
Interests
General
(t).10Q%
...
111 Computer Crime & Intellectual Property Section
Overview of Key Social Networking Sites
MYSPACE
Overview of Key Social Networking Sites
MYSPACE
JU5t Amy
!5 0fTletimcs
lsalbelle
Wanders
&.L"O"'J"1 AN"
GAL"YO/"
Laura
'. "
,
.'\,)
Computer Crime & Intellectual Property Section
.
Overview of Key Social Networking Sites
GETTING INFO FROM MYSPACE
Many profiles have public content.
,~
Data is organized by FriendlD"\ see LE guide. :
,
~
MySpace requires a search warrant for private )
messages/bulletins less than 181 days old
'
~
• Also considers friend lists to be stored conten~ ,
Data retention times
User info and stored files - indefinitely 'Ii"
IP logs, info for deleted accounts - 1 year)
/
~
Market leader in "micro-blogging"
Began in mid-2006 as "status message" service
Ubiquity and ease of updating, but limited space
Breaking news, real-time updates: USAir, Iran
Most multimedia handled by 3d party links
Simplified privacy model: updates pUblic or private
.
Direct messages are private; sender can delete
~
Short URLs used to serve malicious links and code ).,
/
(
Computer Crime & Intellectual Property Section
Overview of Key Social Networking Sites
TWITTER
Ble
Idit
'fj.ew
F!,Jorites:
Ieoh
Help
~C;~~~'-''':;' -b]'s;~ct
'.~-~-.-""""-'
·~~~-:,,·.~_J-,~~~;:-~r:~i~'_~:u::~:,~d:i,~:~;;c:o~~·.;-~ i~i~:;r~'"_ ',.:.": '- :.' ':,:-_:'_~-:'-]=~-.':-,-':~~"_:'~,-:,:~~'--"-T;"erifiedAccol1nt
Name Brook Busey
Bio Blame it on the a-a~a~a
alcohol.
130
90,507
fr;ltol.';lng
Tol!o-\'lI,r1;
Tweets
Fa:JOntas
Halve<f FoOds #unpopularstoiES
II
Following
RT @serailnowiullove thp.- Transformer who changes Into a hotel
lobby - Re<:epticon
@l{e!lyOXiorc @louisvinellthink kids ShOuld be taught the True
Alphabet: R.S,T,N,l and E_
I endorse this sentiment heartily. RT @raiflnwiisonfart noise
PDtatoes, Ti'lbasco and Dos EqUis for my hangover.
View Ail.
1.,595
I
Computer Crime & Intellectual Property Section
(
Overview of Key Social Networking Sites
r
GETTING INFO FROM TWITTER
The good news
• Most Twitter content is public
• Private messages kept until user deletes them
The bad news
• No contact phone number )
• Only retain last login IP \ .
\
• Will not preserve data without legal process )
• Stated policy of producing data only in \ \
response to legal process (i.e., no 2702) )
• No Law Enforcement Guide
\
Overview of Key Social Networking Sites
LINKEDIN
Business-focused with enforced limits to interaction
Profiles focused on education and work experience
Use for criminal communications app,ars
limi'te~ ~
'V
But can be used to identify experts )~ .
Can check background of defense experts) ,
Privacy model similar to Facebook
Profile information is not checked for reliability
Computer Crime & Intellectual Property Section
Overview of Key Social Networking Sites
LINKEDIN
I··· . . . .
.
fllckObama
Obama to your netvlork
President Dfthe United States of America
Washington D.C. f",1etro Area
Current
Past
• President at United States of America
• USSenatof at US Senate (IL-D)
Public profile powered by:
Linked
WJ
Cre:aif' a PUblIc prcfile: Sign 18 or Join Now
• Senior Lecturer in Law at University of Chicago
Law School
Education
• State Senator at /Hinois State Senate
View Barack Obama's full profile:
• Harvard University
• See WllO you and Samek Obama know In
• Columbia University in the City of New York
• Occidetltal College
Connections
Industry
Websites
common
• Get introduced to- Saraek Obama
• Contact BarackObaOla dfreetfy
r&l 500+ connections
<.c:::Y
Government Administration
• White House website
• Join Saraek's Linkedln Group
• f,,1y RSS feed
Name Search:
Search forpeopfe you kllowfrom oller 40 mll1ion
professionals alreadY on Linkedln.
.' Done:
._·.c_._"~.""""",,_.
E@Internetl ProtEcted Mad~ Off
,~
. _.
·:f;.,lClO%
.. ..
~._
~_
....
_
",;;';
;:;.,.-.,,),:;,:
Jj
~',
",!
~ ...
\\' h
"1'\
'" Computer Crime & Intellectual Property Section
.,'
AGENDA
Introduction to Social Networking
Overview of Key Social Networking Sites
3il-"~,')'''~I' Computer Crime & Intellectual Property Section
'~" ,"'"
.~
:,
,~
,('
,X
-~3
c"
J1
.
~,
'\f'~~,,,
.
'."~"y
Legal and Practical 'Issues
FEDERATED IDENTITY ISSUES
• Social networking sites increasingly adopting
federated identity schemes
o
,~.----..:
OpenlD, Facebook Connect
• Facebook, MySpace, Yahoo!, and Google
ide~tity auth~nti.catoJ:s..:
".SjngleSign~!~"
a~a
(~
moCfe "
,
• Example: A user can log in to a Facebook account
using Google credentials
a
a
a
•
After a link is established between two accounts, Google
will check and vouch for identity of its user
Authentication information split from activity information
,
In turn, a Facebook login may be used to authenticate to/"-"":~)
s~-Usjng "Facebook Connect"
(
't\
;/attributi.Q.~ is necessary, must determine identit~
)
provi er--- not simply the domai'f[
----.."..~.._- ..-."":..~/
-------... ..
Computer Crime & Intellectual Property Section
,
"
1
Y~t}f~' _':<!.¥/!
Introduction to Social Networking
~z~~s>~ TERMS OF SERVICE I PRIVACY POLICIES
• Social networks have extensive terms of
service and privacy pol icies
.
~
,
::,7:~::~Zi~::;~~:;od;::~:~-i~{:gL~ioces~
and protect service against fraud/damage
• U.S. v. Drew - can failure to follow TOS
render access unauthorized under 1030?
Employment policy cases tend to say yes
o But concerns that transforms lOS into private
criminal code for site misconduct
o
//
I
Computer Crime & Intellectual Property Section
Legal and Practical Issues
DOES THE PPA APPLY?
• Growth of social networks raises questions
of breadth of PPA
o
o
o
Is Facebook/Twitter a "similar form of
communication" to a newspaper, book,
broadcast? (Ashton Kutcher? CNNbrk? Ira~?)
No easy answers, but look to intent to ) ,,-;z)
communicate news to sizable audience, )
In many cases, Guest v. Leis rule will be\
sufficient; CCIPS can help with analysis)
~
v
• Congress continues to examine media shield
"\ '~Computer Crime & Intellectual Property Section
\,
\
;
,I
/
Undercover operations after U.S. v. Drew
I
~
~
• If agents violate terms of service, is that -z >C.r
"otherwise illegal activity"?
I4i--<V
-',
.!
1
::;j
:~1,~;.
.,..!.
.
i
Computer Crime & Intellectual Property Section
"l
rllli
~j
Legal and Practical Issues
l(i~",~~,~? WITNESSES & SOCIAL NETWORKS
7
Many witnesses have social-networking pages
• Valuable source of info on defense witnesses
• Potential pitfalls for government witnesses
Knowledge is power
• Research all witnesses on social-networking sites
• Discovery obligations?
Advise your witnesses:
• Not to discuss cases on social-networking sites
• To think carefully about what they post
/
,
Legal and Practical Issues
OTHER COURTROOM ISSUES
Social networking and the courtroom
.can be a dangerous combination
• Use caution in "friending" judges, defense counsel
• Warn jurors about social-networking sites
Social networking + mobile devices = (5;')
real-time updates on courtroom events,~y
, Computer Crime & Intellectual Property Section
,.'
:',,\"
i./j~
.
'ii't~,
,~.
'. _,
tti~
-"~CIPS
Duty Line: 202-514-1026
~
l'
John Lynch
B6
'"
---~
Jenny Ellickson
~
~