There are more ways for people to connect with one another than ever before. The widespread use of social media outlets such as Facebook, Twitter, MySpace, and LinkedIn ultimately means that evidence is being created, and is often available right in the open.

However, many cases will require that you obtain more information than is available in the open on public profiles, such as the Internet address of the computer that created or updated a web post, or a Facebook profile blog post. To get this information you will need to subpoena the custodian of the social media service.

In order to obtain information from social media services via a subpoena, you will need to gather and send to them the information they need to identify the information you are requesting. This chapter covers the types of information you will need to include in subpoenas to social media and free e-mail sites. Examples are included for Facebook, Google’s Blogger service, and for free e-mail account services.

Social media evidence is covered in depth in Chapter 35. Online e-mail evidence is covered in Chapter 34.

One of the primary barriers to getting information from social media sites is the Stored Communications Act, ¹ which prevents disclosure of information or e-mail stored by an Internet service provider. While the social media site is not technically an Internet service provider, they still fall under the same protection from disclosure in noncriminal actions.

The complete text of the Stored Communication Act can be accessed on the web at the U.S. Department of Justice, Computer Crime and Intellectual Property Section website at http://www.justice.gov/criminal/cybercrime/ssmanual/03ssma.html.

One of the best sources for finding the custodian of records contact information for social media sites, Internet service providers, and phone companies is the website Search² at www.search.org. They maintain a listing of hundreds of addresses and phone numbers for custodians of records.

In order for Facebook to comply with a subpoena request, they must have the information they need to identify the profile. Profile identification can be in either of two forms, either a numeric ID or an alpha ID chosen by the Facebook user.

The old ID system used automatically generated numbers for the profile ID, such as https://www.facebook.com/profile.php?id=1234567890. The group of numbers at the end of the web address or Uniform Resource Locator (URL) is the numerical profile ID. Bear in mind that the older numeric ID is an option for change by the user to the new ID. Not all users have made the change, so the numeric Facebook IDs are still very common.

The newer form looks like this: https://www.facebook.com/username. The part after the forward slash [/] at the end of the web address is the actual profile ID.

To locate these IDs, you only need to be able to find the user’s profile on Facebook, or they can be gathered from the Internet cache on the user’s hard drive during a forensic examination. Even if the person is not sharing their profile with the public, you can still see their profile ID in the web address in the browser if you can locate the profile on Facebook.

You will need to include the period of activity you are interested in having Facebook retrieve, as this will assist in getting back information more quickly. Also, any other identifying information you can supply can assist with locating and retrieving the online records, including birth date, e-mail addresses that may be associated with the account, and the person’s name.

Google is a massive presence on the Internet with a large number of services available to Internet users. In this example, we cover the Google Blogger service.

Some of the services they provide include: Search, Gmail, Talk, YouTube, Blogger, AdWords, AdSense, Checkout, Orkut, Picasa, Sites, Groups, Docs, Maps, Earth, Video, Android, and other Google Services. Google continues to expand their services by either introducing new services or purchasing existing services and rebranding them.

Here is the information you would want to use to subpoena Google for information about an online blog.

The language included in the following example can be used generically for any of the online e-mail account services such as Hotmail, Yahoo Mail, Microsoft Live Mail, America Online, and Gmail by replacing the name of the service with the appropriate name for the information you are seeking. Bear in mind that you may need to tweak this as many of these services may not provide e-mail content, especially for free accounts.

In this chapter we looked at some examples for requesting information from various online services including e-mail, chats, blog posts, and Facebook. Included is the information needed to properly create a subpoena for the services used in the examples shown for Facebook profiles, Google Blogger accounts, and free e-mail accounts. In some cases, the information you need to use to craft the subpoena is fairly simple such as what you need for a free e-mail account. In other cases where you need to gather specific information like that shown in the Google Blogger example, you may want to get assistance from an expert or other person who can properly ferret out the details required for the subpoena.