Guidelines for how police can acquire information from online accounts like Facebook, AOL, Blizzard and Microsoft, and the types of data stored and for how long were leaked this week by several sources.
CNET reports the law enforcement guidelines as being confidential but some sites are more transparent about what they keep and what police can access without a search warrant. Here's what CNET pulled together from each of the companies' policies:
Blizzard: Logs of Internet Protocol addresses are kept "indefinitely," according to the company behind World of Warcraft. Sent mail is not retained. Deleted mail messages are not retained.
Facebook: An earlier version of the company's manual from 2008 said that "IP log data is generally retained for 90 days." That statement is missing from the newly-released 2010 version, indicating that Facebook now may store data longer (a company spokesman did not respond to that question).
Microsoft/MSN: Hotmail IP logs are kept for 60 days. MSN TV's Web site logs are kept for 13 days. No logs are kept for conversations taking place through MSN chat rooms and MSN instant messenger. The leaked document is from April 2005, though, and may be out of date.
AOL: IP logs for the AIM and ICQ messaging services are stored for up to 90 days. Customer logs are kept for 6 months. All AOL e-mail, including from portals such as AOL.ca, AOL.fr, and AOL.mx, is stored in its Northern Virginia data center.
As for who leaked the guidelines, CNET reports that AOL, Blizzard and Microsoft were released by Anonymous and Facebook by PublicIntelligence.net, which is refers to as a "Wikileaks-like effort".
After the manuals were put out on the Internet, Facebook released its full manual for law enforcement, which CNET reports may or may not be coincidence. But in the past other sites have been less apt to have this information go public. According to CNET, last year John Young, who runs the Cryptome.org document repository, posted the manual for Microsoft Windows, which the company then tried to have removed from his site through the Digital Millennium Copyright Act. This request was soon after withdrawn.
According to the Electronic Communications Privacy Act, email accounts, and other information, hosted third-party servers can be accessed if they are six months old or older without a search warrant. Some are calling for the law to be updated as the technology has evolved since its enactment in 1986. CNET reports that a subpoena usually releases general information from these sites, while a court order may be required for more in depth info.