02:23 PM
Connect Directly

Twitter Reveals Feds Seek User Data

The Department of Justice wants the account information of users who follow, or have ties to, Wikileaks, including a member of Iceland's parliament.

Twitter user Birgitta Jonsdottir, a member of Iceland's parliament who formerly served as a volunteer for Wikileaks, said in a tweet on Friday that she was among those whose information was being sought in the U.S. government's investigation of Wikileaks.

In a subsequent tweet on Sunday, Jonsdottir accused the U.S. government of trying to criminalize whistle-blowing and the publication of whistle-blowing material, warning that journalists who do so in the future are at risk.

Mark Stephens, the attorney representing Wikileaks founder Julian Assange in the U.K., characterized the U.S. government's actions as harassment in an interview with Bloomberg. Stephens also claimed that U.S. authorities are seeking similar information from Google, Facebook, and eBay's Skype.

Google did not immediately respond to a request for comment.

The Obama administration has been particularly aggressive in its pursuit of those leaking information. On Thursday, the Department of Justice announced a fifth indictment arising from the disclosure of classified information. Former CIA officer Jeffrey A. Sterling was arrested and charged with unauthorized disclosure of information about a foreign nuclear weapons program.

Steven Aftergood, who maintains the Federation of American Scientists' Secrecy News Web site, called the prosecution "unprecedented."

Others being prosecuted for leaking sensitive information include Army private Bradley Manning, believed to be the source of at least some of the material Wikileaks has released, Shamai Leibowitz, a former FBI linguist, Thomas A. Drake, a former NSA employee, and Stephen Kim, a former contractor with the State Department.

In its pursuit of the Wikileaks case, federal prosecutors demanded in a December 14, 2010, court order -- published by Salon last week -- that Twitter reveal data associated with Assange, Jonsdottir, Manning, Robbert Gonggrijp (a Dutch hacker and ISP founder), and anyone who follows Wikileaks' Twitter account. That's said to be about 634,000 people.

The order directed at Twitter recalls the U.S. Department of Justice's broad demand for search engine data during its failed attempt in 2006 to uphold the Child Online Protection Act, which was ultimately deemed to be unconstitutional.

Initially, Twitter was given three days to comply and was directed not to disclose information about the court order. But at Twitter's request last Wednesday, the court unsealed its order and gave the company ten days to object.

A spokesperson for Twitter did not respond to a request to clarify the extent to which it will oppose the demand for information. Jonsdottir, the Icelandic parliament member, is being represented by the Electronic Frontier Foundation, presumably in an attempt to prevent the release of her account information to U.S. authorities.

In a phone interview, ACLU attorney Aden Fine praised Twitter for its handling of the court order and urged other companies to follow its example. "Except in extraordinary circumstances, Internet users should always be notified if the government is requesting detailed information about their speech activities. Twitter should be commended for moving to unseal the court order."

Fine said that such demands for information often are not made public. "It is absolutely certain there are many orders like this that we simply don't know about. Each company has its own policy on when to provide information to customers [about government orders for data]," he said. "Notice to Internet users is critical so that those users have an opportunity to go to court to protect their constitutional rights."

Some at least in the U.S. government doubt federal prosecutors will be able to successfully charge Wikileaks publisher Jullian Assange with a crime. A report published by the Congressional Research Service in December concedes as much. "Leaks of classified information to the press have only rarely been punished as crimes, and we are aware of no case in which a publisher of information obtained through unauthorized disclosure by a government employee has been prosecuted for publishing it," the report says. "There may be First Amendment implications that would make such a prosecution difficult, not to mention political ramifications based on concerns about government censorship."

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Current Issue
E-Commerce Security: What Every Enterprise Needs to Know
The mainstream use of EMV smartcards in the US has experts predicting an increase in online fraud. Organizations will need to look at new tools and processes for building better breach detection and response capabilities.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio