Many privacy advocates are worried about the extent to which tech companies are becoming unofficial government intelligence agents, handing over data about their users to the feds without the users ever realizing it unless they're charged with a crime. It came to the fore when Twitter fought back against a gag when the Department of Justice subpoenaed it for information about Wikileaks supporters -- supporters who then alleged that Facebook and Google had likely quietly complied with government requests for information that they had received.
It turns out that users may never realize their social media accounts were searched even if they are charged with a crime. Reuters went through years of court filings to dig up actual evidence of tech companies complying with law enforcement subpoenas without alerting their users. Since 2008, judges have issued warrants in at least two dozen cases letting agents from the FBI, DEA, and ICE poke around in individuals' Facebook accounts in cases of suspected arson, rape, and terrorism.
"Many of the warrants requested a laundry list of personal data such as messages, status updates, links to videos and photographs, calendars of future and past events, 'Wall postings' and 'rejected Friend requests,'" writes Reuters. Rejected friend requests!!! Now that's getting personal.
In a 2008 manual for law enforcement, Facebook specifies the kind of information it provides, ranging from Neoprints (essentially a user profile page screenshot) and Photoprints (a snapshot of all the photos a person has uploaded) to IP logs, contact details, and group members. (Recently, Israel revealed that monitoring a Facebook protest group helped it block activists' air travel to Tel Aviv to attend a conference on Palestine.)
Reuters found a few unsealed cases where Facebook forensics work paid off. In one 2010 case, an FBI agent went through the Facebook accounts of "four young Satanists" suspected of burning down a church in Ohio. When Reuters contacted the Satan-lovers' lawyers, they said they hadn't known about this. In another case, the DEA searched the Facebook account of a Hollywood psychiatrist after he was arrested for running a celebrity "pill mill."
At the pill-provider's bail hearing, a "police detective pointed to comments [Nathan] Kuemmerle made on Facebook and in the site's popular game "Mafia Wars" to argue that he should be denied bail," reports Reuters. "According to Kuemmerle's lawyer, John Littrell, the detective testified on cross-examination that the information was from 'an undercover source.' Littrell told Reuters that neither he nor his client was ever informed about the warrant, and that he only learned of its existence from Reuters."
Facebook is not doing anything wrong, per se, but simply complying with the law as it is set up. Companies aren't required to notify users when they receive a warrant, though some sites (such as Twitter) have adopted a policy of doing so. But it likely makes you set your status to "troubled" to find out that Reuters was the first one to inform these folks' lawyers of the po-po's social media investigations.
To what extent is this happening? Facebook wouldn't tell Reuters how many warrants it receives in a given year. Reuters dug up 11 so far in 2011 (double that in 2010) but notes that there might be more in sealed cases.
And the situation could get worse. Congress is currently considering the Protecting Children from Internet Pornographers Act of 2011. As Gawker notes, the fight against child pornography could destroy your privacy further. Julian Sanchez explains at Cato that the Act will require Internet Service Providers to retain even more data for the po-po to search through. Despite the Act's name, it will apply to all of us, not just Internet pornographers.