Grindrs and Blendrs beware: The law makes it pretty damn easy for cops and prosecutors to snag the data of your hookup app. Life is short, have a [fully subpoena-able] affair.
This Valentine’s, the unattached will turn by the thousands to algorithms and smartphone apps to match them up with a special someone (/warm body) to mark the occasion. A dizzying array of digital tools, some more explicitly sex-driven than others, all but ensure the eager and willing their flavor of action, whether it’s a date from OK Cupid, a hookup via Grindr, Blendr or Skout, or an affair arranged through Ashley Madison. Users divulge an incredible wealth of information to these sites, much of it rather sensitive. Just signing up for an account on Manhunt, for instance, reveals a lot of personal information to a third party.
So how much data do hookup apps disclose to, say, an inquisitive prosecutor or FBI agent who might come knocking for one of their users’ activity?
For Data Privacy Day in January, Twitter and Google published details regarding how often law enforcement query their user data as part of investigations. Google received a staggering 8,438 distinct requests from US law enforcement from July to December 2012 for information pertaining to 14,791 user accounts. In the same period, Twitter received 1,009 law enforcement requests, 815 of which were from American authorities. The majority of requests (around 70 percent for both companies) came through subpoenas, which do not require any judicial oversight, with only around 20 percent of requests arriving under a search warrant certified by a judge. Both Twitter and Google note an uptick in law enforcement requests for user data: Twitter reports that all signs “suggest that these government inquiries will continue to climb into the foreseeable future.”
The comically-misnomered Electronic Communications Privacy Act (ECPA) allows law enforcement wide access to personal data, stored e-mails and other communications. Notably, it provides that electronic messages stored on third-party servers for more than 180 days are subject only to subpoena (again, no pesky judicial signature required) rather than a search warrant. A host of web-based companies (Google, Twitter and Facebook included), Internet privacy advocate and civil liberties defenders have called for an overhaul to ECPA, which hasn’t been updated since 1986.
It bears repeating: The provision that allows law enforcement and prosecutors access to your online doings not only predates Sega Genesis, GeoCities and the phrase “former Soviet Union,” but also the very Internet its provisions are meant to govern.
ECPA was also written in a world before the advent of online dating or digital cruising for hookups. Despite the fact that few lawmakers in 1986 could scarcely imagine how terrifyingly straightforward Manhunt can make scratching certain down-low itches, ECPA applies equally to these sites and their data troves.
And as Kevin Bankston of the Center for Democracy and Technology puts it, “When it comes to Internet data and law enforcement, if you build it, they will come. Eventually authorities will come calling for any and every service’s data.” That means your Grindr flirting, your OK Cupid IMs, your Ashley Madison indecent proposals, it’s all fair game for the creative prosecutor or detective with a hunch, a notarized letter and the patience to wait 180 days.
Inquiries confirm that law enforcement has already recognized the value of dating and hookup social networks as data troves for investigations. While none provided the detailed data that Twitter and Google release in their transparency reports, hookup facilitators Grindr, Blendr, Skout and Ashley Madison all confirmed that they have received user info requests from various law enforcement agencies. [OK Cupid and Manhunt did not return repeated attempts to contact them.]
A representative from Grindr and Blendr (which are owned by the same parent company), for instance, issued a statement outlining that if “contacted by the authorities about an investigation, we fully cooperate with their requests,” but declined to reveal how often either app had been contacted by law enforcement or for what types of information. Similarly, a Skout representative issued a statement affirming that the company does “on occasion work with law enforcement, [although] the amount of these requests really varies.”
In addition to data on law enforcement inquiries, Google, Twitter and Facebook have each lifted the veil on the legal standards they require for particular data. Google, for instance, outlines that a valid subpoena could compel the company to disclose a user’s name and IP address, but that its interpretation of ECPA and the Fourth Amendment (no unreasonable searches and seizures, kids) suggests that a warrant is required for actual e-mail content.
Online hookup tools have been less open about the specific legal process required to feel up their data. Grindr/Blendr refuses to “disclose details of specific incidents.” Skout indicates that their legal standard “typically includes search warrant and or a subpoena,” but that “this can vary depending on the type of case or information requested.” Ashley Madison is much more emphatic, assuring that the company “does not disclose a user’s personal information to law enforcement without a valid court order or subpoena.” Being headquartered in Canada also keeps a lot inquiries at bay, according to Ashley Madison CEO Noel Biderman.
“Our estimate is that Ashley Madison has disclosed user information pursuant to law enforcement requests maybe 2 to 5% of the time,” says Biderman. “Our users buy two things from us: like-minded connections and discretion.”
Even with this commitment to protecting user information, social media networks can only do so much from the ECPA’s reach. Low judicial oversight exposes potentially sensitive data like Grindr and Ashley Madison registrations, information that might be incredibly useful as leverage over uncooperative suspects and defendants. If even giants like Twitter and Google have been forced to hand over user data more frequently, it’s reasonable to foresee a rise in the same requests for hookup app information.
“As more and more social interactions move online, there is a rich trove that’s intensely revealing,” reiterates Bankston. “We need to know the rules that govern data, and we need to know the practices of companies that we rely on.”