Facebook's facing a losing battle to protect users' privacy

Filed Under: Facebook, Featured, Law & order, Privacy, Social networks

Composite. Image of data privacy courtesy of Shutterstock. Last year, prosecutors in Manhattan held Facebook up by the ankles and shook out personal data on 381 users - a mugging that Facebook so far hasn't had any luck in fighting.

It began in secret in July 2013.

That's when Manhattan Criminal Court Judge Melissa Jackson first approved the sealed search warrants for a treasure trove of Facebook users' postings: friend lists, photos, private messages and more, according to confidential court filings unsealed Wednesday and first reported by The New York Times.

Hands down, this is the largest data demand ever served on Facebook, the company said - by a magnitude of more than ten.

Facebook says that the "unprecedented" request is unconstitutional when it comes to Fourth Amendment protection against unreasonable search.

The company's been fighting from the get-go, and it's not done yet, in spite of the judge's rejection last week of Facebook's filing to quash the warrants which were issued against people who were thought to have taken part in an alleged scheme to fraudulently obtain disability benefits.

Those warrants covered a "cross-section of America", Facebook said in a 23 July filing, spanning an age range between highschoolers and grandparents, and targeting a broad swath of occupations, including electricians, school teachers and members of the country's armed forces.

Facebook fought, but in September, Jackson rebuffed its objections, saying that law enforcement has "the authority to search and seize a massive amount of material to seek evidence," even if some of the items turn out to be irrelevant.

Facebook handed over the information in November 2013 after an appeals court refused to hold off Jackson's order while Facebook's appeal played out.

The data demands were vast, but the results don't seem particularly fruitful. Out of the nearly 400 accounts squeezed for data, only 62 Facebook-user arrests resulted.

Those 62 Facebook users are among 134 people charged in the case. More charges are likely to come, given that prosecutors said that up to 1,000 people may have been involved in the alleged fraud.

That leaves more than 300 people who were shaken down, weren't told about it, and who will never be charged, Facebook said.

Facebook argued that the warrants, which emanated from a single investigator, were outrageously broad:

These warrants fail to include date restrictions or any other criteria to limit the voluminous data sought, nor do they provide for procedures to minimize the collection or retention of information that is unrelated to the investigation. The warrants' extraordinary overbreadth and lack of particularity render them constitutionally infirm and defective under state and federal law, and they should be quashed.

Facebook argued the warrants cast a net as wide as "the digital equivalent of seizing everything in someone's home".

Or, really, wider still, Facebook said in its filing:

It is not a single home but an entire neighborhood of nearly 400 homes.

Prosecutors said that they provided the judge a 93-page explanation of why each targeted account would likely yield evidence.

A spokeswoman for the District Attorney's office said in a statement on Friday that the seized Facebook postings revealed the truth behind defendants' lies.

USA Today quoted the spokeswoman, Joan Vollero:

The defendants in this case repeatedly lied to the government about their mental, physical, and social capabilities. Their Facebook accounts told a different story.

Facebook had suggested an alternative to the warrants' voracious data grab: namely, permission to notify people targeted by the warrants so that those persons could object to the expansive scope.

Last week, the same judge who OKed the warrants denied, in entirety, Facebook's motion to quash them.

Her reasoning: Given that Facebook leaves it up to users to control their own privacy settings, it's up to them, not Facebook, to argue about their own Fourth Amendment rights, she said.

Screenshot from Facebook court report

In the case at bar, it is the Facebook subscribers who could assert an expectation of privacy in their postings, not the digital storage facility, or Facebook.

But, in order to protect the secrecy of the investigation, the judge barred Facebook from letting the targeted users know what personal data investigators were draining from its servers.

That's where things get really Kafka-esque. How do you fight something you don't know about?

If Facebook - or other service providers, for that matter - doesn't have legal standing to challenge the warrants, and if users are kept in the dark about them, nobody's going to have the chance to object to possible privacy invasion.

The New York Times quotes Chris Sonderby, deputy general counsel for Facebook:

It appeared to us from the outset that there would be a large number of people who were never charged in this case. The district attorney’s response was that those people would have their day in court. There are more than 300 people that will never have that chance.

The case is now on appeal.

Facebook's wise not to let the matter rest. The US is, after all, haltingly lurching toward redress of surveillance run amok.

An example of the privacy pendulum swinging in the opposite direction was the 12 June 2014 court decision that found warrantless tracking of mobile phones to be unconstitutional.

That court decision was unanimous, as nine US Supreme Court justices found that mobile phone data is so revealing about people's lives that police must get a warrant to search it.

How is social media information different?

Civil liberties activists say that it's not. The New York Times quotes Kurt Opsahl, deputy general counsel of the Electronic Frontier Foundation:

In that case, they were talking about how revealing the information could be on a cellphone. You could make a similar point about people’s social media profiles.

This a setback but the war still wages.

Facebook, keep fighting.

Facebook users, assume that everything you say in your postings can, and well might be, used against you in a court of law.

Image of data privacy courtesy of Shutterstock.

, , , , , ,

You might like

22 Responses to Facebook's facing a losing battle to protect users' privacy

  1. Anonymous · 463 days ago

    It would be easy for any government department world wide to get most info from Facebook accounts due to the fact that you have to be a Rhodes Scholar just to figure out Facebook's privacy settings.

  2. Andy · 463 days ago

    Why are there not more English language or multi language social networks without a presence in the U.S?

    • Paul Ducklin · 463 days ago

      Maybe because Facebook is the sort of network, at the sort of price (trade info about yourself for access without paying a fee), that many or most people want?

      • Jamie · 463 days ago

        Yup... price (or lack of it) is the key thing anymore. There was that hoax going around about Facebook charging. People were upset. Yet they want Facebook to stop flooding them with ads. I say, yeah, start paying a fee, and they won't need the ads anymore. It's the free to use sites that have the most ads.

        Look at Wal-Mart; much of their merchandise breaks down or is dispensable in a very short amount of time, but people still get those things there... because it's cheaper. They complain about waiting in line, but the price is right. And they won't wait in another line to file a formal complaint about it, yet they still complain to register people who have NO CONTROL over whether they work or how many of them work... uh... Don't understand that logic, but ok.

        And yes, I've been guilty. But this past year or so I've been shopping online and going other places to get more for my money.

        • Gary · 463 days ago

          Unfortunately, paying a fee will not necessarily eliminate the ads being shown. Cable television in the U.S. was SUPPOSED to eliminate advertising when it was introduced decades ago, since you were paying for the service. Studies show that today there is more advertising per 1/2 hour television show than there was 15 years ago. It used to be with 'antenna' television that you got about 6 to 12 minutes of advertising in an hour of television. Now, with many popular shows running an hour long, most shows only have about 42 minutes of actual program airtime. The other 18 minutes of that hour are advertising. Why do you think DVR's are so popular? You can record your program and watch it later, and fast-forward through all the commercials!

          Unfortunately you won't be able to fast-forward through the advertising online, even if you pay for the service you are using. They will just reduce the screen space being used, but will still have the ads there. The only way to avoid your data being scooped up is to not put it out there. I'm not advocating not using social media, as I do to some extent myself, but you have to police your own data and, as was commented below by bhedin, :"Anything you enter into a digital device can and will be used against you." This is what we have been reading on Naked Security for years. If you post it online, it's always going to be there. If you don't want someone to see or read something, don't post it!

    • Bob L. · 463 days ago

      A damned good idea!

  3. Anonymous · 463 days ago

    Just disgusting.

  4. Sammie · 463 days ago

    Facebook - Privacy, Is it possible to have the two words in the same sentence?

  5. bhedin · 463 days ago

    Miranda Rights, unfortunately, are not applicable to the Internet. I've been advising people for over a decade:"Anything you enter into a digital device can and will be used against you." Given a user voluntarily provides data, neither the 4th or 5th amendments are applicable to Americans. To those in other countries, read the law carefully. I suspect if you willingly upload information, you surrendered any claim to privacy.

    When Facebook and Google are perceived as your advocate, you are well and truly screwed.

    • Wayne · 463 days ago

      When dealing with Google and Facebook you need to always remember that you are not the customer, you are the product. And "the customer is always right". When push comes to shove, they will throw you under the bus to make the customer happy.

  6. Anon · 463 days ago

    Facebook should designate the a site as a fictional content site and users, less liable or hate posts should be considered fiction writers....like onion

  7. Randy · 463 days ago

    Maybe Facebook should add a red Alert button to all user accounts. Normally it would be grayed out but if the account information was requested by/and/or given to any government agency the Alert button would be flashing red until the user clicked on it.
    By clicking on the button, the user would be taken to a page showing which agency requested the information and when.

    This should be legally required. Before any search can begin, the user/property owner/suspect needs to be served a search warrant. Friends and family don't need search warrants but government agencies conducting investigations surely do.

    • Shadow · 334 days ago

      The problem there is that most of the data scoops include a secrecy clause expressly prohibiting alerting the user. The is listed in the OP where Facebook is explicitly wanting to be allowed to tell the 300+ users whose data was grabbed (and were NOT CHARGED) so that they can file suit as they would have standing.

  8. Blake · 463 days ago

    The government should develop an advertising and marketing firm. Then facebook would be waiting in line to sell facebook user's info to that firm.

    • Randy · 462 days ago

      Actually, the NSA gets much of it's information from advertisers since the 1990's. They were amazed at the tracking abilities that the advertiser's software had and asked them to share that data. It was a lot cheaper than developing their own software. The specialized software the NSA has today simply mines, filters, traces and displays that data in a more useful form.
      They also have direct lines from ATT.

  9. Brad · 463 days ago

    Sounds like a Witch hunt to me.

  10. Again, this is where the legislators are falling down. Many don't even think it's a problem, so how to get them to understand? Maybe they need their records seized by the Feds, that would make them think...

    Warrant for cell phone searches are fine, but I'm sure they'll do what they have always done. That's seize it, then hang onto it until they get the warrant. Just like they do with cars if you refuse a search, they hold you there until they get the warrant. Hopefully they will have some kind of 'wipe-data' mechanism to allow it to be trashed. Then they will put it in a Faraday cage with no ability to reach it via a wireless connection. I don't think this really covers the problem, although great start...


  11. Andrew · 463 days ago

    Now why does this not surprise me.

  12. Anonymous · 441 days ago

    You can't even block or delete Spam posts, why should they make privacy easy? Now that the option is available, why can't I go in and change my address, birthday, etc. to "ASK" instead of limiting it to certain people? What FB has might be considered privacy, but it's so convoluted & restrictive, it might as well not be there.

  13. Kinda of on a side note, but privacy is completely lost when they just took a major step in the wrong direction for account security.

    Has anyone noticed the latest change at FB? Try using a password manager to login. Cut, Copy, Paste has been deliberately disabled.
    This seems to be true for desktop browser as well as the mobile app.
    For those of us that actually had a strong unique password you are forced to type in the password. No big deal right? Just swap between windows. However if you now change the focus of your device or change to a different active window, the username and password field is forcibly cleared. So you are now forced to write down your strong password in order to login. Sure screwed over my 24+ character password.
    This was a real dumb idea.
    So I guess it's back to the 8 letters and dictionary words.

  14. scorpio6 · 419 days ago

    So wait... Facebook is upset because Law Enforcement wanted to pick through user data without their knowledge?
    ...You mean the exact thing that Facebook does to its users every single day?
    Pot calls kettle what?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

I've been writing about technology, careers, science and health since 1995. I rose to the lofty heights of Executive Editor for eWEEK, popped out with the 2008 crash, joined the freelancer economy, and am still writing for my beloved peeps at places like Sophos's Naked Security, CIO Mag, ComputerWorld, PC Mag, IT Expert Voice, Software Quality Connection, Time, and the US and British editions of HP's Input/Output. I respond to cash and spicy sites, so don't be shy.