Risk
1/10/2011
02:23 PM
Connect Directly
LinkedIn
Twitter
Google+
RSS
E-Mail
50%
50%

Twitter Reveals Feds Seek User Data

The Department of Justice wants the account information of users who follow, or have ties to, Wikileaks, including a member of Iceland's parliament.

Twitter user Birgitta Jonsdottir, a member of Iceland's parliament who formerly served as a volunteer for Wikileaks, said in a tweet on Friday that she was among those whose information was being sought in the U.S. government's investigation of Wikileaks.

In a subsequent tweet on Sunday, Jonsdottir accused the U.S. government of trying to criminalize whistle-blowing and the publication of whistle-blowing material, warning that journalists who do so in the future are at risk.

Mark Stephens, the attorney representing Wikileaks founder Julian Assange in the U.K., characterized the U.S. government's actions as harassment in an interview with Bloomberg. Stephens also claimed that U.S. authorities are seeking similar information from Google, Facebook, and eBay's Skype.

Google did not immediately respond to a request for comment.

The Obama administration has been particularly aggressive in its pursuit of those leaking information. On Thursday, the Department of Justice announced a fifth indictment arising from the disclosure of classified information. Former CIA officer Jeffrey A. Sterling was arrested and charged with unauthorized disclosure of information about a foreign nuclear weapons program.

Steven Aftergood, who maintains the Federation of American Scientists' Secrecy News Web site, called the prosecution "unprecedented."

Others being prosecuted for leaking sensitive information include Army private Bradley Manning, believed to be the source of at least some of the material Wikileaks has released, Shamai Leibowitz, a former FBI linguist, Thomas A. Drake, a former NSA employee, and Stephen Kim, a former contractor with the State Department.

In its pursuit of the Wikileaks case, federal prosecutors demanded in a December 14, 2010, court order -- published by Salon last week -- that Twitter reveal data associated with Assange, Jonsdottir, Manning, Robbert Gonggrijp (a Dutch hacker and ISP founder), and anyone who follows Wikileaks' Twitter account. That's said to be about 634,000 people.

The order directed at Twitter recalls the U.S. Department of Justice's broad demand for search engine data during its failed attempt in 2006 to uphold the Child Online Protection Act, which was ultimately deemed to be unconstitutional.

Initially, Twitter was given three days to comply and was directed not to disclose information about the court order. But at Twitter's request last Wednesday, the court unsealed its order and gave the company ten days to object.

A spokesperson for Twitter did not respond to a request to clarify the extent to which it will oppose the demand for information. Jonsdottir, the Icelandic parliament member, is being represented by the Electronic Frontier Foundation, presumably in an attempt to prevent the release of her account information to U.S. authorities.

In a phone interview, ACLU attorney Aden Fine praised Twitter for its handling of the court order and urged other companies to follow its example. "Except in extraordinary circumstances, Internet users should always be notified if the government is requesting detailed information about their speech activities. Twitter should be commended for moving to unseal the court order."

Fine said that such demands for information often are not made public. "It is absolutely certain there are many orders like this that we simply don't know about. Each company has its own policy on when to provide information to customers [about government orders for data]," he said. "Notice to Internet users is critical so that those users have an opportunity to go to court to protect their constitutional rights."

Some at least in the U.S. government doubt federal prosecutors will be able to successfully charge Wikileaks publisher Jullian Assange with a crime. A report published by the Congressional Research Service in December concedes as much. "Leaks of classified information to the press have only rarely been punished as crimes, and we are aware of no case in which a publisher of information obtained through unauthorized disclosure by a government employee has been prosecuted for publishing it," the report says. "There may be First Amendment implications that would make such a prosecution difficult, not to mention political ramifications based on concerns about government censorship."

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-2963
Published: 2014-07-10
Multiple cross-site scripting (XSS) vulnerabilities in group/control_panel/manage in Liferay Portal 6.1.2 CE GA3, 6.1.X EE, and 6.2.X EE allow remote attackers to inject arbitrary web script or HTML via the (1) _2_firstName, (2) _2_lastName, or (3) _2_middleName parameter.

CVE-2014-3310
Published: 2014-07-10
The File Transfer feature in WebEx Meetings Client in Cisco WebEx Meetings Server and WebEx Meeting Center does not verify that a requested file was an offered file, which allows remote attackers to read arbitrary files via a modified request, aka Bug IDs CSCup62442 and CSCup58463.

CVE-2014-3311
Published: 2014-07-10
Heap-based buffer overflow in the file-sharing feature in WebEx Meetings Client in Cisco WebEx Meetings Server and WebEx Meeting Center allows remote attackers to execute arbitrary code via crafted data, aka Bug IDs CSCup62463 and CSCup58467.

CVE-2014-3315
Published: 2014-07-10
Cross-site scripting (XSS) vulnerability in viewfilecontents.do in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCup76308.

CVE-2014-3316
Published: 2014-07-10
The Multiple Analyzer in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote authenticated users to bypass intended upload restrictions via a crafted parameter, aka Bug ID CSCup76297.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Marilyn Cohodas and her guests look at the evolving nature of the relationship between CIO and CSO.