BanderasNews
Puerto Vallarta Weather Report
Welcome to Puerto Vallarta's liveliest website!
Contact UsSearch
Why Vallarta?Vallarta WeddingsRestaurantsWeatherPhoto GalleriesToday's EventsMaps
 NEWS/HOME
 AROUND THE BAY
 AROUND THE REPUBLIC
 AROUND THE AMERICAS
 THE BIG PICTURE
 BUSINESS NEWS
 TECHNOLOGY NEWS
 WEIRD NEWS
 EDITORIALS
 ENTERTAINMENT
 VALLARTA LIVING
 PV REAL ESTATE
 TRAVEL / OUTDOORS
 HEALTH / BEAUTY
 SPORTS
 DAZED & CONFUSED
 PHOTOGRAPHY
 CLASSIFIEDS
 READERS CORNER
 BANDERAS NEWS TEAM
Sign up NOW!

Free Newsletter!
Puerto Vallarta News NetworkTechnology News | February 2006 

Increasingly, Internet's Data Trail Leads to Court
email this pageprint this pageemail usSaul Hansell - NYTimes


In St. Louis, records of a suspect's online searches for maps proved his undoing in a serial-killing case that had gone unsolved for a decade.
Who is sending threatening email to a teenager? Who is saying disparaging things about a company on an Internet message board? Who is communicating online with a suspected drug dealer?

These questions, and many more like them, are asked every day of the companies that provide Internet service and run Web sites. And even though these companies promise to protect the privacy of their users, they routinely hand over the most intimate information in response to legal demands from criminal investigators and lawyers fighting civil cases.

Such data led directly to a suspect in a school bombing threat; it has also been used by the authorities to track child pornographers and computer intruders, and has become a tool in civil cases on matters from trade secrets to music piracy. In St. Louis, records of a suspect's online searches for maps proved his undoing in a serial-killing case that had gone unsolved for a decade.

In short, just as technology is prompting Internet companies to collect more information and keep it longer than before, prosecutors and civil lawyers are more readily using that information.

When it comes to email and Internet service records, "the average citizen would be shocked to find out how adept your average law enforcement officer is at finding information," said Paul Ohm, who recently left the Justice Department's computer crime and intellectual property section.

The issue has come to the fore because of a Justice Department request to four major Internet companies for data about their users' search queries. While America Online, Yahoo and Microsoft complied with the request, Google is resisting it. That case does not involve information that can be linked to individuals, but it has cast new light on what privacy, if any, Internet users can expect for the data trail they leave online.

The answer, in many cases, is clouded by ambiguities in the law that governs electronic communication like telephone calls and email. In many cases, the law requires law enforcement officials to meet a higher standard to read a person's email than to get copies of his financial or medical records.

Requests for information have become so common that most big Internet companies, as well as telephone companies, have a formal process for what is often called subpoena management. Most of the information sought about users is basic, but very personal: their names, where they live, when they were last online — and, if a court issues a search warrant, what they are writing and reading in their email. (Not surprisingly, the interpretation of voluminous computer records can be error-prone, and instances of mistaken identity have also come to light.)

AOL, for example, has more than a dozen people, including several former prosecutors, handling the nearly 1,000 requests it receives each month for information in criminal and civil cases. The most common requests in criminal cases relate to children — threats, abductions and pornography. Next come cases of identity theft, then computer hacking. But with more than 20 million customers, AOL has been called on to help in nearly every sort of legal action.

In recent years, "we found ourselves involved in every imaginable classification of traditional crimes, from murder to the whole scope of criminal behavior, because AOL was used to communicate or there is some trace evidence," said Christopher Bubb, assistant general counsel at AOL.

Investigators have found new ways to identify people who visit Web sites anonymously or use a false identity. Many Web sites keep a log of all user activity, and they record the Internet Protocol address of each user. I.P. addresses are assigned in blocks to Internet service providers, who use them to route information to the computers of their users. If an investigator determines the I.P. address used by a suspect, he can subpoena the Internet provider for the identity of the user associated with that address at a particular date and time.

For example, in investigating a bomb threat at a Canadian high school in 2002, Mr. Ohm approached the operator of a message board in California on which the threats were placed. He asked to review the log monitoring each user's activities, which showed the Internet Protocol address of the person who left the threatening message. Mr. Ohm used that address in turn to determine the suspect's Internet service provider, who identified a teenager who had posted the message. (As a minor, he was not prosecuted.)

While Internet evidence has been used to solve some crimes, there have also been examples of mistakes in the process. Last year, Manchester Technologies, a company in Hauppauge, N.Y., sued Ronald Kuhlman Jr. and Kim Loviglio, claiming they had posted messages on a Web site that defamed its chief executive.

Manchester had identified Mr. Kuhlman and Ms. Loviglio based on information provided by Cablevision, their Internet provider, which incorrectly associated their account with the Internet Protocol address used to make the postings. Manchester dropped its suit against Mr. Kuhlman and Ms. Loviglio, who in turn sued Cablevision. That case was settled for undisclosed terms, their lawyer, Mark Murray, said.

The 1996 law that governs privacy for telephones, Internet use and faxes — the Electronic Communications Privacy Act — provides varying degrees of protection for online information. It generally requires a court order for investigators to read email, although the law is inconsistent on this, treating unopened items differently from those previously read. The standard to compel an Internet service provider to provide identifying information about an Internet user is lower — in general, an investigator needs a subpoena, which can be signed by a prosecutor, not a judge. (And the USA Patriot Act allows some of these procedures to be waived when lives are at risk.) By comparison, domestic first-class mail requires a search warrant to be opened.

In cases in which investigators want to intercept Internet communication as it occurs, they must get the same authorization needed for a telephone wiretap, which requires continuing court monitoring. In 2004, there were 49 cases of computer or fax transmissions being monitored under these procedures, according to federal statistics (which exclude national security cases).

Mr. Ohm, now an associate professor at the University of Colorado Law School, said those statistics undercounted the instances of such monitoring, especially cases in which an Internet company was tracing attacks on its own system.

"The Wiretap Act has enough loopholes built into it that you can often do a wiretap without having to get a court order," he said.

The law for civil cases, like divorces or employment disputes, is also a bit unclear. Litigants can generally subpoena the identifying information of a user behind an email account or an I.P. address.

AOL says that only 30 of the 1,000 monthly requests it receives are for civil cases, and that it initially rejects about 90 percent of those, arguing that they are overly broad or that the litigants lack proper jurisdiction. About half of those rejected are resubmitted, on narrower grounds. Generally, AOL gives its members notice when their information is sought in civil cases. If the member objects, the issue is referred back to the court. (In criminal cases, there is often no notice, or notice is given after the information has been given to investigators.)

"Subpoenas come in all the time that ask for everything," said Kelly Skoloda, an AOL lawyer. "We engage in an active dialogue to determine what they want and what we can give in compliance with our privacy policies."

AOL and most other Internet providers take the view that the content of email messages cannot be turned over to lawyers in civil suits. The most significant exception is that email can be turned over with the consent of the account owner, and litigants often persuade judges to order their opponents to authorize the disclosure of email.

A gray area that has recently gained prominence involves the pages that users read online and the terms of their searches.

Yahoo, Google and the new free AOL.com site, for example, maintain records of user surfing behavior. Google also keeps a log file that associates every search made on its site with the I.P. address of the searcher. And Yahoo uses similar information to sell advertising; car companies, for example, place display advertising shown only to people who have entered auto-related terms in Yahoo's search engine.

It is unclear what standard is required to force Internet companies to turn over this search information to criminal investigators and perhaps civil litigants.



In accordance with Title 17 U.S.C. Section 107, this material is distributed without profit to those who have expressed a prior interest in receiving
the included information for research and educational purposes • m3 © 2008 BanderasNews ® all rights reserved • carpe aestus