Feds snoop on social-network accounts without warrants

Justice Department report shows real-time surveillance targeting social networks and e-mail providers jumped 80 percent from 2010 to 2011. The ACLU says current law doesn't protect Americans' privacy.

Under Attorney General Eric Holder, one form of real-time Internet surveillance used by the Justice Department has increased 80 percent year-over-year.
Under Attorney General Eric Holder, one form of real-time Internet surveillance used by the Justice Department increased 80 percent in one year. U.S. Department of Justice

Federal police are increasingly gaining real-time access to Americans' social-network accounts -- such as Facebook, Google+, and Twitter -- without obtaining search warrants, newly released documents show.

The numbers are dramatic: live interception requests made by the U.S. Department of Justice to social-networking sites and e-mail providers jumped 80 percent from 2010 to 2011.

Documents the ACLU released today show police are using a 1986 law intended to tell police what phone numbers were dialed for far more invasive surveillance: monitoring of whom specific social-network users communicate with, what Internet addresses they're connecting from, and perhaps even "likes" and "+1"'s.

The Justice Department conducted 1,661 live intercepts on social networks and e-mail providers in 2011 (PDF), up from only 922 a year earlier (PDF), the reports show.

The ACLU hopes the disclosure of the documents it sued to obtain under the Freedom of Information Act will persuade Congress to tighten the requirements for police to intercept "noncontent" data -- a broad category that excludes e-mail messages and direct messages. The current legal standard "allows the government to use these powerful surveillance tools with very little oversight in place to safeguard Americans' privacy," says Catherine Crump, an ACLU staff attorney.

It might work. On Tuesday, Rep. Zoe Lofgren, D-Calif., introduced a bill that would require police to get warrants to access Americans' e-mail and track their cell phones. Last week, however, senators delayed a vote on a similar bill after law enforcement groups objected.

The Justice Department did not immediately respond to questions from CNET about social-network surveillance. We'll update this story if we receive a response.

It's not clear how many of those 1,661 real-time intercepts last year -- which do require a judge's approval -- targeted social networks, and how many were aimed at e-mail providers. Traditional phone intercepts remain far more frequent: the U.S. Marshals Service, for instance, says 409 of its noncontent intercepts (PDF) were for Internet companies, while 14,568 were for telephone call data. (The largest number of them fell into the fugitive-finding category, including parole or probation violations.)

To perform noncontent intercepts on social networks, police must generally seek court authorization for a pen register or trap and trace order, both of which are terms borrowed from decades-old surveillance law. They were originally designed to allow law enforcement to easily collect the phone numbers associated with incoming and outgoing calls, and were extended to the Internet by the Patriot Act over a decade ago.

But the Patriot Act didn't make it any more difficult for law enforcement to ask for such an order. Police must merely claim their request is "relevant" to an ongoing investigation. (A search warrant, by contrast, requires probable cause, and a live wiretap order is even more privacy-protective.)

What's also unclear is what kind of real-time data police are seeking from social networks through these orders. It's clear they can obtain the current Internet Protocol address of a Facebook user, for instance, and the port number (which, as CNET reported in May , is increasingly important). But it's less clear whether a "+1" or information about a user's circle of friends would be permitted.

The wording of that section of the Patriot Act is more broad than narrow. It says police can demand all "routing" or "addressing" information that's transmitted through an Internet service or that's "likely to identify the source of a wire or electronic communication."

"This is a very invasive surveillance technology," says Christopher Soghoian, principal technologist with the ACLU's Speech, Privacy and Technology Project. "We don't have a feel for how broadly it's being used."

 

Join the discussion

Conversation powered by Livefyre

Don't Miss
Hot Products
Trending on CNET

TechProbe Volunteers Wanted: Huawei Mate 7

Your chance to test drive and keep the Huawei Mate 7 phone

Tell us about the technology you're using right now, and how a smartphone could help you in your professional life.