Should We Be Cautious About Law Enforcement Requests for Digital Data?

Images of the recent riots on Capitol Hill, in which supporters of former President Donald Trump attempted to storm the US Congress building, sent shockwaves around the world. The apparent attack on US democracy, an idea that seemed implausible until very recently, has led to significant pressure being applied to law enforcement agencies to hold those responsible to account.

One avenue used by agencies such as the FBI to track down those suspected of involvement in violent acts has been to analyze their use of social media. In particular, reports recently emerged that Facebook provided data on users who took part in the siege to the FBI, including their private messages. In its report, Reuters highlighted a criminal complaint against a New York resident, in which a court order was obtained to gain access to their private messages and other information following a tip off. Facebook subsequently shared private messages between the complainant and other users with the FBI.

While many will point to the major security benefits of law enforcement agencies gaining access to information intended to be private to find those responsible for criminal acts, are there reasons to be cautious about this type of collaboration between big tech and government?

This story emerged in the context of the recent US elections, which has raised a number of other questions around the influence big tech has over the flow of information. This included the neutering and eventual banning of Trump’s social media accounts in the wake of claims about election fraud and the subsequent Capitol Hill riots. While many welcomed these moves to tackle the scourge of misinformation, others have raised concerns over the power big tech companies have to regulate free speech, and arguably the selective manner in which they enforce their rules across political lines. The issue of sharing private information with law enforcement will add to the debate about the growing influence of big tech in people’s lives.

In many respects, Facebook’s collaboration with the FBI in regard to the Capitol Hill incident is merely a routine criminal justice procedure. Paul Bischoff, privacy advocate at Comparitech.com, explained: “Every company must comply with court orders to hand over personal information, whether it’s a social network or anything else. Almost every tech company has a line in its privacy policy and terms of service stating as much. I have no qualms with law enforcement using a subpoena, warrant or some other court order to obtain evidence in a police investigation.”

Tim Mackey, principal security strategist at the Synopsys CyRC, added: “Law enforcement works off of tips all the time, and there is nothing preventing a member of a private social media group or any viewer of a post from providing a tip based on the statements or posts they’ve seen. Armed with such a tip, law enforcement could then approach the social media provider, such as Facebook, with a warrant for information on the user in question. In effect these methods are similar to how law enforcement might approach any investigation with the only meaningful distinction being that social media posts and messages are in a digital format.”

Despite terms and conditions being in place to comply with court orders regarding the handing over of personal information, it is worth pointing out that there are contradictions at play. Theresa Payton, CEO of Fortalice Solutions noted: “In some cases, big tech has encrypted data so nobody other than the sender and receiver can review it. Even when lives are at stake. In other cases, your data can be provided without your consent.”

With the use of the internet and social media growing substantially since the start of the COVID-19 pandemic, it is important that more transparency and clarity is given about the sharing of personal information with government agencies. As Payton put it: “When it’s your loved one in danger, you want law enforcement to have every option available to be able to save your loved one and seek justice. When it’s potentially your data that is swept up in a digital dragnet looking for those with bad intent, you will see it as a violation of privacy.”

It is not inconceivable that law enforcement agencies will push for increasing access to information designed for private consumption by individual users on social media in the future. Javvad Malik, security awareness advocate at KnowBe4, said: “The pitfall to be wary of is for law enforcement to not get unfettered access to all information. Rather, access needs to be vetted and only released where there is appropriate legal requirement to protect unnecessary violation of individual privacy.”

“We figured out the right process for allowing law enforcement access to landline phones, US mail delivery, and even to text and cell phone records, we can do the same for digital communications and interactions”

Such a relationship developing between big tech and law enforcement could have worrying implications from a privacy perspective, and even offer up opportunities for abuses of power. Ben Pick, senior application security consultant at nVisium, commented: “On the surface, Facebook complying with the FBI to deliver data on end users who were present at the Capitol Hill Riot is a positive. However, the same process could be abused to obtain information on political rivals or members of the press investigating government officials. The best solution is much more complex and would require such data deliveries to be more mandated and used under only extreme scenarios.”

In the view of Payton, now is the time for tougher safeguards to be agreed upon and established to prevent any dystopian type scenarios occurring. This includes the establishment of a third party governance group to review any requests for data from any entity, not just law enforcement, and big tech and social media firms taking extra steps to provide transparency reports regarding law enforcement agencies data requests. Additionally, in regard to the digital world, “a long-term solution to striking the balance between individual law enforcement privacy and providing law enforcement with tools to stop and solve crimes is vital. We figured out the right process for allowing law enforcement access to landline phones, US mail delivery, and even to text and cell phone records, we can do the same for digital communications and interactions.”

Payton added: “Our laws regarding what should be provided to law enforcement need to be updated to reflect today’s technology.”

It is important to stress that there is no suggestion of any wrongdoing on Facebook’s part in reportedly providing the FBI with private data on those who took part in the Capitol Hill riots. However, with the use of digital technology and social media growing, and such platforms playing a vital part in people’s lives, the issue of law enforcement agencies and tech companies working together in this way needs to be monitored closely, and appropriate safeguards considered.

What’s Hot on Infosecurity Magazine?