LinkedIn Law Enforcement Data Request: Police & Government Guide (BEC & Employment Scams)
How authorised investigators request LinkedIn member data — submitted through LinkedIn's Kodex portal. Covers the subpoena-vs-warrant ladder (messages and connections need a warrant), preservation, emergency disclosure, and why LinkedIn matters for BEC and fake-recruiter investigations.
LinkedIn member-data investigations are submitted through Kodex, the third-party legal-request platform LinkedIn uses, at app.kodex.us/linkedin/signin. LinkedIn (a Microsoft subsidiary) is a frequent target in business email compromise (BEC) and fake-recruiter / employment-phishing cases, where suspect profiles, connection graphs and messages are key evidence. This is a guide for authorised investigators.
- Portal: LinkedIn routes requests through Kodex — app.kodex.us/linkedin/signin (verified agency accounts, encrypted transfer, status tracking)
- The legal-process ladder: a subpoena gets member profile and account-registration data; a search warrant is required for messages, invitations and connection lists (a high bar)
- Emergency: use LinkedIn’s Emergency Disclosure Request form (signed under penalty of perjury) for imminent risk of serious bodily harm or death
- Not LinkedIn: compromised Microsoft 365 / Azure email evidence goes to Microsoft directly, not LinkedIn
Before you start
- An official law-enforcement email domain and a verified Kodex agency account.
- The target’s LinkedIn profile URL or member identifier.
- Your legal process (subpoena, court order or search warrant) — non-U.S. requests generally need an MLAT or letters rogatory, except qualifying emergencies.
What LinkedIn can disclose, by legal process
| Legal process | What LinkedIn may disclose |
|---|---|
| Subpoena | Member profile information, account registration data and account details. |
| Search warrant | Content with a high bar for disclosure — private messages, invitations and connection lists. |
Preservation requests
LinkedIn accepts preservation requests in connection with official criminal investigations, submitted through the Kodex portal. The retention period and renewal details are set out in LinkedIn’s official Law Enforcement Data Request Guidelines (PDF) — follow that document for the exact procedure.
Emergency Disclosure Requests
For an imminent risk of serious bodily harm or death, submit the Emergency Disclosure Request form from LinkedIn’s guidelines, signed under penalty of perjury by the requesting officer. Kodex processes the case while verifying the agency so genuine emergencies are not delayed.
Why LinkedIn matters for BEC investigations
In business email compromise and fake-recruiter scams, attackers use LinkedIn for reconnaissance and to build trust. Profile-creation metadata, connection history (with a warrant) and messages (with a warrant) can establish the attacker’s persona, who they targeted, and the timeline. Remember the split: LinkedIn data via Kodex; the compromised corporate mailbox itself via Microsoft.
Frequently asked questions
What is the LinkedIn law enforcement portal? LinkedIn processes requests through Kodex at app.kodex.us/linkedin/signin — it is not hosted on a linkedin.com URL.
Do I need a warrant for LinkedIn messages? Yes. Messages, invitations and connection lists require a search warrant; profile and registration data are available on a subpoena.
LinkedIn is owned by Microsoft — do I serve Microsoft? For LinkedIn member data, no — use Kodex. For Microsoft 365 / Azure / Outlook evidence, serve Microsoft directly through its own law-enforcement process.
See also
- Overview: law-enforcement data-request portals across all platforms
- What is LERS? Law-Enforcement Response Systems, explained