Risk
1/10/2011
02:23 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Twitter Reveals Feds Seek User Data

The Department of Justice wants the account information of users who follow, or have ties to, Wikileaks, including a member of Iceland's parliament.

Twitter user Birgitta Jonsdottir, a member of Iceland's parliament who formerly served as a volunteer for Wikileaks, said in a tweet on Friday that she was among those whose information was being sought in the U.S. government's investigation of Wikileaks.

In a subsequent tweet on Sunday, Jonsdottir accused the U.S. government of trying to criminalize whistle-blowing and the publication of whistle-blowing material, warning that journalists who do so in the future are at risk.

Mark Stephens, the attorney representing Wikileaks founder Julian Assange in the U.K., characterized the U.S. government's actions as harassment in an interview with Bloomberg. Stephens also claimed that U.S. authorities are seeking similar information from Google, Facebook, and eBay's Skype.

Google did not immediately respond to a request for comment.

The Obama administration has been particularly aggressive in its pursuit of those leaking information. On Thursday, the Department of Justice announced a fifth indictment arising from the disclosure of classified information. Former CIA officer Jeffrey A. Sterling was arrested and charged with unauthorized disclosure of information about a foreign nuclear weapons program.

Steven Aftergood, who maintains the Federation of American Scientists' Secrecy News Web site, called the prosecution "unprecedented."

Others being prosecuted for leaking sensitive information include Army private Bradley Manning, believed to be the source of at least some of the material Wikileaks has released, Shamai Leibowitz, a former FBI linguist, Thomas A. Drake, a former NSA employee, and Stephen Kim, a former contractor with the State Department.

In its pursuit of the Wikileaks case, federal prosecutors demanded in a December 14, 2010, court order -- published by Salon last week -- that Twitter reveal data associated with Assange, Jonsdottir, Manning, Robbert Gonggrijp (a Dutch hacker and ISP founder), and anyone who follows Wikileaks' Twitter account. That's said to be about 634,000 people.

The order directed at Twitter recalls the U.S. Department of Justice's broad demand for search engine data during its failed attempt in 2006 to uphold the Child Online Protection Act, which was ultimately deemed to be unconstitutional.

Initially, Twitter was given three days to comply and was directed not to disclose information about the court order. But at Twitter's request last Wednesday, the court unsealed its order and gave the company ten days to object.

A spokesperson for Twitter did not respond to a request to clarify the extent to which it will oppose the demand for information. Jonsdottir, the Icelandic parliament member, is being represented by the Electronic Frontier Foundation, presumably in an attempt to prevent the release of her account information to U.S. authorities.

In a phone interview, ACLU attorney Aden Fine praised Twitter for its handling of the court order and urged other companies to follow its example. "Except in extraordinary circumstances, Internet users should always be notified if the government is requesting detailed information about their speech activities. Twitter should be commended for moving to unseal the court order."

Fine said that such demands for information often are not made public. "It is absolutely certain there are many orders like this that we simply don't know about. Each company has its own policy on when to provide information to customers [about government orders for data]," he said. "Notice to Internet users is critical so that those users have an opportunity to go to court to protect their constitutional rights."

Some at least in the U.S. government doubt federal prosecutors will be able to successfully charge Wikileaks publisher Jullian Assange with a crime. A report published by the Congressional Research Service in December concedes as much. "Leaks of classified information to the press have only rarely been punished as crimes, and we are aware of no case in which a publisher of information obtained through unauthorized disclosure by a government employee has been prosecuted for publishing it," the report says. "There may be First Amendment implications that would make such a prosecution difficult, not to mention political ramifications based on concerns about government censorship."

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-1375
Published: 2015-01-28
pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not properly restrict access to the upload functionality, which allows remote attackers to write to arbitrary files.

CVE-2015-1376
Published: 2015-01-28
pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not validate hostnames, which allows remote authenticated users to write to arbitrary files via an upload URL with a host other than pixabay.com.

CVE-2015-1419
Published: 2015-01-28
Unspecified vulnerability in vsftp 3.0.2 and earlier allows remote attackers to bypass access restrictions via unknown vectors, related to deny_file parsing.

CVE-2014-5211
Published: 2015-01-27
Stack-based buffer overflow in the Attachmate Reflection FTP Client before 14.1.433 allows remote FTP servers to execute arbitrary code via a large PWD response.

CVE-2014-8154
Published: 2015-01-27
The Gst.MapInfo function in Vala 0.26.0 and 0.26.1 uses an incorrect buffer length declaration for the Gstreamer bindings, which allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors, which trigger a heap-based buffer overf...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
If youíre a security professional, youíve probably been asked many questions about the December attack on Sony. On Jan. 21 at 1pm eastern, you can join a special, one-hour Dark Reading Radio discussion devoted to the Sony hack and the issues that may arise from it.