Skip to content
Naked Security Naked Security

Police mine Facebook for data on inauguration protesters

Mobile devices and social media accounts targeted by police in the aftermath of arrests

The day after Donald Trump was inaugurated, the Women’s March in Washington DC (pictured) was remarkably calm. In fact, out of an estimated 500,000 protesters jamming city streets, there were zero arrests.

It was quite a different scene the day before, when a handful of inauguration protesters shattered store windows, set fire to a limo, and hurled projectiles at police in riot gear, who responded with flash-bang grenades, tear gas and pepper spray.

The police did more than that, though. They also started looking for information on the social media accounts belonging to at least two of the people they arrested, CityLab reports.

Many of those arrested had their phones seized by Washington DC police. Facebook – specifically, its Law Enforcement Response Team – subsequently sent an email to one arrestee to inform them that law enforcement had sought information about their account.

The individual had less than 10 days to respond with legal filings, Facebook told him or her. If the accused failed to provide copies of court documents filed to stop the issuance of the information by that deadline, Facebook said it “may need to respond to this legal request”.

A second individual targeted for social media investigation provided CityLab with the subpoena that had been served on Facebook for his or her account information. It was issued by the US Attorney’s Office for the District of Columbia on January 27 – a week after the inauguration – and signed off by a DC detective.

The person who provided CityLab with the subpoena said that redacted blocks on the second page shield columns of phone numbers, which are connected to other arrestees for whom the District Attorney and police were seeking information.

Not all those arrested were protesters: rather, sweeping arrests during the inauguration parade indiscriminately targeted rioters, protesters, medics, lawyers and journalists alike.

There were approximately 230 people concerned with the protest – be they protestors or those helping or reporting on protesters – who were arrested on Inauguration Day. Federal prosecutors have said that 217 will be charged with felony rioting: an offense that’s punishable by up to 10 years in prison and a fine of up to $250,000, though maximum fines are rarely imposed.

Besides Facebook accounts, it appears that police may have been attempting to search arrested people’s devices for content pre-trial. CityLab reported last week that one arrestee’s Gmail account showed account activity from their mobile device while it was in possession of police:

This prompted questions about whether the police had the phones out, instead of properly securing them away in evidence bags, causing concerns that police were mining them for content pre-trial.

DC Metropolitan Police Department declined to comment on “investigative tactics” when CityLab asked if police had asked Facebook to reveal information about the arrestee who got the letter from Facebook. The DC US Attorney’s Office hadn’t responded to an inquiry as of Tuesday.

Neither would Facebook comment on individual requests. But a spokesman did point CityLab to Facebook’s law enforcement guidelines page and to its Government Requests Report database, where the public can see how many legal processes it receives from countries worldwide.

According to Facebook’s database, US law enforcement hit up the platform for information on 38,951 users’ accounts between January and June 2016. Facebook gave them some type of data in nearly 81% of those cases.

According to Facebook, a subpoena can enable police to get at users’ content, including “messages, photos, videos, timeline posts, and location information”. A warrant or a court order would net the law less information, but would still include the individual’s “name, length of service, credit card information, email address(es), and a recent login/logout IP address(es)”.

Chris Conley, a policy analyst for the ACLU of Northern California, told CityLab that barring an emergency situation, police would need a search warrant to search locked phones.

Jeffrey Light, an attorney representing several of those arrested, said he hasn’t been informed of DC police having gotten warrants to search through protesters’ phones. But one person arrested told CityLab that while they were being detained, they’d heard police claiming to have a warrant.

A warrant may grant investigators the legal right to get at information in a locked phone, but how does it happen from a technological standpoint?

If we learned anything from the epic battle between the FBI and Apple over encryption in the case of the San Bernardino shootings, it’s that there are ways to get into locked phones, even if Apple steadfastly refuses to break its own encryption at the government’s request.

Last April, the government got past Apple’s encryption on terrorist Syed Farook’s phone, with the help of a unnamed third party.

Besides the government’s success in backdooring the terrorist’s phone, there are cellphone extraction devices that can be used to crack the locked devices and to extract data including deleted call histories and text messages, as well as data collected by the phone and apps that the user is unaware is being collected, as The Intercept has reported.

In other surveillance news, Reuters reports that the House has passed a bill requiring warrants to search old emails. The news outlet called it a win for privacy advocates fearful the Trump administration may work to expand government surveillance powers, but the House passed it unanimously last year only to have the Senate quash it.

The same is likely to happen this time around, given Senate opposition.


4 Comments

Please clarify this apparent conflict I/n your article:

According to Facebook, a subpoena can enable police to get at users’ content, including “messages, photos, videos, timeline posts, and location information”. A subpoena or a court order would net the law less information, but would still include the individual’s “name, length of service, credit card information, email address(es), and a recent login/logout IP address(es)”.

I’m in the UK so don’t understand the US criminal justice system but if you’ve been arrested then how do you get access to your email to respond within the 10 days? Presumably if there is enough information, e.g. CCTV footage, to charge you within the initial 48 hours(?) whilst you’re at the police station then you won’t have access?

Comments are closed.

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?