Facebook™ is a social networking service that allows users
to interact with other Internet users, sharing media and messages.
A user is able to contact other individuals by adding them
to their ‘friends list’, which enables them to be able to write on other
friends’ walls (i.e. a space for public commentary) and leave tags on
photographs. Users are also able to communicate by sending instant messages
which can sometimes be stored on the user’s machine and messages, similar to
emails.
The owner of the account is able to adjust privacy settings
so as to restrict what information is publically accessible and what details
may be viewed only by friends. Much like conventional email correspondence,
sent and received messages are unable to be edited and are stored on the
Facebook™ servers in their original format until deleted by the user of an
account. This material is the basis for facebook evidence.
Correspondence made via Facebook™, including media files
uploaded to the website or shared, are stored permanently on the respective
account.
It is necessary for the user to manually select items of
correspondence or specific files for deletion in order to have them removed
from the account. Alternatively, a user may close their entire account in order
to have all correspondence or media files erased. Deleted data files or
accounts are no longer available to members of the public, online friends or
the original account owner; however, all of this content remains archived by
Facebook™ for a period of ninety (90) days .
Facebook™ recommends that investigators contact their
organization as soon as a requirement for acount information is known. This way
current accounts or erased content can be preserved for a further ninety (90)
days, to allow adequate time for service of legal applications.
The Facebook™ unit responsible for managing requests for
account information and related facebook evidence, the unit is titled the
‘Security Department and Custodian of Records’:
FACEBOOK™ INC
SECURITY DEPARTMENT / CUSTODIAN OF RECORDS
1601 CALIFORNIA AVENUE
PALO ALTO, CA 94304
FAX: (650) 644 3229
EMAIL: SUBPOENA@FACEBOOK™.COM
The following three types of requests can be made:
• Preservation
Requests
Following notification of a specific User ID, Username or
e-mail address, existing account records and erased archive material will be
preserved for ninety (90)days.
• Formal
Legal Requests
Records will be provided pursuant to formal compulsory legal
process issued under US law.
• Emergency
Requests
Where there is a credible risk of bodily harm or death,
immediate assistance will be provided to investigating authorities, even in the
absence of legal process/orders. It should be noted that whilst the above
references state that formal legal facebook evidence requests “issued under US
law”, in the experience of the author the Facebook™ organization will readily
assist any request for information from any lawful authority or country, as
long as supported by their respective legal process.
Whilst internal procedures vary between Police forces, this
position may be verified by contacting the relevant Hi-Tech Crime Unit (HTCU)
and/or Single Point of contact (SPoC) for clarification on their approach to
securing disclosure of facebook evidence, account information and related
records. Subject to receiving a lawful request for information, Facebook™ can
provide the following records:
• Basic
Subscriber Information
Previously referred to as ‘neoselect’ , these records will
include the User Identification Number, account email address, time/date of
account creation, associated telephone number(s), and time/date of logins for
the past 72hours.
• Expanded
Subscriber Content
Previously referred to as ‘neoprint’, these records will
include all profile contact information, status updates, files/photographs that
have been shared, messages posted on other individual’s walls, listings of
friends and group memberships, and event reminders.
• User
Photographs
Previously referred to as ‘photoprint’, this will include
all photographic media uploaded by the account holder as well as photographs
from third parties which have been tagged as featuring the account holder.
• Messaging
Correspondence
Incoming (received), outgoing (sent), and draft email
equivalent communications.
• Internet
Logs
Commonly referred to as ‘IP’ logs, this content will assist
in demonstrating the time/date that a user account was accessed as well as
provide enough information to trace the physical address of the computing
device used to make the account access.
The above facebook evidence records will generally be served
via email in the form of Adobe Portable Document Format (PDF), so that the
content cannot be easily modified.
0 comments:
Post a Comment