Risk
1/10/2011
02:23 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Twitter Reveals Feds Seek User Data

The Department of Justice wants the account information of users who follow, or have ties to, Wikileaks, including a member of Iceland's parliament.

Twitter user Birgitta Jonsdottir, a member of Iceland's parliament who formerly served as a volunteer for Wikileaks, said in a tweet on Friday that she was among those whose information was being sought in the U.S. government's investigation of Wikileaks.

In a subsequent tweet on Sunday, Jonsdottir accused the U.S. government of trying to criminalize whistle-blowing and the publication of whistle-blowing material, warning that journalists who do so in the future are at risk.

Mark Stephens, the attorney representing Wikileaks founder Julian Assange in the U.K., characterized the U.S. government's actions as harassment in an interview with Bloomberg. Stephens also claimed that U.S. authorities are seeking similar information from Google, Facebook, and eBay's Skype.

Google did not immediately respond to a request for comment.

The Obama administration has been particularly aggressive in its pursuit of those leaking information. On Thursday, the Department of Justice announced a fifth indictment arising from the disclosure of classified information. Former CIA officer Jeffrey A. Sterling was arrested and charged with unauthorized disclosure of information about a foreign nuclear weapons program.

Steven Aftergood, who maintains the Federation of American Scientists' Secrecy News Web site, called the prosecution "unprecedented."

Others being prosecuted for leaking sensitive information include Army private Bradley Manning, believed to be the source of at least some of the material Wikileaks has released, Shamai Leibowitz, a former FBI linguist, Thomas A. Drake, a former NSA employee, and Stephen Kim, a former contractor with the State Department.

In its pursuit of the Wikileaks case, federal prosecutors demanded in a December 14, 2010, court order -- published by Salon last week -- that Twitter reveal data associated with Assange, Jonsdottir, Manning, Robbert Gonggrijp (a Dutch hacker and ISP founder), and anyone who follows Wikileaks' Twitter account. That's said to be about 634,000 people.

The order directed at Twitter recalls the U.S. Department of Justice's broad demand for search engine data during its failed attempt in 2006 to uphold the Child Online Protection Act, which was ultimately deemed to be unconstitutional.

Initially, Twitter was given three days to comply and was directed not to disclose information about the court order. But at Twitter's request last Wednesday, the court unsealed its order and gave the company ten days to object.

A spokesperson for Twitter did not respond to a request to clarify the extent to which it will oppose the demand for information. Jonsdottir, the Icelandic parliament member, is being represented by the Electronic Frontier Foundation, presumably in an attempt to prevent the release of her account information to U.S. authorities.

In a phone interview, ACLU attorney Aden Fine praised Twitter for its handling of the court order and urged other companies to follow its example. "Except in extraordinary circumstances, Internet users should always be notified if the government is requesting detailed information about their speech activities. Twitter should be commended for moving to unseal the court order."

Fine said that such demands for information often are not made public. "It is absolutely certain there are many orders like this that we simply don't know about. Each company has its own policy on when to provide information to customers [about government orders for data]," he said. "Notice to Internet users is critical so that those users have an opportunity to go to court to protect their constitutional rights."

Some at least in the U.S. government doubt federal prosecutors will be able to successfully charge Wikileaks publisher Jullian Assange with a crime. A report published by the Congressional Research Service in December concedes as much. "Leaks of classified information to the press have only rarely been punished as crimes, and we are aware of no case in which a publisher of information obtained through unauthorized disclosure by a government employee has been prosecuted for publishing it," the report says. "There may be First Amendment implications that would make such a prosecution difficult, not to mention political ramifications based on concerns about government censorship."

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-7896
Published: 2015-03-03
Multiple cross-site scripting (XSS) vulnerabilities in HP XP P9000 Command View Advanced Edition Software Online Help, as used in HP Device Manager 6.x through 8.x before 8.1.2-00, HP XP P9000 Tiered Storage Manager 6.x through 8.x before 8.1.2-00, HP XP P9000 Replication Manager 6.x and 7.x before ...

CVE-2014-9283
Published: 2015-03-03
The BestWebSoft Captcha plugin before 4.0.7 for WordPress allows remote attackers to bypass the CAPTCHA protection mechanism and obtain administrative access via unspecified vectors.

CVE-2014-9683
Published: 2015-03-03
Off-by-one error in the ecryptfs_decode_from_filename function in fs/ecryptfs/crypto.c in the eCryptfs subsystem in the Linux kernel before 3.18.2 allows local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted filename.

CVE-2015-0890
Published: 2015-03-03
The BestWebSoft Google Captcha (aka reCAPTCHA) plugin before 1.13 for WordPress allows remote attackers to bypass the CAPTCHA protection mechanism and obtain administrative access via unspecified vectors.

CVE-2015-2168
Published: 2015-03-03
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue in customer-controlled software. Notes: none.

Dark Reading Radio
Archived Dark Reading Radio
How can security professionals better engage with their peers, both in person and online? In this Dark Reading Radio show, we will talk to leaders at some of the security industry’s professional organizations about how security pros can get more involved – with their colleagues in the same industry, with their peers in other industries, and with the IT security community as a whole.