What A Facebook Response To A User Data Subpoena Looks Like

Last year, Facebook got a little more transparent explaining what kind of data it would provide to law enforcement officials when they made formal subpoenas for user profiles. Now, we can have a look at exactly what that Facebook account report looks like, perhaps for the first time.

The document comes by way of the newspaper the Boston Phoenix, which this week published a long feature on how digital sleuthing led to detectives tracking down Philip Markoff, a man accused of robbing two women and murdering a third, having initially made contact with them through Craigslist. (Markoff committed suicide before his case went to trial.)

The feature is worth reading in itself, but what’s equally interesting is that the Phoenix has taken the opportunity to also make public an extensive amount of evidence that was used in the case, covering things like CCTV footage, audio of police interviews… and all of Markoff’s Facebook data.

The Phoenix didn’t obtain that data directly from Facebook itself, but got it as part of the Boston Police Department’s public release of its investigation case file (the BPD had originally gotten the data by subpoena). Two things stand out here:

Facebook has passed on on a pretty comprehensive record of time spent on the social network. As you can see in the embedded document below, wall posts, messages, photos, contacts and a record of all of Markoff’s past activity are included.

Privacy is a very messy issue in social networking. The Facebook file contains much more than info on Markoff: it also intersects with a bunch of people who had nothing to do with this investigation. And the police, in this case, didn’t redact anything from that Facebook file when passing it on to the Phoenix. That also leads to questions about who, ultimately, is responsible for this information?

As the Phoenix writes, it redacted what the BPD did not, so that it could give more insight into what Facebook is providing to law enforcement:

In other case documents, the police have clearly redacted sensitive information. And while the police were evidently comfortable releasing Markoff’s unredacted Facebook subpoena, we weren’t. Markoff may be dead, but the very-much-alive friends in his friend list were not subpoenaed, and yet their full names and Facebook ID’s were part of the document. So we took the additional step of redacting as much identifying information as we could — knowing that any redaction we performed would be imperfect, but believing that there’s a strong argument for distributing this, not only for its value in illustrating the Markoff case, but as a rare window into the shadowy process by which Facebook deals with law enforcement.

There is another place where these documents may have some significance: Over in Ireland, the Data Protection Commissioner has made several recommendations to Facebook to make its privacy and data policies more user-friendly — recommendations that have wider significance because Ireland is where Facebook has its international headquarters.

One issue that the DPC has emphasized is how Facebook provides users with their data if they request it. This has been a contentious area, with at least one consumer rights group accusing Facebook of not being clear enough in its data reporting. This subpoenaed document from Boston could point the way for how user data might one day look when regular citizens request it from Facebook, too.