Law Enforcement and the Social Media Stakeout

Law enforcement techniques that were previously used by only federal agencies are becoming more readily accessible to law enforcement at the local level.

Police sitting in a car, with a cup of coffee in hand, waiting for something to "go down" at the building across the street is a scene we have all watched countless times in movies over the years.  While possibly not as dramatic for cinematic purposes, today police are able participate in big data stakeouts from their own desks.  At a meeting last month for the International Chiefs of Police (IACP), a cloud based service was unveiled that will allow local law enforcement to monitor social networks for evidence and clues of crimes committed in the brick and mortar world.

A piece in ArsTechnica noted that a poll of 1,200 law enforcement officers, as conducted by LexisNexis, found that four out of five officers are now using social media as part of their investigations.  New SaaS programs allow police to aggregate information culled from social media sources and then link to databases with public records to enable law enforcement to cross reference the information gathered.  The article also noted that one of the services providing this type of assistance will even "monitor the general mood of postings and pick up potential threats of violence."

While police have been using social media for some time as an aid to investigations, new technology and services are providing them with more elaborate tools to assist them with their online efforts.

Facebook Considers Using Cursor Tracking Technology

The Wall Street Journal reports that Facebook is currently looking into technology that will enable the social network to track the location of a user’s cursor on their screen or interface.

The Journal noted that Facebook would not be the first company to engage in this type of behavioral tracking as Shutterstock, a digital image marketplace, has already done so.  The article quotes Shutterstock CEO, Jon Oringer, as saying, “Today, we are looking at every move a user makes, in order to optimize the Shutterstock experience.”

The potential Facebook tracking technology could collect data on how long a user’s cursor hovers over a part of the website and whether user’s newsfeed is visible at a specific time on the user’s mobile phone.  Facebook is still in the process of testing the technology, but the Journal reports that the company should know whether it will be proceeding with the technology within months.

Ken Rudin, Facebook’s head of analytics, is working on increasing the volume of the company’s available data and storing it in a way that can be accessed more efficiently. He referred to the review of the new technology as a “never-ending phase” noting that it will not necessarily be rolled out.

With the knowledge that Facebook is now considering this technology and, if it uses it, will not be the first company to do so, another layer of behavioral tracking can be added to the myriad ways data can be collected and used on social media platforms.

Equifax, Transunion, Experian and FACEBOOK!!??

Might lenders start reviewing your social media activities to determine your creditworthiness?

Erika Eichelberger wrote a sobering piece in Mother Jones last month addressing that very issue.  Actually, Eichelberger points out that some lenders are already engaging in the practice and that it could only be a matter of time before mainstream lenders begin doing the same.

Eichelberger reports that lenders who use information found on social media sites argue “that they are able to serve borrowers that traditional banks deem risky because they are able to evaluate credit risk based on more subtle social media-based indicators.”  These indicators include the number of friends applicants have, how often they interact ad even the quality and quantity of one’s LinkedIn contacts “for clues to how quickly laid-off borrowers will be rehired.”

The practice which is currently being used primarily by lenders providing loans to low-income borrowers raises issues of both credibility and fairness.  Does the information available on social media sites really provide valuable information when assessing a potential borrower and is it being applied in a fair and non-discriminatory manner?  The two key laws applicable in this area are The Fair Credit Reporting Act (FCRA) and the Equal Credit Opportunity Act (ECOA).  The FCRA provides citizens with certain rights related to the use and disclosure of their personal information by credit reporting agencies.  The ECOA seeks to provide equal opportunity to customers of banks, credit card companies, loan and finance companies and others.  It prohibits discrimination against applicants based on race, color, religion, national origin, sex or marital status and age. Eichelberger notes that critics of the practice question whether the information provided is truly indicative of the likelihood of repayment on the part of a prospective borrower.  Quoting Ashkan Soltani, an independent expert on consumer privacy and behavioral economics, “For you and I to call each other friends in the real world, we’d have to hang out a lot’…’I might follow you on Facebook because you post funny cat pictures.”  In addition, Eichelberger writes that experts say these lenders may be “discriminating against applicants who essentially appear socially undesirable’…’But discrimination law does not yet cover people who are unpopular.” 

On Second Thought…Delete My Post!

Imagine having the right to demand that websites you have posted on take down the content or information that you later regret having posted.  California is on its way to enacting such a law, albeit for the benefit of minors only.

 

California filed what is referred to as an “eraser” law with its Secretary of State on September 23^rd.  If Governor Jerry Brown does not veto the bill, which he apparently has taken no position on, it will go into effect as of January 1, 2015.  The New York Times quoted James Steyer, the chief executive of Common Sense Media, an advocacy group that supported the bill, as stating, “Kids and teenagers often self-reveal before they self-reflect…It’s a very important milestone.”

The bill, Chapter 21 of Division 8 of California’s Business and Professional Code would require “the operator of an Internet Web site, online service, online application, or mobile application to permit a minor, who is a registered user of the operator’s Internet Web site, online service, online application, or mobile application, to remove, or to request and obtain removal of, content or information posted on the operator’s Internet Web site, service, or application by the minor, unless the content or information was posted by a 3rd party, any other provision of state or federal law requires the operator or 3rd party to maintain the content or information, or the operator anonymizes the content or information.”  Moreover, the bill would require the site to notify the minor that the minor has such a right.

Concerns about the legislation, identified in Somini Segupta’s piece in the New York Times, include the fact that companies will be able to collect more information on minors as they would need to identify their age and presence in California and, further, that the passage of similar laws in other states could create a hodgepodge of varied laws with varied requirements throughout the nation.  This latter concern, however, is seemingly endemic of the U.S.’s approach to privacy protection in general, which tends to be ad hoc on a state level and industry specific on the federal level.

There has been ongoing pressure in Europe for “right to-be-forgotten” legislation, which differs from California’s legislation in that it would provide for a similar “eraser” right for all Europeans regardless of age.

You can find the proposed California legislation here.  

State Social Media Privacy Legislation Now an Issue for Securities Regulators

The Financial Services Institute, which represents individual financial services firms and individual financial advisors, warned that 70 social media bills introduced throughout the U.S. could conflict with Finra advisor regulations.

An article in Financial Advisor magazine said that a spokesman for the North American Securities Administrators Association expressed concern that privacy provisions in the bills might interfere with supervisory and record-keeping responsibilities of advisors under state and federal securities laws and regulations.

Recall that many states have started to pass legislation restricting employers’ ability to acquire employee passwords or gain other means of access to employee social media accounts.  In his Financial Advisor article, Ted Knutson reports that Finra has been in contact with 12 states about the legislation. In the organization’s letter to the Colorado legislature, it noted that “the objective may be accomplished through a specific exemption for broker-dealers whose employees use a personal account or service for business communications.”

While courts continue to deal with the ongoing challenge of applying traditional legal doctrine to social media platforms, it is also worth noting how regulators must now contemplate not only social media itself but the way both current and future laws passed in response to social media will impact their own regulations.

Facebook Posts Lead to Judge Tossing Verdict

Facebook posts may have played a role in a Georgia judge throwing out a plaintiff's verdict.

The suit involved a claim brought by Michael Bowbliss, who suffered nerve damage as a result of a lab technician's failure to properly draw blood for a routine, insurance related blood test. The award, originally for 5.7 million dollars, was first reduced by State Court Judge Patsy Porter to 4 million dollars, and then further reduced after the judge questioned Bowbliss's spouse's award for consortium damages, which exceeded Bowbliss's award for his original injury.  However, the Georgia judge eventually eliminated the entire verdict as a sanction against the couple for perpetrating a fraud upon the court.  Evidence, including the couple's Facebook posts, seemed to indicate that the couple had been in a troubled marriage during the time Dee Anna Bowbliss was seeking loss of consortium damages.  The attorneys for the defense claimed the marriage itself was a sham and that the Bowbliss's intention was to divorce after the completion of the trial. Moreover, the plaintiff's Facebook posts indicated that his injuries may not have been as severe as professed to the court.  One such post included, "can not go to gym til lawsuit over...due to it not looking right for me to be working out...and saying I have a bad arm."  With respect to the defense attorney's "sham marriage" assertion, one of the plaintiff's other posts read ""Judge is f[**]king on my case...dee and I aren't divorced yet because of piece of s[**]t judge and case."

Although the attorneys for defendant, Quick-Med, Inc. and its parent Quest Diagnostics, requested that the suit be dismissed with prejudice, Judge Porter refused.  The plaintiff's attorneys have already refiled the case.

Read more about this case in The Daily Report.

FBI Pressuring ISPs to Install Surveillance Software

In a fascinating article by Declan McCullagh, CNET is reporting that the U.S. government is “pressuring” telecommunications providers to install eavesdropping software on their internal networks in order to assist in governmental surveillance activities.  Apparently, the FBI has asserted that the software’s interception of metadata is authorized under the Patriot Act. It remains unclear; however, to what extent these “port carriers” have actually been installed by carriers.  According to McCullagh, AT&T, T-Mobile, Verizon, Comcast and Sprint have all declined to comment.  “A government source familiar with the port reader software said it is not used on an industry-wide basis, and only in situations where carriers’ own wiretap compliance technology is insufficient to provide agents with what they are seeking,” writes McCullagh.

Generally speaking, police and other investigative agencies are required to obtain a court order to intercept the content of real-time communications.  In addition to email, this would include information available via social media platforms, such as Facebook and others.  It is important to understand the distinction between information that falls into the pen register category and that which falls into the more substantive, content category.  Pen register type data includes metadata, such as “IP addresses, email addresses, identities of Facebook correspondents, web sites visited, and possibly search terms as well.”  Access to pen register has historically required a lower bar for access by investigators than other forms of investigative practices, such as wiretapping where full blown communications can be monitored.

The concern with the software that would be used by the carriers at the government’s prodding is that the software might collect more information than would necessarily fall under a pen register type of collection.  According to a source cited in the article, “the FBI wants providers to use their existing CALEA [Communications Assistance for Law Enforcement Act] compliance hardware to rout the targeted customer’s communications through the port reader software. The software discards the content data and extracts the metadata, which is then provided to the bureau.”

The CNET article can be found here. http://news.cnet.com/8301-13578_3-57596791-38/fbi-pressures-internet-providers-to-install-surveillance-software/

Fraud Examiners are Using Social Media to Gather Information

Forbes’s Walter Pavlo, who dedicates his column to white collar-crime, has an eye-opening piece on how fraud examiners are using social media to gather information on targets.  The column centers on a meeting in Las Vegas of the Association of Fraud Examiners.

The article makes the point that frequently people enjoy bragging about their interests on social media sites, such as Facebook, LinkedIn, Twitter and Pinterest.  Investigators are able to observe what individuals are claiming on social media and reconcile that same information with the target’s apparent means.  As the piece observes, “Bill in Accounting”, ‘who makes $100K/year is tweeting about his new Ferrari.”  Obviously, a red flag.

The four key areas for consideration related to the performance of an online investigation include:

·         finding out where people are claiming to spend their time;

·         assess a person’s “Likes” and “Dislikes”;

·         look for clues to determine other social media sites the target is visiting; and

·         see who people are following and being followed by and look for conflicts of interest.

Pavlo’s piece underscores the double-edged nature of the transparency social media brings with it.  As a society we might appreciate the effective way investigators utilize tools to bring potential wrongdoers to justice, as individuals it may make us inclined to look over our shoulders to see who is peering and wonder what their motivation is.

You can read the full article at   http://www.forbes.com/sites/walterpavlo/2013/06/25/criminals-beware-fraud-investigators-take-to-social-media/.