Facebook Applications: Back Doors for Law Enforcement?


Tags:, , , , , , ,

Via Google News I hear of a new Facebook Application: GMP Updates. The application, also known as “The Greater Manchester Police Updates,” gives you a feed of crime updates and links to a form for reporting crimes, according to the article. It’s the first time I’ve seen a law enforcement based Facebook application.

GMP Updates

There have been several articles about law enforcement using its normal user-level access to Facebook for criminal prosecutions (For example: “Facebook Helps Law Enforcement“, “Site Used to Aid Investigations,” “Student Arrested After Police Facebook Him“). In these cases, law enforcement or their tipsters browse Facebook like a normal user, looking at the information made available to that user.

Expanded Viewing Powers

Law enforcement use of applications will significantly expand the reach of what law enforcement can see, and also provide a more surreptitious viewing ability. It’s been noted that some 90% of popular applications have access to more information than they need, but this seems like a significant first — giving law enforcement more access than it needs. Why the expansion? Because application providers get access to just about all of your Facebook information, as described in the “Platform Application Terms of Use“:

In order to allow you to use and participate in Platform Applications created by Developers (“Developer Applications”), Facebook may from time to time provide Developers access to the following information (collectively, the “Facebook Site Information”):

(i) any information provided by you and visible to you on the Facebook Site, excluding any of your Contact Information, and

(ii) the user ID associated with your Facebook Site profile.

Facebook provides some examples of what this means. Like:

The Facebook Site Information may include, without limitation, the following information, to the extent visible on the Facebook Site: your name, your profile picture, your gender, your birthday, your hometown location (city/state/country), your current location (city/state/country), your political view, your activities, your interests, your musical preferences, television shows in which you are interested, movies in which you are interested, books in which you are interested, your favorite quotes, the text of your “About Me” section, your relationship status, your dating interests, your relationship interests, your summer plans, your Facebook user network affiliations, your education history, your work history, your course information, copies of photos in your Facebook Site photo albums, metadata associated with your Facebook Site photo albums (e.g., time of upload, album name, comments on your photos, etc.), the total number of messages sent and/or received by you, the total number of unread messages in your Facebook in-box, the total number of “pokes” you have sent and/or received, the total number of wall posts on your Wall™, a list of user IDs mapped to your Facebook friends, your social timeline, and events associated with your Facebook profile.

[I've highlighted some of my favorites]

Note that applications can access your data even if you’ve marked it as not viewable by the police in your geographic network or school. Even if you’ve used a “friend list” to restrict who sees a photo, it’s still available to the third party application providers. So its not enough to carefully tune your privacy vis-a-vis other Facebook users. You also have to avoid adding in applications like the GMP Updater — avoid getting updates from your local law enforcement.

Inadvertent Snitching

That’s not all that is happening. When you add an application, by default it can see what you can see on Facebook. So you’re also sharing your friends’ information with law enforcement. Your friends may opt-out of this sharing, but until they do you’ll be the eyes and ears of law enforcement by adding a law enforcement-based Facebook app. The defaults include quite a bit of information:

API Defaults

When you add applications, you’re told they get to see your information:

Add GMP Updates

But you’re not told you’re also sharing your friends’ info.

Content Too?

One thing that is unclear to me is whether applications can see the content of my Facebook messages and other communications I make within the site. Content fits the definition (“any information provided by you and visible to you on the Facebook Site, excluding any of your Contact Information”) of information available to third party providers, but it would be quite shocking if this was being made available to third parties. In the US, intercepting a communication requires a warrant — pursuant to the 4th Amendment as well as ECPA, and accessing a stored communication requires court orders or warrants, depending on the age of the information. This is why I’m skeptical that content is being shared with law enforcement via the API. It would be quite a scandal.

Posted: April 16, 2008 in:

17 Comments »

  1. [...] sobre delitos sin que, dicen, se recurra a la vulneración de la intimidad de los usuarios. Aunque no todos lo ven tan claro. Entre ellos, [...]

    Pingback by El Gobierno, en Twitter, y la policía, en Facebook | Mangas Verdes — April 21, 2008 @ 7:54 pm

  2. [...] Rocker Report wrote an interesting post today on InfoAdvocate " Facebook Applications: Back Doors for Law…Here’s a quick excerpt bookmark this on del.icio.us – posted by krisana_hodges to facebook privacy marketing ideas and saved by  people… [...]

    Pingback by Facebook » InfoAdvocate " Facebook Applications: Back Doors for Law… — April 22, 2008 @ 1:51 pm

  3. [...] APIs. These allow even more third party access to data, often in a way that is hidden. I’ve previously blogged about the privacy and civil liberties issues with law enforcement created applications. You can [...]

    Pingback by InfoAdvocate » Sources for Social Networking Privacy — April 24, 2008 @ 9:12 am

  4. [...] 7) זה טוב מדי פעם לראות רשויות ממלכתיות צועדות אל תוך העולם הממוחשב: משטרת מנצ’סטר הקימה ב-Facebook את המקבילה האינטרנטית לק…. [...]

    Pingback by The Less Interesting Times » Blog Archive » משעזעי ומענייני השבוע - 02/05/2k8 — May 2, 2008 @ 12:05 am

  5. [...] earlier blogged about the civil liberties dangers that law enforcement Facebook applications pose. The problem: by default, applications have access to much of your and your friends’ [...]

    Pingback by InfoAdvocate » BBC Creates Data-Mining Facebook Application — May 2, 2008 @ 12:44 pm

  6. [...] expect online was very different. Well, now it seems, this case has surfaced outside of academia. And the stakes seem a bit higher: Via Google News I hear of a new Facebook Application: GMP Updates. The application, also known as [...]

    Pingback by Cyberspace Cops « Blind Man with a Pistol — May 7, 2008 @ 8:17 am

  7. [...] feed of crime updates and links to a form for reporting crimes, according to the article. It??s thehttp://infoadvocate.org/blog/2008/04/16/facebook-applications-back-doors-for-law-enforcement/PHP: GMP Functions – ManualHere&39s a quick and dirty way to use simple gmp functions with PHP [...]

    Pingback by gmp — June 3, 2008 @ 9:30 am

  8. [...] previously blogged about the civil liberties implications of law enforcement applications.  Applications see your Facebook Site information, including: The Facebook Site Information may [...]

    Pingback by InfoAdvocate » Neat Facebook App Named “Privacy” — June 9, 2008 @ 8:43 am

  9. [...] [...]

    Pingback by nc f 3 form law enforcement — July 7, 2008 @ 10:22 am

  10. [...] [...]

    Pingback by police news articles — July 10, 2008 @ 4:04 am

  11. Ironic that to interact with this site you demand an email address, anway…

    I don’t think you make it very clear why your concern comes from an application aimed at law enforcement, and not from the far more nefarious corporate spying that has become (largely) so acceptable on Facebook. I appreciate you do raise concerns, but surely the intentions behind GMUpdate are far better natured than, say, Blockbuster.

    Comment by Doug — August 13, 2008 @ 6:32 am

  12. [...] InfoAdvocate [...]

    Pingback by wo sind all die Daten hin | F!XMBR — August 19, 2008 @ 2:41 am

  13. [...] public links >> digitalrights Facebook Applications: Back Doors for Law Enforcement? Saved by gabato on Mon [...]

    Pingback by Recent Links Tagged With "digitalrights" - JabberTags — August 26, 2008 @ 8:15 am

  14. [...] Recent public urls tagged “digitalrights” → Facebook Applications: Back Doors for Law Enforcement? [...]

    Pingback by Recent URLs tagged Digitalrights - Urlrecorder — September 13, 2008 @ 2:46 am

  15. Some interesting observations. Never really considered what rights to information on Facebook law enforcement has.

    One aspect I do like on Facebook is how it has been used to try and find missing people. I was sent a message from a friend on Facebook and it was a request from a mother looking for her missing son. I immediatly sent it out to all my friends and instructed them to do the same. Big difference from that and using it to look for criminals though.

    Comment by Anonymous — November 24, 2008 @ 12:17 am

  16. I always hated that about Facebook. You add an app and it asks you to verify that its ok to share your Facebook info with the app creators. As far as I am concerned, they should only maybe share your e-mail address with the apps, nothing more.

    Comment by App Crap Editor — November 24, 2008 @ 12:41 pm

  17. [...] out. The last big ones are explained by Michael Geist, with the particularly nasty ones being third party applications and data collection of non-users. I’m not going to close my account but I’m going to be [...]

    Pingback by Privacy Commission’s report on Facebook, their jurisdiction and findings - im addicted — July 17, 2009 @ 1:56 am

RSS feed for comments on this post.

TrackBack URI

Leave a comment