Guidelines for police access to Facebook and other online accounts leaked to the web

It’s pretty much accepted fact, or rumor depending on your point of view, that the law enforcement agencies have inside information about accessing your data from various online networks like Facebook, Microsoft, and others. These guidelines tell among other things what kind of data is stored, how long it is kept, and to how to get a hold of the data.

Well it turns out that much of this information meant for law enforcement made its way on to the web through different means over the last little while. When it comes to AOL, Microsoft, and Blizzard that information was part of a data dump by Anonymous. Then the Facebook “manual” was released by PublicIntelligence.net in 2010.

However the most extensive collection of these “not for public use” documents for law enforcement use came from John Young, a retired architect who also happens to run Cryptome.org which is a document repository.

Some of the policies from the various companies are:

Blizzard: Logs of Internet Protocol addresses are kept “indefinitely,” according to the company behind World of Warcraft. Sent mail is not retained. Deleted mail messages are not retained.

Facebook: An earlier version of the company’s manual from 2008 said that “IP log data is generally retained for 90 days.” That statement is missing from the newly-released 2010 version, indicating that Facebook now may store data longer (a company spokesman did not respond to that question).

Microsoft/MSN: Hotmail IP logs are kept for 60 days. MSN TV’s Web site logs are kept for 13 days. No logs are kept for conversations taking place through MSN chat rooms and MSN instant messenger. The leaked document is from April 2005, though, and may be out of date.

AOL: IP logs for the AIM and ICQ messaging services are stored for up to 90 days. Customer logs are kept for 6 months. All AOL e-mail, including from portals such as AOL.ca, AOL.fr, and AOL.mx, is stored in its Northern Virginia data center.

It’s so nice to know that these companies care so much about our data, but then we do hand it over to them without any questions whatsoever so I guess we get what we deserve eh.

via CNET