Computer experts back appeal in Twitter-Wikileaks case
A number of respected security experts have decided to formally speak up in favor of the appeal that lawyers have filed against the Twitter data handover decision in WikiLeaks case, so they filed an amicus brief – a legal opinion that could influence the court’s final decision – stating that they think the government needs to obtain a search warrant if they want to get the IP addresses of the Twitter users linked to WikiLeaks.
The brief was filed in the U.S. District Court in Alexandria, Virginia, by Steven Bellovin, computer science professor at Columbia University; Peter Neumann, Principal Scientist at the SRI International Computer Science Laboratory; Bruce Schneier, Chief Security Technology Officer at BT; Susan Landau, a fellow at the Radcliffe Institute for Advanced Study at Harvard and former Sun Microsystem engineer; and others.
The brief argues that “when a court seeks to apply a law into an area of rapidly developing technology, it is crucially important that the court correctly and fully understand that technology.”
According to these experts, the government has equaled IP addresses with telephone numbers, asking the court to ignore the fact that IP addresses can reveal the users’ location at the time and that that information can be used to reconstruct their movements and even meetings with people.
“A large collection of data over a lengthy period of time that includes IP addresses, dates and times – as one might get from a heavily trafficked website such as Twitter – can readily translate into a picture of a person’s movements from one location to another,” claims the brief. “The government’s acquisition of such a picture of a person’s movements has serious implications for a person’s expectations of privacy.”
“In addition, IP address and date-and-time-of-access information can create an inference that two people were together in the same place at the same time,” it continues. “Suppose, for example, that two individuals logged in to Twitter at exactly the same date and time from a single IP address associated with a Starbucks in Reykjavik, Iceland. That information would be highly suggestive of the fact that the two people were meeting each other.”
“In this matter, the government has obtained an order requiring Twitter to turn over IP addresses and related data associated with the Parties [i.e. Birgitta Jonsdottir, Jacob Appelbaum and Rop Gonggrijp] over a six-and-a-half month period of time. Given the Parties’s extensive use of Twitter, that is likely to encompass a very large amount of data about the Parties. As the foregoing demonstrates, the government can compose a picture of the Parties’ locations and movements from that data over that extensive period of time,” it concludes. “One would assume that is the government’s purpose for seeking the order in the first place.”
It remains to be seen if these statements will be taken in consideration by the court when the time comes to make a decision about the appeal. But no one can say that these experts stood aside and watched how the security and privacy implications of the use of these technologies were conveniently swept aside.