The Drug Enforcement Agency (DEA) has settled a case involving stealing a woman’s identity, creating a Facebook profile with her photos, and using it to lure suspects.
Court papers filed on Tuesday show that the DEA is paying Sondra Arquiett $134,000 (£89,000) in a compromise settlement in which the agency doesn’t admit to doing anything wrong.
Federal drug agents got their hands on Arquiett’s phone when the New York woman was arrested in a 2010 drug bust.
She pleaded guilty in 2011 to a drug conspiracy charge and was sentenced the following year to time served plus a period of home confinement.
She only found out about the fake Facebook page when a friend asked about photos she had supposedly posted, including ones in which she’s posing on the hood of a BMW, one of her stripped down to her underwear, and another showing her underaged niece and nephew.
The DEA used the fake account to not only accept friend requests on Arquiett’s behalf but also to send a friend request to a known fugitive.
She sued in 2013, saying that she suffered fear and emotional distress and was put in danger because the fake page made her look like she was ratting people out in a federal investigation.
She accused Timothy Sinnigen – the DEA special agent who set up the page – of keeping the Facebook account up for at least three months and using it to “initiate contact with dangerous individuals he was investigating,” all while pretending to be her.
The Department of Justice (DOJ) argued that Sinnigen had the right to impersonate the woman by taking out a Facebook page in her name, despite the fact that it is against Facebook’s terms of service.
That’s a point that Facebook made clear in a letter sent to DEA Administrator Michele Leonhart in which it asked the DEA to please play by the same rules as the rest of us and refrain from lying about who they are.
The DOJ’s rationale was that Arquiett had “implicitly consented” to all this by handing over access to her mobile phone and all its data and thereby consenting to “aid in … ongoing criminal investigations,” having given up her First Amendment Right to privacy when she gave up her phone.
The case, which attracted media and public attention, raised concerns with DOJ officials, who announced a review in the autumn of 2014.
Tuesday’s settlement doesn’t specifically prohibit the DEA from using similar undercover tactics in the future, but a DOJ spokeswoman sent a statement to the Associated Press saying that department leadership had already met with law enforcement agencies to “make clear the necessity of protecting the privacy and safety of third parties in every aspect of our criminal investigations.”
As the AP notes, this is only one of a handful of recent cases in which Feds have used deception in their investigations, including a Seattle case in which the FBI attributed a fake news story to the AP to trick a suspect in a bomb-threat case into clicking on a link that downloaded software which revealed his location.
US courts have also recently ordered the FBI to justify its use of drive-by downloads to track child abuse image suspects hidden on Tor.
As far as the fake Facebook page goes, no federal judge has yet ruled on the legality of the government’s ploy.
Follow @NakedSecurity
Image of Facebook friend request courtesy of dolphfyn / Shutterstock.com.
Maybe Facebook should play hardball and delete all the official DEA accounts, suspend the accounts of anyone claiming to work at the DEA and block DOJ IPs.
Didn’t the DEA deceive Facebook by setting up an account pretending to be someone else, using that person identity?
FB didn’t know that page wasn’t set up by Arquiett, the DEA exploited both FB & Arquiett.
I believe pretexting – to tell a person I am someone without his permission, is illegal. If not then why are people arrested when they pretend to be a police officer. Or why was Kevin Mitnick arrested or Patricia Dunn (ex-CEO of Hewlett-Packard)?
Shouldn’t the law affect everyone by the same standard or is it something that can be omitted for the sake of a greater good? If that is so, where does that difference lies?
The people at the DEA who did this should pay it out of their salary. Don’t make taxpayers pay.
DEA members should be sued as individuals, not just as agents. Insurance usually covers agencies, so they don’t have to deal with it. If individuals, unlike the agencies, are not indemnified and they will notice.
“The DOJ’s rationale was that Arquiett had “implicitly consented” to all this by handing over access to her mobile phone and all its data and thereby consenting to “aid in … ongoing criminal investigations,” having given up her First Amendment Right to privacy when she gave up her phone.”
Oh my! Then again, I guess that’s instructive. As in, never give up your phone.
There never was a good sword made of bad steel. You cannot craft actual Justice from subterfuge and lies. By stooping to the tactics of criminals to enforce the law, you merely cheapen the value of those laws, because you cheapen the respect for them. People only follow the laws (and law-bringers) they believe will make society better.
I’m very sorry to see this settlement.