Feeds

Your space, MySpace, everybody's space

A closer look at the privacy issue

High performance access to file storage

Unhappy Prosecutors

When MySpace insisted on some legal process to provide subscriber or identity information about people it had already kicked off the service, the Attorney Generals cried foul and went to the press. North Carolina Attorney General Roy Cooper sent out an email exclaiming: "MySpace admitted they've found thousands of sex offenders on their site, but they have refused to provide information so law enforcement and parents can do something about it."

Cooper included both law enforcement and parents in the proposed list of people who would have access to the MySpace data. Essentially, Cooper was insisting that MySpace turn over information to the cops, and that the cops would then make it public - after MySpace had already deleted the accounts.

Again, not necessarily a bad idea but where is the subpoena? It appears that the NC AG decided to get a civil investigative demand - essentially a subpoena without any court involvement to get around the provisions of NC § 15A 623(e) which provides "Grand jury proceedings are secret and...all persons present during its sessions shall keep its secrets and refrain from disclosing anything which transpires during any of its sessions", including presumably what documents are produced pursuant to a grand jury subpoena.

Cooper went on to note: "It's outrageous that MySpace chooses to protect the privacy of predators over the safety of children." Um, I think he meant the privacy of MySpace subscribers. Indeed, in the case of Freedman v. Am. Online, Inc., 325 F. Supp. 2d 638 (D. Va. 2004) AOL was successfully sued for giving out subscriber information without an effective warrant (the warrant was signed by one of the cops and not by a judge).

In another case, United States v. Hambrick, 55 F. Supp. 2d 504 (D. Va. 1999), the Court refused to suppress the subscriber information delivered to the cops when a Justice of the Peace who was also a police officer signed off on an invalid warrant.

In both Freedman and Hambrick, the ISP gave subscriber data to the cops without an effective warrant, and in both cases the courts found that the ISP could be held civilly liable for it. Cooper continued, "We will take action to require MySpace to give law enforcement and parents the information we need to protect our kids."

Bully! That's EXACTLY what he should do - take action to get the information, not waste time complaining to the press that MySpace wasn't doing HIS job. Connecticut Attorney General Richard Blumenthal said that he was "deeply disappointed by MySpace's disingenuous refusal to provide information about convicted sex offenders with profiles on its site".

He forgot to add, "without a subpoena or other legal process, or a demonstration of some exigency He also forgot to note that in the Freedman case, not only was AOL sued under the ECPA, but also under the Connecticut Unfair Trade Practices Act ("CUTPA"), Conn. Gen. St. § 42-110a et seq, a statute that Blumenthal himself is charged with enforcing..."

This is not the first time that law enforcement agents have used public perception of a crisis to try to convince private entities to waive privacy policies and pony up information to the government without legal process. In the wake of September 11, the government used the threat of terrorism to get various airlines to pony up passenger information without any legal process. In both the United States and the UK, law enforcement officers have used examples of sexual assault to convince thousands of ordinary citizens to give DNA samples (cheek swabs) to clear them of any suspicion.

There is nothing to prevent the cops from publishing the names of people who refuse to consent to giving a "voluntary" DNA sample in order to shame or pressure them into consenting - creating in the public the impression that they must be guilty of the sexual assault or they would be willing to give the DNA sample in much the same way that the Attorneys General in the MySpace case are attempting to pressure MySpace into "consenting" to provide the subscriber information without a subpoena.

Indeed, in the DNA cases, once having obtained the DNA by "consent" there is no legal restriction on its use - the cops can retain the DNA samples obtained from innocent "volunteers" for years and compare them in every criminal or even civil cases. Such is the nature of "privacy."

Among the information requested by the AGs from MySpace was information such as the number of registered sex offenders with MySpace profiles. The Connecticut AG noted: "No subpoena is needed for much of the information we requested, such as the number of registered sex offenders with MySpace profiles. MySpace's failure to give us this essential data is inexplicable and inexcusable."

He neglected to mention that the demand also called for the names of the registered sex offenders on MySpace, and the states in which they reside. He added that legally MySpace can and must provide this information without a subpoena, noting: "The vague reference by MySpace to federal privacy laws certainly failed to justify a complete refusal to cooperate - or insistence on a subpoena for all information." MySpace didn't "completely refuse to cooperate", it just asked the AGs to comply with the law - or more accurately not force MySpace to break the law.

High performance access to file storage

Next page: Sex Offender Crimes

More from The Register

next story
Android engineer: We DIDN'T copy Apple OR follow Samsung's orders
Veep testifies for Samsung during Apple patent trial
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Did a date calculation bug just cost hard-up Co-op Bank £110m?
And just when Brit banking org needs £400m to stay afloat
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
German space centre endures cyber attack
Chinese code retrieved but NSA hack not ruled out
EFF: Feds plan to put 52 MILLION FACES into recognition database
System would identify faces as part of biometrics collection
Big Content goes after Kim Dotcom
Six studios sling sueballs at dead download destination
Ex-Tony Blair adviser is new top boss at UK spy-hive GCHQ
Robert Hannigan to replace Sir Iain Lobban in the autumn
Alphadex fires back at British Gas with overcharging allegation
Brit colo outfit says it paid for 347KVA, has been charged for 1940KVA
Jack the RIPA: Blighty cops ignore law, retain innocents' comms data
Prime minister: Nothing to see here, go about your business
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
HP ArcSight ESM solution helps Finansbank
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.