Currently, there is a lot of pressure on social media companies to help law enforcement officials solve or prevent crimes. Whether or not this is a violation of your personal privacy has yet to be hashed out in court.
In the mean time, most companies acquiesce to requests from law enforcement officials for your personal information, sometimes without a subpoena. But earlier this week, Skype broke clearer lines of user privacy and legality when it handed a 16-year-old’s address and phone number over to an IT company that sent them an e-mail requesting his personal information.
The IT company in question is the Dutch firm iSIGHT Partners. And they’re “a global cyber intelligence firm, supports leading federal and commercial entities with targeted and unique insights necessary to manage cyber risks” according to their company’s homepage.
iSight Partners was contacted by PayPal to handle an Anonymous DDos attack labeled “Operation Payback” brought on by PayPal’s refusal to process any WikiLeaks donations payments through its service.
Joep Gommers, senior director of global research for iSight Partners discovered through “internet messaging channels” that the Dutch police were investigating an individual that they suspected was a member of Anonymous known only by his Skype ID.
The member in question was a 16-year-old Dutch student. He had not been charged with the DDoS attacks or any other crime.
Joep Gommers obtained the Skype ID from his contact on the instant messaging network and sent it via an e-mail to a Skype employee. Skype is another company that employs iSight Partners’ services.
The details of the e-mail were not released. But Joep Gommers was not working with a subpoena (as he is not a law-enforcement official) or even the “go ahead” from Dutch police. They were not even aware that Gommers or iSight Partners was investigating the case.
After receiving the e-mail, the Skype employee handed over the minor’s address, phone number, e-mail address and his real name: all given to Skype to process his payments.
Joep Gommers then took the information and distributed the information to several Dutch authorities.
When questioned about his actions by reporters from Nu.nl, Gommers defended his actions by saying:
“On occasion, we share our research findings with relevant law enforcement parties as a public service, just as you would report what appeared to be a crime that you witnessed in your neighbourhood.”
Grommer made no comment on the legal implications of the way that he obtained the minor’s personal information.
Skype representatives sounded a little bit more concerned about their legal ground when they were questioned and stated that they were “reviewing” the sequence of events that resulted in a Skype employee giving out its minor customer’s information out to an IT guy operating without a subpoena or even a request from the police.
But so far no charges have been filed against Skype. No charges have been filed against the 16-year-old minor in question either. It’s not even clear that the minor was a suspect in investigations still being carried out by Dutch police.