Facebook Caught Building ‘Shadow Profiles’ of Non-Members

FoxNews.com
October 21, 2011

Eight hundred million users are not enough. Facebook, the world’s biggest social network, is now building profiles of non-users who haven’t even signed up, an international privacy watchdog charges.

The sensational claim is made in a complaint filed in August by Ireland’s Data Protection Commissioner. It alleges that users are encouraged to hand over the personal data of other people — including names, phone numbers, email addresses and more — which Facebook is using to create “extensive profiles” of non-users.

Facebook categorically denies the allegation, but experts tell FoxNews.com that it could well be true.

“There can be little doubt that Facebook collects from its current users information about individuals who are not currently Facebook users, and collects from its current users information about other Facebook users,” said Kelly Kubasta, who heads the Dallas law firm Klemchuk Kubasta’s social media division.

Ciara O’Sullivan, a spokeswoman for Ireland’s Office of the Data Protection Commissioner, told FoxNews.com that its audit of Facebook Ireland’s privacy policies was part of a “statutory investigation” that the office anticipates will lead to immediate changes.

“The Office of the Data Protection Commissioner will be commencing a comprehensive audit of Facebook Ireland before the end of the month,” O’Sullivan said.

But Facebook denies that it is creating “shadow profiles” and tracking users and non-users alike.

“Facebook does not track users across the web,” a Facebook spokesman said in a statement to FoxNews.com. “We use cookies on social plug-ins to personalize content, to help maintain and improve what we do, or for safety and security.”

Furthermore, Facebook says that no information it receives from users is employed to target ads, and that it does not resell information from users to third parties. The company prominently posts its established privacy policy on its Web site.

But that isn’t what they’re thinking in Ireland. The complaint makes clear that it believes Facebook is doing just that — and enumerates several scenarios that would give any social-networker shivers.

“Facebook Ireland is gathering excessive amounts of information about data subjects without notice or consent by the data subject,” the complaint states, adding that in many cases the information “might be embarrassing or intimidating for the data subject. This information might also constitute sensitive data such as political opinions, religious or philosophical beliefs, sexual orientation and so forth.”

U.S. Feds get warrants to mine Facebook accounts

As if Facebook wasn’t already enough of a data mining operation, judges are allowing Feds to access account information such as addresses, telephone numbers, friends’ lists in order to… you guessed it: ‘fight crime’.

By Robert Snell
The Detroit News
April 25, 2011

Federal investigators in Detroit have taken the rare step of obtaining search warrants that give them access to Facebook accounts of suspected criminals.

The warrants let investigators view photographs, email addresses, cell phone numbers, lists of friends who might double as partners in crime, and see GPS locations that could help disprove alibis.

There have been a few dozen search warrants for Facebook accounts nationwide since May 2009, including three approved recently by a federal magistrate judge in Detroit, according to a Detroit News analysis of publicly available federal court records.

The trend raises privacy and evidentiary concerns in a rapidly evolving digital age and illustrates the potential law-enforcement value of social media, experts said.

Locally, Facebook accounts have been seized by the Bureau of Alcohol, Tobacco, Firearms and Explosives and FBI to investigate more than a dozen gang members and accused bank robber Anthony Wilson of Detroit.

“To be honest with you, it bothers me,” said Wilson, 25, who was indicted Tuesday on bank robbery charges after the FBI compared Facebook photos with images taken from a bank surveillance video. “Facebook could have let me know what was going on. Instead, I got my door kicked down, and all of a sudden I’m in handcuffs.”

Federal investigators defend the practice. “With technology today, we would be crazy not to look at every avenue,” said Special Agent Donald Dawkins, spokesman with the ATF in Detroit.

The FBI suspected Wilson was behind a string of bank robberies across Metro Detroit that netted more than $6,300. Special Agent Juan Herrera said an informant told the FBI about Wilson’s Facebook account. It was registered under the name “Anthony Mrshowoff Wilson.”

In several photos on Facebook, Wilson was wearing a blue baseball hat and blue hooded sweatshirt, both featuring a Polo emblem. That’s the same outfit the FBI said the suspect wore when he stole $390 from a Bank of America Branch in Grosse Pointe Woods on Nov. 26, according to federal court records.

His Facebook photos also included one in which Wilson wore a red Philadelphia Phillies baseball hat, which the FBI said Wilson donned while robbing $1,363 from a PNC Bank branch in St. Clair Shores on Dec. 21, according to court records.

On Jan. 26, U.S. Magistrate Judge Virginia Morgan gave approval for the FBI to seize information from Wilson’s Facebook account. The warrant was executed within four hours.

Facebook gave the FBI Wilson’s contact information, including birth date, cell phone number, friends, incoming and outgoing messages, and photos.

Wilson was charged in a criminal complaint Feb. 7 and indicted Tuesday on five bank robbery charges. He is free on a $10,000 unsecured bond.

“I’m innocent until proven guilty,” Wilson told The Detroit News. “They’re basically going off my clothes. Ralph Lauren is a popular clothing line.”

He’s since updated his Facebook photo. Wilson swapped the blue Polo hat and blue Polo sweatshirt for white ones featuring the iconic Polo horse.

Despite the search warrants, his Facebook information page was still public Thursday.

Technology challenging

Morgan, the federal magistrate judge, also approved two search warrant requests from the ATF late last year and in February to search the accounts of at least 16 people suspected of belonging to a Detroit area gang. The affidavit justifying the search remains sealed in federal court.

Even with the access, investigators are having a hard time keeping up with high-tech crooks. In February, an FBI official testified before a House subcommittee about the difficulty accessing electronic communications on social media sites and email even with court approval.

“The FBI and other government agencies are facing a potentially widening gap between our legal authority to intercept electronic communications pursuant to court order and our practical ability to actually intercept those communications,” FBI General Counsel Valerie Caproni testified.

Monitoring real-time Web-based conversations is particularly difficult, she said.

The FBI uses the term “Going Dark” to label the gap between having the authority to access electronic communications and the Internet service providers’ capability to gather the information. “This gap poses a growing threat to public safety,” Caproni testified.

Concerns over privacy

Information gleaned from the Internet raises constitutional and evidentiary issues that must be considered, including privacy and the right against unreasonable searches and seizures, said Chief U.S. District Judge Gerald E. Rosen, who also is an evidence professor at Wayne State University. Evidence obtained from the Internet and social media sites also raises issues about whether the information can be authenticated, he said.

“The Internet is the next frontier for the development of Fourth Amendment law,” Rosen said, referring to the amendment protecting against unreasonable searches and seizures.

A Facebook spokesman said the company receives a “significant volume of third-party data requests” that are reviewed individually for “legal sufficiency.”

“We do not comment publicly on data requests, even when we disclose the request to the user. We have this policy to respect privacy and avoid the risk that even acknowledging the existence of a request could wrongly harm the reputation of an individual,” said Andrew Noyes, Facebook manager of public policy communications. “We never turn over ’content’ records in response to U.S. legal process unless that process is a search warrant reviewed by a judge. We are required to regularly push back against overboard requests for user records, but in most cases we are able to convince the party issuing legal process to withdraw the overboard request, but if they do not, we fight the matter in court (and have a history of success in those cases.)”

Spokeswomen for the U.S. Attorney’s Office and FBI declined to discuss techniques used by investigators.

It is unclear exactly how many search warrants have been executed for Facebook accounts. But requests – in Maryland , New York , North Carolina , Virginia , California , Pennsylvania , Montana and Alabama – come amid a backlash from users who complained too much of their personal information was being disclosed .

The San Francisco-based Electronic Frontier Foundation , a digital civil liberties organization based in San Francisco, launched a campaign recently to encourage Facebook and others to disclose when and how often law-enforcement agencies request user account information.