In December 2010, the U.S. Department of Justice subpoenaed Twitter for information on several people associated with WikiLeaks, seeking the users’ full contact details (phone numbers and addresses), account payment method if any (credit card and bank account number), IP addresses used to access the account, connection records (“records of session times and durations”) and data transfer information, such as the size of data file sent to someone else and the destination IP. While only five people were individually named in the subpoena, by seeking “destination IP” addresses of all transfers from these Twitter accounts, the government is effectively seeking potentially-identifying information of over six hundred thousand Twitter users, namely those who were “followers” of these WikiLeaks-associated accounts.
Twitter fought the subpoena’s accompanying gag order, and has earned a partial victory that allowed Twitter to make the order public. [Some surmise that the wording of the order — asking for size of “data files” — suggests the same order was made to other ISPs or online providers, but there is no evidence that anyone other than Twitter has objected.] Upon learning of her inclusion in the subpoena, Birgitta Jonsdottir, a member of Iceland’s parliament, sought the help of the EFF and filed a motion challenging the government’s attempt to obtain the records, asking the court to vacate the order. The motion argued the government’s demand for the records violated First Amendment speech rights and Fourth Amendment privacy rights of the Twitter-account holders.
Christopher Soghoian has posted a critical analysis of this portion of the judge’s ruling, noting that while the judge states in her order that “[b]efore creating a Twitter account, readers are notified that IP addresses are among the kinds of ‘Log Data’ that Twitter collects, transfers and manipulates,” that isn’t entirely true. Soghoian comments:
This final point is critical: “everyone knows that consumers won’t actually read through the text.” Soghoian’s post includes numerous studies that show users rarely read terms of service or privacy policies, as well as quotes from both FTC officials and US Supreme Court Chief Justice Roberts acknowledging the fact that these policies are difficult to read and understand.
Building from his original post, Soghoian has penned an amici brief (pdf) to the court, which presents the following argument:
I’m among the signers* of this brief, and would like to thank Chris for his continued efforts on protecting privacy online.
*Amici are academics and researchers from the fields of computer science, psychology, and law who focus on online privacy:
(Amicisubmit this brief in their individual capacities. The affiliations listed are for identification purposes only.)
- Dr. Kelly Caine, Principal Research Scientist in the Center for Law, Ethics and Applied Research in Health Information and the School of Informatics and Computing, Indiana University
- Danielle Keats Citron, Professor of Law, University of Maryland School of Law
- Dr. Serge Egelman
- Jerry Kang, Professor of Law, UCLA School of Law
- Dr. Aleecia M. McDonald
- Frank A. Pasquale, Schering-Plough Professor in Health Care Regulation and Enforcement, Seton Hall Law School, Visiting Fellow, Princeton University Center for Information Technology Policy
- Len Sassaman, Researcher, Katholieke Universiteit Leuven (Belgium)
- Jason M. Schultz, Assistant Clinical Professor of Law, Director, Samuelson Law, Technology & Public Policy Clinic, UC Berkeley School of Law
- Wendy Seltzer, Associate Research Scholar, Center for Information Technology Policy, Princeton University
- Christopher Soghoian, Graduate Fellow, Center for Applied Cybersecurity Research, Indiana University
- Dr. Michael Zimmer, Assistant Professor, School of Information Studies, Co-Director, Center for Information Policy Research, University of Wisconsin-Milwaukee