The Fraud Examiner

User Data for Investigations: Who Is Sharing?
 

May 2013

By Jacob Parks, J.D., CFE

 

Fraud examiners, whether working in law enforcement or the private sector, know that their investigations can benefit from the vast amount of data stored by Internet service providers (ISPs). User-created content such as photographs, messages and personal status updates help examiners discover motives, incriminating statements, conflicts of interest and much more. Additionally, location-tracking by ISPs is becoming more and more common. For years law enforcement went to great efforts to follow or plant tracking devices on criminal suspects. Now, mobile devices with locating applications functionally serve as voluntary tracking devices, once a warrant is obtained. And the amount of data from ISPs and their users is only going to grow.

 

The issue is how fraud examiners, in their respective roles, can access this information legally and ethically. There are many competing values when it comes to data stored online, including privacy rights versus criminal justice. Due to the rapid evolution of online data and the reactive development of relevant laws, the boundaries are not always clear. The procedure for obtaining user data from an ISP is often dependent on the company’s policies, and some are more likely to cooperate than others. Likewise, users of ISPs will have different attitudes with respect to their privacy.

 

Government Investigations 

Investigations into online data by law enforcement and other government actors are legally murky. Constitutional protections against unreasonable search and seizure are largely defined by a person’s reasonable expectation of privacy in the area searched, and how much privacy a person can expect in online information stored by a social networking site such as Facebook is arguable. Moreover, that expectation is likely different for other types of ISPs, such as telecommunications providers. What is clear is that compelled disclosure of user communications from ISPs requires a warrant based on probable cause, but some ISPs provide such information to enforcement agencies without a warrant.

 

In April, the Electronic Frontier Foundation (EFF) released the third edition of its Online Service Providers’ Privacy and Transparency Practices Regarding Government Access to User Data report (available here), which is of interest to several groups. First, consumer privacy advocates would like to know how major online services are handling user data when law enforcement comes knocking. The image of online service providers is also at stake, as reports such as this one affect how users gauge the protection of their privacy with these companies. On the flip side, the report informs government investigators what level of cooperation to expect when dealing with certain online service providers, as well as overall trends in these types of companies. 



Sign In

Not a member? Click here to Join Now and access the full page.