2011-01-09 DOJ subpoena applicable to anyone who viewed WikiLeaks tweets?

Previous Update

The issued subpoena ordered Twitter to provide information regarding any account either registered to or in any way associated with the following individuals or user names:

  • rop_g
  • ioerror
  • birgittaj
  • Julian Assange
  • Bradley Manning
  • Rop Gonggrijp
  • Birgitta Jonsdottir
  • WikiLeaks

The information to be supplied, however, pertains to both the sources and destinations of these accounts. This is to include

records of user activity for any connections made to or from the Account, including the date, time, length, and method of connections, data transfer volume, user name, and source and destination Internet Protocol address(es).

[N]on-content information associated with the contents of any communication or file stored by or for the account(s), such as the source and destination email addresses and IP addresses. (Source; original pdf subpoena)

Note that the requirement of turning over user names and "destination IP addresses" would range over any electronic device (like a phone or computer) receiving communications from the above named individuals. (To see the information revealed by your IP address, click here. )

As other sources have pointed out, the order implicates more than just the above named users and user accounts. The language seems to implicate every Twitter follower of each of the named accounts, which explains Wikileaks' announcement that "all 637,000 @wikileaks followers are a target".

In examining the language of the subpoena, this seems like a real possibility. "Communication" would seem to encompass the receipt of any tweet on Twitter, given that data transmission is involved. Hence the language is inclusive of any individual following the primary targets who receives Wikileaks tweets on their Twitter timeline, for instance. The same is true of any Twitter user receiving tweets from ioerror, rop_g, and so on.

Yet if we grant that all followers will be implicated by virtue of having received tweet data from the 7 primary targets, it seems the present language is also inclusive of anyone who has clicked on a link directing them to a tweet from any of the above accounts. If you did view one of these tweets at some point on or after November 1, 2009 (the cut-off date in stipulated in the subpoena) but were not signed in to Twitter, then even if you are not a registered user, it seems you too qualify as a "connection made to or from" the accounts. There is no stipulation that 'connections' must be from users who are following Wikileaks et al., or even that they must be from users who are signed in. If Twitter logs visitors, and it certainly does, then visitor data will be in these logs irrespective of whether they have a Twitter account.

How significant is this and what information about you will be visible if you fall under the range of affected parties? To get an idea, note that Twitter stores (or "may" store) the following data, according to the following excerpt from its privacy policy.

  • Location Information, including "exact coordinates"
  • Log Data created by your use of the Services. Log Data may include information such as your IP address, browser type, the referring domain, pages visited, and search terms. Other actions, such as interactions with advertisements, may also be included in Log Data.
  • Links: Twitter may keep track of how you interact with links in Tweets across our Services including third party clients.

While the data logged by Twitter are managed by Twitter, and while keeping your information private is a significant priority for any such large company hoping to stay in business, presumably, the same cannot be said of U.S. government entities. Even if there is no concern over how your data will be used by those entities, the likelihood that your information will remain private decreases significantly with every additional party possessing access to it.

Yet concern over the manner in which your information can be used may be legitimate. In tracking paths to and from Twitter, logs exist that document internet browsing tendencies, sites visited, timestamps, host name, search terms used and more. All this information can be easily accessed from any user not browsing through an anonymity tool like Tor and you don't need to be logged in to a site in order to disclose your data.

Although anyone can get this information from you when you visit their site, the concern here is over the manner in which the data will be used. Insofar as your information exists in the database that brought us the Terror Watch List, and insofar as you have been suspected of being the ally of a "high tech terrorist", trivial data have the potential of becoming legally relevant. And if the language of the court order is inclusive of all individuals ever having accessed a tweet from any of the targeted accounts (since 2009), then the number of people affected by the subpoena is much larger than the previous estimate of 600,000 Wikileaks followers.

Update: Open letter to Twitter and DOJ from Anonymous (anonymous.ru)