I recently served on a jury for a violent crime, and as a juror being able to see evidence like cell phone records and closed circuit video was incredibly valuable. Cases that would have otherwise been a matter of "he said, she said" can have corroborating evidence that makes it much easier to be convinced beyond a reasonable doubt. I wondered how prosecutors managed to convict at all before these kinds of electronic records were available.
I'm not downplaying privacy concerns, but when you can see thing from the other side too it's easier to see it as a set of trade-offs that need weighing. It's not a black and white issue.
EDIT: Also remember that evidence can help the falsely accused just as easily as it can help victims of crime. Phone records can give a person an alibi that would otherwise have been very difficult to prove.
I find evidence from mobile phones to be potentially problematic. If they track your position, you could just leave your mobile phone home when doing crimes, and say that you are home (You can tape it to your dog to make more realistic movement). If they track activity (but not content), you can make a program which sends empty messages to another mobile phone, or calls another mobile phone at some specific time. Finally, if you track content as well, create the content of the messages while you define when to send them, or make a predefined sound record which you transmit when the phone call is coming up.
You could be in a one hour phone call while the robbery you performed happened, and that phone call had your voice in it, and you were home while you called. Isn't that quite the alibi?
A couple things. First of all, the elaborate fabrication you're talking about is possible with all kinds of evidence, not just cell phone records. You could go around leaving misleading physical clues. You could take photographs that have an intentionally mis-set clock in the background. You could bribe or intimidate people into lying on the stand. etc. etc.
Second of all, the kind of fabrication you're describing is much more difficult to pull off than you realize. There are lots of different kinds of evidence and you would have to have some serious foresight to fabricate it all in a way that is consistent. For example, here's a case of someone who took a lot of effort to fabricate evidence of a rape against an ex-boyfriend. She did such a convincing job that he was jailed for a while, but eventually the truth came out.
Most criminals (or false accusers) don't have nearly this level of planning. The defendant in my case was actually a really smart guy, and had spun a story that cleverly was corroborated by the cell phone records of his accuser. But he was caught in a trap when his own cell phone records showed calls that the other phone didn't show. And he had had weeks to create this false story.
Framing someone (or hiding your crimes) is harder than it sounds. In most cases, the simplest explanation is the right one.
>Framing someone (or hiding your crimes) is harder than it sounds.
Is that why ~30-40% of murders in the USA are unresolved (IIRC) ? I'd say that unless you are a known criminal being monitored or an obvious suspect you will get away with it just fine, without thinking too much about CSI show style clues.
Ah, I see. So this falls into the category of "very hard to fabricate"-evidence, if I get you right. Then, that makes it reasonable to use it as evidence.
Just a though experiment: Would a mobile phone with these possibilities (sending messages with specific data at a specific time, or calling another phone of this type and transmit preproduced sound input, all without being able to distinguish between a "timed" message/call and a normal one) be a legal electronic device? If so, will they change how the law looks at evidence of this kind?
This is not legal advice. Please don't try to build one of these devices. I haven't researched this answer. But off the top of my head:
My guess is it's legal to have a phone that can be programmed to perform activities at specified times. You'd essentially just be making robo-calls/robo-texts, which lots of people do. For example, I get a lot of texts from political campaigns, and I wouldn't be surprised if these were written then scheduled to automatically go out at a certain time.
That being said, fabricating evidence is clearly a crime. So, I suspect that you could legally build and possess such a device, but could be guilty of a crime depending on how you use it. The same could be said of probably any non-contraband object.
Again, don't build one of these on my say-so. I'm just speculating.
As to the second part of your question--how the law would look at this kind of evidence in light of the possibility of fabricating it--that really depends on the jury. As it would play out in court, the party presenting the phone evidence would try to convince the jury that it's authentic, e.g. with expert testimony. Likewise, the other party could try to raise doubts as to its authenticity, perhaps by bringing expert witnesses of their own, who would testify about how easy it is to fake and such. And then it would be the jury's decision to give the evidence as much or as little weight as they see fit. So, there's no one-size-fits-all answer. It would depend entirely on the case each side makes and the whims of the jury.
Adding to your “how the law would look at this kind of evidence in light of the possibility of fabricating it--that really depends on the jury”: making the case that the evidence was fabricated would probably not be too difficult looking at the accused’s normal call patterns (from which this “night of the crime” will probably deviate), no incoming calls (or worse; a missed incoming call), testimonies from the people called by the accused at the night of the crime, asking questions about the alleged conversation etc.
For a fake alibi, making fake calls at the night of the crime is probably not the best option.
They just need one camera that caught you outside your house to shatter all that work. There are so many cameras that it's very difficult to hide from them all. If the crime you commit is serious enough to go through strapping your phone to your dog, the police will scour lots of cameras in te area.
Have you seen the typical quality of cctv footage?
A lot of the time, if I had strong circumstantial evidence that I was at home, I'd quite likely get away with a fair bit of "heavy set person in a black hoodie seen leaving the crime scene" cctv video.
Yes, think of all the things we can do with street CCTV surveillance. Or with cameras matching license plate numbers on the street. Or with a secret service allowed to act within our borders and against american citizen.
The point of laws is not to make things harder for the police, it is to protect all of us from the government.
Your sarcasm is exactly the kind of black and white thinking that gets nobody anywhere.
> The point of laws is not to make things harder for the police
The Facebook info presented in this article was lawfully obtained through a subpoena, so I'm not sure what you're talking about.
> it is to protect all of us from the government.
Laws also exist to protect us from each other. When a crime is alleged, justice is best served (for both the accuser and the defendant) by having as much evidence as possible. But there also need to be checks on this, which is why we have the Bill of Rights and evidence rules in court.
Think about how much fewer wives would be beaten if the Government had a camera in everyone's bedroom, or how much money we'd save on taxes if law enforcement could do anything they wanted without a warrant.
Yes it's sarcasm, but I don't think the law enforcement agencies see it like that. They actually want that, and they've said before that having to get a warrant makes it "hard" for them - even though 90% of the warrants they ask for are approved.
Lately all of them are pushing for more invasion of privacy, because they don't see it like that. They see it as "making our job easier" - without any regard for the abuses that could lead to or for history of Government oppression, or if the people actually want that. After all, surely they know "best" what needs to be done to protect the population.
> Yes it's sarcasm, but I don't think the law enforcement agencies see it like that.
Maybe some do, but some privacy advocates think it would be best if individuals could always prevent law enforcement from obtaining any evidence. Don't make arguments that are just as absurd as the extremists on the other side.
Before electronic records, the standard of "reasonable doubt" was different, and much more dependent on physical evidence and eyewitness accounts. The rise of these newer types of evidence is part of what has shown that eyewitness accounts are not nearly as reliable as once thought.
The problem is not that more evidence is being produced. The problem is that the new evidence tends to be concentrated in the hands of a very small number of companies.
Wait, if it's valid evidence, as likely to be invaluable to the accused as the accuser, how does the concentration of evidence harm society? What part of justice is served by having investigators wasting time mining evidence out of obscure hiding spots?
- If a database is hacked/stolen, the impact is much worse.
- If the people who control the database become malevolent, the impact is much worse. Think about a totalitarian government weeding out its political enemies by seizing a big centralized database.
I see your point but it's hard to explain a "human body decompose" Google search, when years later a [family member] disappears and the cops suspect family (as is normal.) But I was watching a CSI episode and ....might not fly. Especially if you searched for large bags a few months later.
Search engines are much worst given that you search for information and ask questions about everything.
You have to remember that jurors are normal people who have no vested interest in the case either way. As a juror you feel a heavy weight of responsibility, because you know that people's futures are in your hands.
If a person is convicted, it is because 12 random people unanimously agreed beyond a reasonable doubt that the alleged crimes happened. Your lawyer would have a chance to stand in front of the jury and say "of course my client was trying to learn about what happens when a human body decomposes; his family member was dead and he wanted to learn the truth." Jurors are normal people who understand normal arguments.
True but:
- You have to have money for lawyerS, and lots of it. Most people are already deep in debt and if they don't work for a few months they are out of their apartments. Now imagine having to come up with, say $50K cash, within a week, while in jail. And $50k is nothing. If the court appoints you one, he'll probably push to make a deal so you serve 12 instead of the gazillion years all the charges end up to. The deal of the century. He has another 11 defendants to defend this month.
- You are in the defendant's chair, and for every juror that takes the oath and presumption of innocence seriously there is another one that assumes you did something ("Why else would they pick on him?")
- Prosecutors, police, detectives and jurors are people, full of human faults. To go home in time for Easter one might be persuaded to vote guilty instead of holding up. It's not unheard for the cops and prosecutors to want 'someone' in jail for X crime, keeps the public reassured and helps their career.
- Unless you're mega-wealthy you're outmatched. The state uses virtually unlimited amount of your tax dollars to hire the best DNA experts and pathologists and you, John Q, can't match them. On the stand detectives have perfected how to testify and use anything to fit their agenda: "he cried /he didn't cry /he cried too little /he cried hysterically (sounded fake) or his cries were too perfect, as if calculated to deceive..." That huge fight with your wife will be told as a possible motive but no one is there to tell about the hugs and kisses 15 minutes after. Oh, you've been "poking" your high school sweetheart of FB and been talking about the "good old times"?
So yes, our justice system is relatively fair but if you get screwed the stats mean nothing, you're toast.
The government doesn't have the "virtually unlimited" prosecution budget you're claiming. Many prosecutors are overworked and given almost zero time to prep a case. High-profile cases get more time and money, of course, but these are statistically very rare.
Also, a person probably won't be convicted on a Google search alone. The burden of proof falls on the prosecution, meaning that they have to present more than just a few shreds of suggestive evidence.
Simply exercising one's right to remain silent, demanding a lawyer (even a public defender), and pleading not guilty vastly improves one's chances. The vast majority of convicts in the US sealed their fates by talking to the police, pleading guilty, or both. We'd have a much lower conviction rate across the board if everyone shut up, lawyered up, and pled not guilty--which could be seen as good or bad, depending on your perspective.
As an aside, public defenders are better than most people believe. They often do just as well statistically as private defense attorneys.
If you write, read, bookmark, share or search for something like this [0], does your conditional probability of killing someone go up? Probably not - chances are you just happen to be morbidly curious. The real killer, being smart enough, would never let his or her identity be coupled with such an obvious clue.
That's the rational answer. What's the more probably answer?
A lawyer with an excerpt of your most mischievous writes, reads, shares and bookmarks could paint quite a despicable portrait of you, the villain. Remember that time when a friend showed you a link which you stupidly clicked on? Yeah, that too.
And that "no real criminal would leave a trail like that" line won't work either - because we all know how criminals are stupid.
--
My point is that I agree with you. Psychological profiles will probably become more commonplace as data mining et al. goes mainstream. These can be manipulated. Badly.
If you give me six lines written by the hand of the most honest of men, I will find something in them which will hang him. (Cardinal Richelieu)
How about six million lines? All written with the naive understanding that they would stay private.
--
For us, all of this privacy issue thing is far from news. We know about it. But as a society, we are still very far from developing the new values that are necessary given this overflow of intimate knowledge.
EDIT: Maybe I am being overly cynical about how the justice system can be manipulated. As the above two comments suggests, it is indeed designed to be a robust system. However, looking at cases in the US of people wrongfully executed, it doesn't seem like an unreasonable stance to be a bit distrusting of the manipulation possibilities.
> If you write, read, bookmark, share or search for something like this [0], does your conditional probability of killing someone go up?
I would guess yes - it seems likely that the fraction of killers who look up things like that is greater than the fraction of not-killers. Even taking into account that some killers will look up stuff like that and hide their tracks.
(Remember that killers, too, may be morbidly curious. Assume they're just as likely as anyone else to be. Then we're really comparing "how many killers looked stuff up specifically to learn to hide their crimes?" versus "how many people who subsequently became killers refrained from looking stuff up out of morbid curiousity, because they didn't want it used as evidence against them in future?")
But not so much higher that it's strong evidence, so your point stands.
In fact, it is still so low that it is likely not useful evidence at all.
Let's say there are 50 serial killers in operation in the US. And the MeFi thread cited had 100,000 uniques. Even if all 50 killers read the thread you would still get a huge false positive rate if you are counting on that thread in the browser history alone telling you anything.
Sorry, are you aware of someone who can be proved to have been executed in the US within the past few decades for a crime they did not commit?
I'm aware of instances where "key witnesses" recant decades later (under what kind of pressure from defense attorneys or their own conscience I have no idea...) But I'm unaware of any instances where innocence was clearly established after an execution was carried out.
The Innocence Project reports that they've exonerated (via DNA evidence) 17 people who had already been sentenced to death and were awaiting execution:
This strongly suggests that many other innocent people are still on death row or have already been executed, since the Innocence Project doesn't have the resources to investigate all cases of claimed innocence, and has to limit its efforts to saving people who are still alive.
The Wikipedia article on wrongful execution claims that "at least 39 executions are claimed to have been carried out in the U.S. in the face of evidence of innocence or serious doubt about guilt."
So pick the most convincing one that was actually executed. For such a charged issue, it's hard to take passive voice claims on Wikipedia too seriously.
Felker and Garrett are the only "specific examples" in that article from the US in the past few decades. Garrett sounds plausibly innocent, but there's certainly no posthumous proof. Similarly, Felker's alibi depends on autopsy results from a body found in a creek. Not really a slam dunk either.
Many anti-death penalty advocates believe (wrongly, I think) that it would be a huge boon to their cause if they could identify someone who was clearly innocent of the crime for which they were executed. oskarth apparently believes instances have already been found. I'm just looking for the current exemplar.
None of those people were actually executed, which was my question and oskarth's claim: That people in the US had been wrongfully executed. Not wrongfully sentenced to die.
Are you too lazy to read before posting a knee jerk Wikipedia page?
How about just posting one name of an executed prisoner?
I would be surprised if that passed federal rule of evidence 404(a), which is a part of U.S. law which says "Evidence of a person’s character or character trait is not admissible to prove that on a particular occasion the person acted in accordance with the character or trait."
I mean, this is assuming that we're talking about "years later" -- in other words you really are trying to say "this person was of a very morbid character and was interested in researching facts about human body decomposition." Heck, I made searches like that when I was writing the first draft of a NaNoWriMo novel.
It's incredibly ironic that The Phoenix censored out identifying information of Markoff's friends, but left all the event / profile ID's in the browsing history section. You can easily go back to a 3 year old event:
Kind of creepy to say the least. I'm surprised they made such a huge mistake. Knowing which profiles he stalked before committing his crime is even more sensitive than just friendship connections in my opinion.
It makes one wonder how many people will create a fictional facebook 'experience' which is to say spend time building up an alternate identity in various social sites so that in the event they are charged with a heinous crime they can confuse the jury and make it seem 'out of character.'
> building up an alternate identity in various social sites
I wonder when we will see the startups that offer this as a personalized service. It can be equally responsive to law enforcement, should actual legal processes are involved, but for any other actor besides the law, the illusion can be real.
In Vinge's novel Rainbow's End, there is a group called the Friends of Privacy which basically exists to obfuscate and inject noise into the identifying information found online.
I skimmed the document. Nothing terribly damning, or that you wouldn't suspect that FB would hand over.
No, the part that creeps me out is when they start being able to hand over my political preferences and ideological bents and how likely I am to consume drugs based solely on how I am friends with.
"Your honor, members of the jury, the evidence is clear: based on phillmv's social graph, he's 83% likely to be a stark raving socialist capable of committing precisely this sort of crime. As we all know, Facebook cannot lie!"
Well, there is one thing "terribly damning," and that's the "Deleted Wall Posts" bit.
This was also discovered when someone in Europe requested all of the data that Facebook has on him: that stuff which he had deleted had never actually been deleted, but was instead stored with a flag "deleted=True" which was checked by the database queries.
In principle, at least for short time scales, this is not a bad idea -- you should try to make most or all of your database manipulations reversible, just in case someone steals someone else's account (or other similar abuses). But for long time scales, you would really expect that it would eventually get purged -- and as far as anybody knows, it never is.
You can't purge backups: if the servers were allowed to go in and remotely modify the off-site backups to purge deleted data, then an intruder could do the same thing for all data. So you can't permanently delete data in the backups. When subpoenaed, Facebook would have to go back through the backups and find the user-deleted data anyway: they still have it under their control. So there's really no difference in marking a "deleted" flag or purging the data from the production servers: they are not (and should not, and arguably cannot be) able to the data from backups.
This is true for all web services. I'm not even getting into about the support and user anger cost by permanently deleting user data. But it's clear to see that this — while an intuitive idea — is not practically possible for most web services.
I would agree that there are privacy concerns whenever you back up user data. It's something of an interesting question because users could also be held responsible for creating their own backups, especially if you made it extremely easy for them to do. It's something like when my VPS failed. The code that I was running on my VPS I routinely backed up, but the database -- while I serialized it to disk -- wasn't ever transferred to my local computer because I didn't think it was important. When the VPS failed, the whole database was gone. The point is, I can't be angry at them for not backing it up, because that wasn't a term of the service they were providing me. A similar mental model could probably work for database-driven sites, at least for the databases storing user content -- your code should of course always be under a mirrored version control. ^_^;;
I thought that was always how it's done? As a side project I'm making a public forum where people can delete each other's posts (it's mostly an experiment) and I'm still keeping the data that's deleted, just not showing it. I didn't think companies ever really drop entries from their database when users "delete" something.
Like I said, normal practice is to make "delete" reversible, which means that you must add something as opposed to subtracting something. But in principle there is probably some duty of privacy that when you say "I've deleted X," then you actually are intending to delete X. Anything else would seem problematic.
Well there's a bit more to it - it's an imitation of the poster walls you see in coffee shops and around schools. Posts take up space on a limited area, so in order to make a post you have to find an empty spot or cover up someone else's post. You can also take anything down, so it's community moderated. I want to see how civilized people can be expected to act anonymously. I'll probably share it on HN if I get any users :P
Correct. (And it is the contrapositive of this statement which allows us to know that they did not purge them.) But they are not required to collect arbitrary data for later supplying to law enforcement -- law enforcement can subpoena you when it has a reason, but if you don't have information then they can't demand it of you.
If it helps, this is why the various alternatives to Google are able to announce that they don't collect user data: they have no obligation under US law to be collecting such information, so, they don't.
Don't forget about Max Schrems from Austria.
He got Facebook to send him on their data on him (at least most of it)
I couldn't find the original news article I read when it first came out but here seems to be a good summary of what he found out:
http://www.youtube.com/watch?v=kJvAUqs3Ofg
While this may not be identical to what cops would receive from a subpoena request, it shows at least part of what Facebook knows about you.
One would think what special secret information facebook has on its users - where they are, what do they click to over the site, what sites do they visit even outside the FB site, but nope, it's just that - the data people wrote to the system themselves, voluntarily. Maybe with their public IP, sometimes.
Maybe I am skipping something, but there is nothing one wouldn't reasonably believe Facebook has on you and would give to the police.
edit: oh. I did miss the browsing history section.
Did anyone else notice the 172.23.8.44 "login IP" on the third page? What does it mean that the login IP is a non-routeable address? Is that some kind of IP in use inside FB's network?
Do you feel FB did something wrong here, and if so could you elaborate? I don't see this as much different from subpoenas of phone records, for example.
Well for one, they handed a bunch of personal details on the friends of the suspect, and the police department published them unredacted. Being friends with a suspect can be problematic, apparently. No one wants to be known as the FB friend of a serial killer.
While most people on hn probably know about this, you would be surprised at what the general public would think about this story. I hope it gets spread further in the media so more people know exactly what fb(and other social networking sites) keeps tabs on and what info they give out to law enforcement.
"Keeping track of these records is required by law."
What law? Which records? There are websites, such as those which provide anonymous web access, which say that they don't keep any records, or keep IP addresses only, or keep records for no more than 30 days, or whatever. Are they lying to us, or are they intentionally breaking some law? Exactly how can I be forced to keep any kind of log, for any period of time?
It's a really complicated legal issue, and the last thing you would want to do as an international company is shoot yourself in the foot by deleting "evidence".
FB is an American company, and the crime of which the article speaks happened in the US, and the article you cite says:
"The United States does not have any Internet Service Provider (ISP) data retention laws similar to the European Data Retention Directive. All attempts have failed:"
THEREFORE: Under what law was FB required to retain the data, which was eventually handed over under subpoena?
The location of its legal tax headquarters is up for debate; Additionally, Facebook has corporate offices all over the world in different countries:
https://www.facebook.com/careers/locations
Italy, India, Canada, New Zealand, Belgium, etc.
Clearly it's not just a "US" company and only has to follow "US" laws.
Taxes are not involved in the question. When it comes to US cases, FB only has to follow US laws. Therefore, data generated by US-based users should not be retained.
But I think i remember something about Facebook having european offices in Ireland, so for us Facebook users in the European Union it's the Irish and EU laws they have to abide.
But I havent got a clue about what law regulates theese things.
Where are the private messages though? Did Facebook hold them back? Should be the most interesting (and well, most private) bits. (Sorry, I am in a bit of a hurry right now and only had a quick look at the article and the provided document.)
And a bit off-topic, but related: does anyone know if Twitter actually deletes direct messages or are they just not visible on the website any more?
Why not? Most companies do - since most webservers are configured to log every request by default. Of course, with facebook volumes they probably don't use "default" solutions for anything - but logging every click is a norm for most sites.
I am 3 seconds away from deleting my account, but before I do that I would like to know if fb actually deletes my account and everything I've generated on there. I have a feeling that they just insert a "deleted=True" in the database. In that case I don't want to delete my account, because I'm merely giving up my right to log in.
So, do they completely remove my account information, or do they just mark me deleted?
What you do with your account is for you to decide of course, but it shouldn't really come as a surprise that facebook has this data (they show it on the site) or that they would comply with a subpoena.
The surprising bit for me is how much data is missing from this.
I presume you deleted it, but they do say they will delete it. I may try a data protection request to see if they have as I deleted my acount a long time back.
Interesting that things like photo tagging is stored in a changing timezone (some are PDT (UTC-7), some are PST(UTC-8)), whereas for the access logs, they state that everything is PST.
Why would they be storing/using time in a timezone anyways?
Resembles the contents of the zip file you get if you click the button on Facebook to download your entire personal data (yes, it exists. It generates huge HTML pages of all your messages, wall posts, photos etc)
I'm not downplaying privacy concerns, but when you can see thing from the other side too it's easier to see it as a set of trade-offs that need weighing. It's not a black and white issue.
EDIT: Also remember that evidence can help the falsely accused just as easily as it can help victims of crime. Phone records can give a person an alibi that would otherwise have been very difficult to prove.