Janon Fisher reports:
A convicted Georgia sex offender is spearheading an effort to prevent media companies like Yahoo, Myspace and Comcast from honoring search warrants from out-of-state law enforcement, claiming in a Manhattan federal lawsuit that they violate the companies’ privacy policies and federal wiretapping laws.
Cory Hubbard, 34, who was convicted in 2008 of using Myspace to lure a 13-year-old girl to a motel, claims that the California-based social networking site violated federal Internet privacy and wiretapping laws by responding to a warrant signed by a county magistrate in Georgia, according to the suit.
Hubbard’s lawyers argue that the Georgia writ had no authority in California and that Myspace was not compelled to release the information, but did so voluntarily.
Three other federal lawsuits have been filed by two women in Georgia claiming that Yahoo, Comcast Cable and Windstream, a broadband provider, all violated their customers’ civil rights by releasing information to police without authorization.
“We think this happens pretty much all the time,” said Millican of the alleged Internet privacy violations. In fact, a Comcast representative testified in an affidavit that private data on 36,771 customers has been turned over to law enforcement in the last four years.
Cherokee County District Attorney Gary Moss, who prosecuted Hubbard, said his agency did nothing wrong by faxing the writ to the Los Angeles–based company. “These are not matters covered under the Fourth Amendment,” said Moss. “He has no privacy on what he’s given to a third party. It’s no different than giving your diary to a third party, and they turn it over to law enforcement. There’s no violation.”
Read the full story on AdWeek.
Okay, this is yet another demonstration of why we need ECPA reform. We want law enforcement to be able to get records in some cases and we don’t want companies sued for complying with lawful requests. But we do need to make the standard clear as to what level of court supervision is required to compel production and companies that do not hold law enforcement to that standard should be held potentially liable.
Cherokee County District Attorney Gary Moss appears correct in saying that the Fourth Amendment doesn’t apply. Under current law and court interpretations, it really doesn’t. But if it’s not going to apply, then we need more stringent protections under ECPA.
If Comcast revealed in an affidavit that private data on 36,771 customers has been turned over to law enforcement in the last four years, in how many of those cases did law enforcement provide a search warrant or other court order?
All of us should be concerned about social media companies just turning over our data without adequate court oversight of the request for information. In all too many cases, it appears that there may be no court oversight and/or we may never be notified that our information has been turned over — much less notified in advance so that we might have an opportunity to fight the subpoena or court order (and #ThankTwitter for fighting for the right to notify its users to give them an opportunity to quash the order when the DOJ tried to gag them).
No one wants truly guilty individuals to evade accountability, and there may be times when it does seem important not to alert or warn users that their data have been requested by law enforcement. Setting reasonable and uniform federal standards for law enforcement to comply with will benefit users, law enforcement, and the third parties holding our personal info if those standards include court approval of requests for certain types of information.
Update/Correction: A kind person on Twitter (@pporlock) pointed out to me that this really isn’t an issue that would be resolved by reforming ECPA because it involves probable cause warrants. Clearly, I drifted off into thinking about cases where there is no probable cause warrant. My bad.