Skip to content
by
  • Products
  • Free Tools
  • Search
  • Free Sophos Home
XG Firewall
Next-Gen Firewall
Intercept X
Next-Gen Endpoint
  • Sophos Cloud Optix
  • Sophos Central
  • Sophos Mobile
  • Intercept X for Server
  • Secure Wi-Fi
  • Phish Threat
  • SafeGuard Encryption
  • Secure Email
  • SG UTM
  • Secure Web Gateway
For Home Users

Sophos Home protects every Mac and PC in your home

Learn More
Free Security Tools
Free Trials
Product Demos
Have you listened to our podcast? Listen now

Fake Facebook account case settled with DEA who admits no wrongdoing

23 Jan 2015 7 Data loss, Facebook, Law & order, Privacy, Security threats
Facebook friend request. Image courtesy of dolphfyn/Shutterstock.

Post navigation

Previous: School rule-breakers to hand over Facebook and Twitter passwords
Next: How the Obamacare website healthcare.gov leaks private data
by Lisa Vaas

Facebook friend request. Image courtesy of dolphfyn/Shutterstock.The Drug Enforcement Agency (DEA) has settled a case involving stealing a woman’s identity, creating a Facebook profile with her photos, and using it to lure suspects.

Court papers filed on Tuesday show that the DEA is paying Sondra Arquiett $134,000 (£89,000) in a compromise settlement in which the agency doesn’t admit to doing anything wrong.

Federal drug agents got their hands on Arquiett’s phone when the New York woman was arrested in a 2010 drug bust.

She pleaded guilty in 2011 to a drug conspiracy charge and was sentenced the following year to time served plus a period of home confinement.

She only found out about the fake Facebook page when a friend asked about photos she had supposedly posted, including ones in which she’s posing on the hood of a BMW, one of her stripped down to her underwear, and another showing her underaged niece and nephew.

The DEA used the fake account to not only accept friend requests on Arquiett’s behalf but also to send a friend request to a known fugitive.

She sued in 2013, saying that she suffered fear and emotional distress and was put in danger because the fake page made her look like she was ratting people out in a federal investigation.

She accused Timothy Sinnigen – the DEA special agent who set up the page – of keeping the Facebook account up for at least three months and using it to “initiate contact with dangerous individuals he was investigating,” all while pretending to be her.

The Department of Justice (DOJ) argued that Sinnigen had the right to impersonate the woman by taking out a Facebook page in her name, despite the fact that it is against Facebook’s terms of service.

That’s a point that Facebook made clear in a letter sent to DEA Administrator Michele Leonhart in which it asked the DEA to please play by the same rules as the rest of us and refrain from lying about who they are.

The DOJ’s rationale was that Arquiett had “implicitly consented” to all this by handing over access to her mobile phone and all its data and thereby consenting to “aid in … ongoing criminal investigations,” having given up her First Amendment Right to privacy when she gave up her phone.

The case, which attracted media and public attention, raised concerns with DOJ officials, who announced a review in the autumn of 2014.

Tuesday’s settlement doesn’t specifically prohibit the DEA from using similar undercover tactics in the future, but a DOJ spokeswoman sent a statement to the Associated Press saying that department leadership had already met with law enforcement agencies to “make clear the necessity of protecting the privacy and safety of third parties in every aspect of our criminal investigations.”

As the AP notes, this is only one of a handful of recent cases in which Feds have used deception in their investigations, including a Seattle case in which the FBI attributed a fake news story to the AP to trick a suspect in a bomb-threat case into clicking on a link that downloaded software which revealed his location.

US courts have also recently ordered the FBI to justify its use of drive-by downloads to track child abuse image suspects hidden on Tor.

As far as the fake Facebook page goes, no federal judge has yet ruled on the legality of the government’s ploy.

Image of Facebook friend request courtesy of dolphfyn / Shutterstock.com.

  • Follow @NakedSecurity on Twitter for the latest computer security news.

  • Follow @NakedSecurity on Instagram for exclusive pics, gifs, vids and LOLs!

Free tools

Sophos Firewall Home Edition

Boost your home network security.

Sophos Scan & Clean

Free second-opinion scanner for PCs.

Sophos Cloud Optix

Monitor 25 cloud assets for free.

Post navigation

Previous: School rule-breakers to hand over Facebook and Twitter passwords
Next: How the Obamacare website healthcare.gov leaks private data

7 comments on “Fake Facebook account case settled with DEA who admits no wrongdoing”

  1. Andy says:
    January 23, 2015 at 1:43 pm

    Maybe Facebook should play hardball and delete all the official DEA accounts, suspend the accounts of anyone claiming to work at the DEA and block DOJ IPs.

    Reply
    • sheilach2 says:
      February 1, 2015 at 2:13 am

      Didn’t the DEA deceive Facebook by setting up an account pretending to be someone else, using that person identity?

      FB didn’t know that page wasn’t set up by Arquiett, the DEA exploited both FB & Arquiett.

      Reply
  2. Victor says:
    January 23, 2015 at 3:06 pm

    I believe pretexting – to tell a person I am someone without his permission, is illegal. If not then why are people arrested when they pretend to be a police officer. Or why was Kevin Mitnick arrested or Patricia Dunn (ex-CEO of Hewlett-Packard)?

    Shouldn’t the law affect everyone by the same standard or is it something that can be omitted for the sake of a greater good? If that is so, where does that difference lies?

    Reply
  3. brianc6234 says:
    January 23, 2015 at 6:09 pm

    The people at the DEA who did this should pay it out of their salary. Don’t make taxpayers pay.

    Reply
    • mccpi2015 says:
      January 30, 2015 at 6:13 am

      DEA members should be sued as individuals, not just as agents. Insurance usually covers agencies, so they don’t have to deal with it. If individuals, unlike the agencies, are not indemnified and they will notice.

      Reply
  4. Adam Zappel says:
    January 23, 2015 at 7:34 pm

    “The DOJ’s rationale was that Arquiett had “implicitly consented” to all this by handing over access to her mobile phone and all its data and thereby consenting to “aid in … ongoing criminal investigations,” having given up her First Amendment Right to privacy when she gave up her phone.”

    Oh my! Then again, I guess that’s instructive. As in, never give up your phone.

    Reply
  5. Deramin says:
    January 23, 2015 at 11:39 pm

    There never was a good sword made of bad steel. You cannot craft actual Justice from subterfuge and lies. By stooping to the tactics of criminals to enforce the law, you merely cheapen the value of those laws, because you cheapen the respect for them. People only follow the laws (and law-bringers) they believe will make society better.

    I’m very sorry to see this settlement.

    Reply

What do you think? Cancel reply

Recommended reads

Dec20
by Paul Ducklin
2

Microsoft dishes the dirt on Apple’s “Achilles heel” shortly after fixing similar Windows bug

Oct29
by Paul Ducklin
0

Chrome issues urgent zero-day fix – update now!

Jan05
by Paul Ducklin
12

S3 Ep116: Last straw for LastPass? Is crypto doomed? [Audio + Text]

  • About Naked Security
  • About Sophos
  • Send us a tip
  • Cookies
  • Privacy
  • Legal
  • Intercept X
  • Intercept X for Server
  • Intercept X for Mobile
  • XG Firewall
  • Sophos Email
  • Sophos Wireless
  • Managed Threat Response
  • Cloud Optix
  • Phish Threat
© 1997 - 2023 Sophos Ltd. All rights reserved. Powered by WordPress VIP