Create an Account
username: password:
 
  MemeStreams Logo

MemeStreams Discussion
search
Home Agent Weblogs Social Network Post Help About


This page contains all of the posts and discussion on MemeStreams referencing the following web page: LawMeme: eBay's Policies on Cooperation with Law Enforcement. You can find discussions on MemeStreams as you surf the web, even if you aren't a MemeStreams member, using the Threads Bookmarklet.

LawMeme: eBay's Policies on Cooperation with Law Enforcement
by Elonka at 10:36 am EST, Feb 18, 2003

] We [eBay] can (and you authorize us to) disclose any information
] about you to law enforcement or other government officials as we,
] in our sole discretion, believe necessary or appropriate, in connection
] with an investigation of fraud, intellectual property infringements,
] or other activity that is illegal or may expose us or you to
] legal liability.

This is a question that I've been following closely, especially as regards the war on terrorism. If an ISP or other online service provider were to discover that one of the names on the "FBI's Most Wanted Terrorists" list showed up in their user list, what are they legally allowed to do? Is the ISP allowed to call up the FBI and say, "Hey, I may have one of the people that you're looking for?" Or do they have to request that the FBI generate a formal subpoena first? How much information can the ISP legally volunteer to law enforcement (name/address/credit card/surfing habits/etc), and at what point should the line be drawn about requiring oversight of which information is released?

Also, which law enforcement agencies should be entitled to which? If an ISP volunteers the full set of info to the FBI, can or should they also volunteer that information to their local police? Or what if a police department from another state contacts the ISP and asks for the info? Or a lawyer from another state? How much burden should the ISP assume in order to confirm that they're getting a bonafide request from a legitimate law enforcement agency? I hear that some ISPs require a subpoena for *any* info request. Another ISP that I've heard about won't release any info unless an agent *personally visits their offices*, which obviously places a huge, expensive (and in my opinion unreasonable) burden on agents attempting to investigate a cyberspace crime which may span across multiple states.

I'd like to see a consistent balance between allowing business to voluntarily help law enforcement with criminal investigations, while at the same time also protecting the privacy of individuals. And while I don't believe that law enforcement has the right to demand any information about anyone at any time, I also think that things can flop in the other direction too, where requiring a court order or personal "face to face" request for the release of certain types of non-sensitive information can be over-kill. I'm not certain myself what the ideal solution is, but I continue to follow the debates with interest.

Link - Reply

 
RE: LawMeme: eBay's Policies on Cooperation with Law Enforcement
by Decius at 12:08 pm EST, Feb 18, 2003

I'm going to try to answer your questions. I'm not a lawyer, but I've spend a good deal of time reading up in this space. My answers probably aren't exactly right, but they are probably fairly close.

Elonka wrote:
] This is a question that I've been following closely,
] especially as regards the war on terrorism. If an ISP or
] other online service provider were to discover that one of the
] names on the "FBI's Most Wanted Terrorists" list showed up in
] their user list, what are they legally allowed to do?

You are always allowed to call the cops. If you see something that you think is suspicious you are allowed to inform the police about it. Sometimes, particularily with respect to intellectual property, you are legally compelled to remove offending content, etc if you happen upon it...

] How much information can the ISP legally volunteer to law
] enforcement (name/address/credit card/surfing habits/etc), and
] at what point should the line be drawn about requiring
] oversight of which information is released?

Its fuzzy. It depends on the situation. You can't provide the police with any information that you shouldn't have. If you're an ISP you shouldn't be logging the contents of the emails of your users without informing them clearly that you do this. For the most part, if you hook up something that collects emails from someone because you decided that they are suspicious, and then you turn that information over to the police, the data may not be admissible, because the person has a reasonable expectation of privacy and you violated that. This is why your privacy policy is important. If you tell your customers that you are going to defend their privacy, then you are contractually obligated to actually do it.

For the most part, the rules have more to do with what you are compelled to provide rather then what you are required to keep secret. It is assumed that the market will sort out the rest, as customers tend to prefer that their privacy be protected, and choose companies that agree to do so.

] Also, which law enforcement agencies should be entitled to
] which? If an ISP volunteers the full set of info to the FBI,
] can or should they also volunteer that information to their
] local police?

You can call any police agency that you want, and offer what you want to them (notwithstanding the above issue). Whether they actually act on it is a matter of jurisdiction, and severity.

] Or what if a police department from another
] state contacts the ISP and asks for the info? Or a lawyer
] from another state?

You are not COMPELLED to respond to either request without court authorization, except in the case of a DMCA notice (intellectual property.) You can respond to them if you want, presuming you are not violating your privacy policy in doing so.

] How much burden should the ISP assume in
] order to confi... [ Read More (0.3k in body) ]

Link - Reply

  
 
Powered By Industrial Memetics