2011-01-09 DOJ subpoena applicable to anyone who viewed WikiLeaks tweets?

Previous Update

The issued subpoena ordered Twitter to provide information regarding any account either registered to or in any way associated with the following individuals or user names:

  • rop_g
  • ioerror
  • birgittaj
  • Julian Assange
  • Bradley Manning
  • Rop Gonggrijp
  • Birgitta Jonsdottir
  • WikiLeaks

The information to be supplied, however, pertains to both the sources and destinations of these accounts. This is to include

records of user activity for any connections made to or from the Account, including the date, time, length, and method of connections, data transfer volume, user name, and source and destination Internet Protocol address(es).

[N]on-content information associated with the contents of any communication or file stored by or for the account(s), such as the source and destination email addresses and IP addresses. (Source; original pdf subpoena)

Note that the requirement of turning over user names and "destination IP addresses" would range over any electronic device (like a phone or computer) receiving communications from the above named individuals. (To see the information revealed by your IP address, click here. )

As other sources have pointed out, the order implicates more than just the above named users and user accounts. The language seems to implicate every Twitter follower of each of the named accounts, which explains Wikileaks' announcement that "all 637,000 @wikileaks followers are a target".

In examining the language of the subpoena, this seems like a real possibility. "Communication" would seem to encompass the receipt of any tweet on Twitter, given that data transmission is involved. Hence the language is inclusive of any individual following the primary targets who receives Wikileaks tweets on their Twitter timeline, for instance. The same is true of any Twitter user receiving tweets from ioerror, rop_g, and so on.

Yet if we grant that all followers will be implicated by virtue of having received tweet data from the 7 primary targets, it seems the present language is also inclusive of anyone who has clicked on a link directing them to a tweet from any of the above accounts. If you did view one of these tweets at some point on or after November 1, 2009 (the cut-off date in stipulated in the subpoena) but were not signed in to Twitter, then even if you are not a registered user, it seems you too qualify as a "connection made to or from" the accounts. There is no stipulation that 'connections' must be from users who are following Wikileaks et al., or even that they must be from users who are signed in. If Twitter logs visitors, and it certainly does, then visitor data will be in these logs irrespective of whether they have a Twitter account.

How significant is this and what information about you will be visible if you fall under the range of affected parties? To get an idea, note that Twitter stores (or "may" store) the following data, according to the following excerpt from its privacy policy.

  • Location Information, including "exact coordinates"
  • Log Data created by your use of the Services. Log Data may include information such as your IP address, browser type, the referring domain, pages visited, and search terms. Other actions, such as interactions with advertisements, may also be included in Log Data.
  • Links: Twitter may keep track of how you interact with links in Tweets across our Services including third party clients.

While the data logged by Twitter are managed by Twitter, and while keeping your information private is a significant priority for any such large company hoping to stay in business, presumably, the same cannot be said of U.S. government entities. Even if there is no concern over how your data will be used by those entities, the likelihood that your information will remain private decreases significantly with every additional party possessing access to it.

Yet concern over the manner in which your information can be used may be legitimate. In tracking paths to and from Twitter, logs exist that document internet browsing tendencies, sites visited, timestamps, host name, search terms used and more. All this information can be easily accessed from any user not browsing through an anonymity tool like Tor and you don't need to be logged in to a site in order to disclose your data.

Although anyone can get this information from you when you visit their site, the concern here is over the manner in which the data will be used. Insofar as your information exists in the database that brought us the Terror Watch List, and insofar as you have been suspected of being the ally of a "high tech terrorist", trivial data have the potential of becoming legally relevant. And if the language of the court order is inclusive of all individuals ever having accessed a tweet from any of the targeted accounts (since 2009), then the number of people affected by the subpoena is much larger than the previous estimate of 600,000 Wikileaks followers.

Update: Open letter to Twitter and DOJ from Anonymous (anonymous.ru)

Not the first time...

Folks:

Apparently this is not the first time that the American Department of Justice has tried this. I found this article on the Wired 'Threat Level' page from last May. It looks like Twitter fought back then too. It also strengthens the case that (many) other uncontested subpoenas have been issued.

http://www.wired.com/threatlevel/2010/05/twitter-subpoena-2/

Now, I realize that we're dealing with a big machine here in the DoJ. We can't expect the them to make nimble decisions regarding strategy. But it would seem the idea that the disclosure of the 'secret' subpoenas could harm the reputations of several multi-billion dollar American companies was simply 'not a matter for discussion'. Nobody had the guts to say 'what if...'. Or worst, nobody cared what happened.

What I see here is a case of 'committee denial'. Denial in individuals often causes breaks in many areas of their thinking, not just the trauma they a trying to suppress. This can lead to a more widespread dysfunctionality. If we consider denial as a form of mental dysfunction in individuals can the same be applied to groups as well?

For a word on committees I pass you over to the late, great SF author Robert Anson Heinlein. From 'The Notebooks of Lazarus Long' in the novel 'Time Enough for Love':

"A committee is a creature with six or more legs and no brain."

Sigh...

Folks:

Sigh. Here we have yet another example of what happens when you act in
secrecy. The American 'Justice' Departments fishing expedition throws a line (the secret subpoena) at another in a long list of prey fish in it's waters (Twitter). This fish fights back and in the end breaks the line of secrecy.

The negative fallout for the American government from Twitters victory far
outweighs the value of the information they were originally after. They
haven't learned their lesson. In this case, they didn't expect Twitter to
fight back. No one else has. Twitter used the American judicial system to
gain the constitutional rights of it's clients. It seems that part of
America still works. But Twitter went beyond just protecting it's clients,
it published the subpoena so that everybody could see how blatantly abusive
the American Justice Departments demands were. They DEMANDED the information in 'three days'. They DEMANDED that the subpoena be kept secret. Neither of these things happened.

Now the American Justice Department is in the soup. They don't have the
information, their own judicial system have told them that they have
exceeded the very laws which they are the chief upholders of, have caused
outrage around the world (and even some in their own country) and on top of
it all enraged a whole country (Iceland).

I wouldn't be surprised if Iceland pulled their U.S. ambassador home 'for
consultations'.

Twitter has shown that it is possible to "fight the monster" where others
have so easily caved.

This was secrecy used for it's worst purposes, the maintenance of a
conspiracy. The American government and the DOJ deserve what they get.

Shouldn't the first sentence

Shouldn't the first sentence here read "Twitter" instead of "Wikileaks and other parties" and Wikileaks should be included in the list of individuals or user names?

Thank you, r0b1n.

Thank you, r0b1n.

Thank you, we've got

Thank you, we've got wikileaks on the mind is all.

Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer