Thursday October 17, 2019
SNc Channels:

Search
About Salem-News.com

 

Dec-04-2009 23:57printcomments

Yahoo's Guide For Law Enforcement

Yahoo's Guide For Law Enforcement is only one documented example of just how loose internet providers are with their client's data.

Salem-News.com
Wang Xiaoning says Yahoo's handing over his personal information via Internet records, cost him ten years in a Chinese prison. Google is the only one that held true to the American Dream. Yahoo is viewed by increasing numbers as the FOX News of Internet providers.

(EUGENE, Ore.) - "What information can Yahoo provide without a warrant? Name, location, IP addresses; any email; time, date, and IP address logs for Chat and Messenger; files, photos, and messages; member lists, and group activity logs."

I just published an article entitle Techno-Regulatory Arbitrage and the Future of the Internet. That article addresses the lack of constitutionally guaranteed rights as they apply to internet communications.

Following publication of the Techno-Regulatory Arbitrage article, I came across a recently leaked internal Yahoo document that describes exactly what information they store and provide to Law Enforcement. The complete document is available here: COMPLIANCE GUIDE FOR LAW ENFORCEMENT Nothing in this document is particularly extraordinary because it is written in accordance with the requirements of U.S. law, particularly the Stored Communications Act, 18 U.S.C. 2703. Every internet service provider must have similar policies in order to comply with U.S. law.

I will break down the information available according to the legal requirements to obtain it.

Subpoena

Subpoenas may not require court oversight and their use is not necessarily tracked in any publicly accessible way.

With a subpoena Law Enforcement Agencies can obtain: -Subscriber information, such as, name, ip address, and services used -Contents of communications (emails) stored for over 180 days -Contents of communications posted on "services" (social networks, etc.) including all communications and files Yahoo classifies their services in two ways: those they provide as an "Electronic Communications Service Provider" and those they provide as a "Remote Computing Service Provider."

They classify services like Flikr and Yahoo Groups under the RCS category, which has a lower threshold for disclosing data. Since these services are comparable to Facebook, MySpace, and other social networking sites, it would be interesting to see what policies for disclosing customers' private information those sites have.

2703(d) Order

A 2703(d) order is a court order under the Stored Communications Act.

Since it requires judicial approval, there is at least a record of it, and there is some kind of oversight.

18 U.S.C. 2703(d) requires that "the governmental entity offers specific and articulable facts showing that there are reasonable grounds to believe that the contents of a wire or electronic communication, or the records or other information sought, are relevant and material to an ongoing criminal investigation."

The crucial difference between a search warrant and a 2703(d) is that a search warrant must specifically describe items that are evidence of a crime. A 2703(d) only requires "reasonable grounds" for belief that the item to be seized is "relevant" to a criminal investigation.

The link between the item being seized and an actual crime is removed, which dramatically broadens the potential scope of these orders.

With a 2703(d) Law Enforcement Agencies can obtain: -Transactional records. This includes IP addresses, times, and descriptions of all activity on the system, including all other users who the target communicated with, all sites visited, all files accessed, etc.

Search Warrant

A search warrant is only required for Emails stored less than 180 days. This is due to the way that the Stored Communications Act is written.

No Process at All

If a Law Enforcement Officer submits an "Emergency Disclosure Request Form" alleging that there is an emergency involving imminent danger of death or serious physical injury, then Yahoo may release information with no process at all.

This provision makes sense, because there are legitimate emergencies where information needs to be accessed and no crime has been committed or a judicial process would be too slow.

While reasonable in the context of the information being available, and law enforcement needing it, emergency disclosures still raise major privacy concerns. All that is required to get information is sending a fax on police department letterhead. This creates major risks for users who trust companies like Yahoo with their private information.

Conclusion

Yahoo's Guide For Law Enforcement is only one documented example of just how loose internet providers are with their client's data. These same general guidelines are ubiquitous for all providers because they are required by law. If anyone has copies / links to these documents for other providers, I would be happy to get them... warncke@comcast.net

===================================


Salem-News.com Business/Economy Reporter Ersun Warncke is a native Oregonian. He has a degree in Economics from Portland State University and studied Law at University of Oregon. At a young age, his career spans a wide variety of fields, from fast food, to union labor, to computer programming. He has published works concerning economics, business, government, and media on blogs for several years. He currently works as an independent software designer specializing in web based applications, open source software, and peer-to-peer (P2P) applications. Ersun describes his writing as being "in the language of the boardroom from the perspective of the shop floor." He adds that "he has no education in journalism other than reading Hunter S. Thompson." But along with life comes the real experience that indeed creates quality writers. Right now, every detail that can help the general public get ahead in life financially, is of paramount importance. You can write to Ersun at: warncke@comcast.net




Comments Leave a comment on this story.
Name:

All comments and messages are approved by people and self promotional links or unacceptable comments are denied.



Anonymous December 8, 2009 2:48 pm (Pacific time)

Pretty easy to be an unknown out there, no matter what tracking power exists in real time. Before the internet I did everything by code, it is labor intensive, but it allows one to avoid what they want to avoid to maintain that anonymity.


Oregon Reader December 5, 2009 7:49 pm (Pacific time)

Ersun, I am glad I only use OTHER people's credit cards, then! (that's a joke...)


Ersun Warncke December 5, 2009 7:41 pm (Pacific time)

Remember, these are only the *legal* violations of privacy. This is the stuff that law enforcement gets. The illegal stuff being done by intelligence agencies and private companies goes way beyond this. Also, law enforcement agencies are running all kinds of scams where they buy access to private information that they couldn't otherwise legally obtain through private companies that obtain it under contract. This is especially prevalent with credit card records, but extends into a lot of other areas.


Oregon Reader December 5, 2009 6:11 pm (Pacific time)

Thanks for that. It would be nice if these companies would post this information so that people, upon signing up, know what limitations they have with respect to privacy issues. There are tools to circumvent the IP logging, and I suspect they will become more mainstream into the future as out sense of privacy becomes more and more invaded.


Ersun Warncke December 5, 2009 5:58 pm (Pacific time)

Another nice demonstration of my point. Whenever corporations want to suppress free speech they claim that it violates their "intellectual property" rights and have it removed... http://www.quickfilepost.com/download.do?get=d26543a16c471e766d747e884c4b754e


Oregon Reader December 5, 2009 5:32 pm (Pacific time)

Ersun, your link to the document does not work. Can you upload it to a sharing site and post the link, or is there some other way to share it?


Oliver Steinberg December 5, 2009 9:13 am (Pacific time)

Thanks for explaining the electronic police state. United Statesians have lost their sense of what it means to live as free people. Instead, the groupmind now bleats: "If you haven't done anything wrong, you have nothing to hide." Comforting, isn't it? Naturally, the list of what is prohibited, what is "wrong," what you're not allowed to do or supposed to do, is infinitely expandable. Before they ban it, folks, go read George Orwell's "1984."

[Return to Top]
©2019 Salem-News.com. All opinions expressed in this article are those of the author and do not necessarily reflect those of Salem-News.com.


Articles for December 3, 2009 | Articles for December 4, 2009 | Articles for December 5, 2009
Annual Hemp Festival & Event Calendar

Your customers are looking: Advertise on Salem-News.com!

Support
Salem-News.com:


The NAACP of the Willamette Valley