ACLU, EFF challenging US ‘secret’ court orders seeking Twitter data

Thursday, April 7, 2011

Late last month, the American Civil Liberties Union (ACLU) and Electronic Frontier Foundation (EFF) filed objections to the United States Government’s ‘secret’ attempts to obtain Twitter account information relating to WikiLeaks. The ACLU and EFF cite First and Fourth amendment issues as overriding reasons to overturn government attempts to keep their investigation secret; and, that with Birgitta Jonsdottir being an Icelandic Parliamentarian, the issue has serious international implications.

The case, titled “In the Matter of the 2703(d) Order Relating to Twitter Accounts: Wikileaks, Rop_G, IOERROR; and BirgittaJ“, has been in the EFF’s sights since late last year when they became aware of the US government’s attempts to investigate WikiLeaks-related communications using the popular microblogging service.

The key objective of this US government investigation is to obtain data for the prosecution of Bradley Manning, alleged to have supplied classified data to WikiLeaks. In addition to Manning’s Twitter account, and that of WikiLeaks (@wikileaks), the following three accounts are subject to the order: @ioerror, @birgittaj, and @rop_g. These, respectively, belong to Jacob Apelbaum, Birgitta Jonsdottir, and Rop Gonggrijp.

Birgitta is not the only non-US citizen with their Twitter account targeted by the US Government; Gonggrijp, a Dutch ‘ex-hacker’-turned-security-expert, was one of the founders of XS4ALL – the first Internet Service Provider in the Netherlands available to the public. He has worked on a mobile phone that can encrypt conversations, and proven that electronic voting systems can readily be hacked.

In early March, a Virginia magistrate judge ruled that the government could have the sought records, and neither the targeted users, or the public, could see documents submitted to justify data being passed to the government. The data sought is as follows:

  1. Personal contact information, including addresses
  2. Financial data, including credit card or bank account numbers
  3. Twitter account activity information, including the “date, time, length, and method of connections” plus the “source and destination Internet Protocol address(es)”
  4. Direct Message (DM) information, including the email addresses and IP addresses of everyone with whom the Parties have exchanged DMs

The order demands disclosure of absolutely all such data from November 1, 2009 for the targeted accounts.

The ACLU and EFF are not only challenging this, but demanding that all submissions made by the US government to justify the Twitter disclosure are made public, plus details of any other such cases which have been processed in secret.

Bradley Manning, at the time a specialist from Maryland enlisted with the United States Army’s 2nd Brigade, 10th Mountain Division, was arrested in June last year in connection with the leaking of classified combat video to WikiLeaks.

The leaked video footage, taken from a US helicopter gunship, showed the deaths of Reuters staff Saeed Chmagh and Namir Noor-Eldeen during a U.S. assault in Baghdad, Iraq. The wire agency unsuccessfully attempted to get the footage released via a Freedom of Information Act request in 2007.

When WikiLeaks released the video footage it directly contradicted the official line taken by the U.S. Army asserting that the deaths of the two Reuters staff were “collateral damage” in an attack on Iraqi insurgents. The radio chatter associated with the AH-64 Apache video indicated the helicopter crews had mistakenly identified the journalists’ equipment as weaponry.

The US government also claims Manning is linked to CableGate; the passing of around a quarter of a million classified diplomatic cables to WikiLeaks. Manning has been in detention since July last year; in December allegations of torture were made to the United Nations High Commissioner for Human Rights regarding the conditions under which he was and is being detained.

Reports last month that he must now sleep naked and attend role call at the U.S. Marine facility in Quantico in the same state, raised further concern over his detention conditions. Philip J. Crowley, at-the-time a State Department spokesman, remarked on this whilst speaking at Massachusetts Institute of Technology; describing the current treatment of Manning as “ridiculous and counterproductive and stupid”, Crowley was, as a consequence, put in the position of having to tender his resignation to Secretary of State Hillary Clinton.

Despite his native Australia finding, in December last year, that Assange’s WikiLeaks had not committed any criminal offences in their jurisdiction, the U.S. government has continued to make ongoing operations very difficult for the whistleblower website.

The result of the Australian Federal Police investigation left the country’s Prime Minister, Julia Gillard, having to retract a statement that WikiLeaks had acted “illegally”; instead, she characterised the site’s actions as “grossly irresponsible”.

Even with Australia finding no illegal activity on the part of WikiLeaks, and with founder Julian Assange facing extradition to Sweden, U.S. pressure sought to hobble WikiLeaks financially.

Based on a State Department letter, online payments site PayPal suspended WikiLeaks account in December. Their action was swiftly followed by Visa Europe and Mastercard ceasing to handle payments for WikiLeaks.

The online processing company, Datacell, threatened the two credit card giants with legal action over this. However, avenues of funding for the site were further curtailed when both Amazon.com and Swiss bank PostFinance joined the financial boycott of WikiLeaks.

Assange continues, to this day, to argue that his extradition to Sweden for questioning on alleged sexual offences is being orchestrated by the U.S. in an effort to discredit him, and thus WikiLeaks.

Wikinews consulted an IT and cryptography expert from the Belgian university which developed the current Advanced Encryption Standard; explaining modern communications, he stated: “Cryptography has developed to such a level that intercepting communications is no longer cost effective. That is, if any user uses the correct default settings, and makes sure that he/she is really connecting to Twitter it is highly unlikely that even the NSA can break the cryptography for a protocol such as SSL/TLS (used for https).”

Qualifying this, he commented that “the vulnerable parts of the communication are the end points.” To make his point, he cited the following quote from Gene Spafford: “Using encryption on the Internet is the equivalent of arranging an armored car to deliver credit card information from someone living in a cardboard box to someone living on a park bench.

Continuing, the Katholieke Universiteit Leuven (KUL) expert explained:

In the first place, the weak point is Twitter itself; the US government can go and ask for the data; companies such as Twitter and Google will typically store quite some information on their users, including IP addresses (it is known that Google deletes the last byte of the IP address after a few weeks, but it is not too hard for a motivated opponent to find out what this byte was).
In the second place, this is the computer of the user: by exploiting system weaknesses (with viruses, Trojan horses or backdoors in the operating system) a highly motivated opponent can enter your machine and record your keystrokes plus everything that is happening (e.g. the FBI is known to do this with the so-called Magic Lantern software). Such software is also commercially available, e.g. for a company to monitor its employees.
It would also be possible for a higly motivated opponent to play “man-in-the-middle”; that means that instead of having a secure connection to Twitter.com, you have a secure connection to the attacker’s server, who impersonates Twitter’s and then relays your information to Twitter. This requires tricks such as spoofing DNS (this is getting harder with DNSsec), or misleading the user (e.g. the user clicks on a link and connects to tw!tter.com or Twitter.c0m, which look very similar in a URL window as Twitter.com). It is clear that the US government is capable of using these kind of tricks; e.g., a company has been linked to the US government that was recognized as legitimate signer in the major browsers, so it would not be too large for them to sign a legitimate certificate for such a spoofing webserver; this means that the probability that a user would detect a problem would be very low.
As for traffic analysis (finding out who you are talking to rather than finding out what you are telling to whom), NSA and GCHQ are known to have access to lots of traffic (part of this is obtained via the UK-USA agreement). Even if one uses strong encryption, it is feasible for them to log the IP addresses and email addresses of all the parties you are connecting to. If necessary, they can even make routers re-route your traffic to their servers. In addition, the European Data Retention directive forces all operators to store such traffic data.
Whether other companies would have complied with such requests: this is very hard to tell. I believe however that it is very plausible that companies such as Google, Skype or Facebook would comply with such requests if they came from a government.
In summary: unless you go through great lengths to log through to several computers in multiple countries, you work in a clean virtual machine, you use private browser settings (don’t accept cookies, no plugins for Firefox, etc.) and use tools such as Tor, it is rather easy for any service provider to identify you.
Finally: I prefer not to be quoted on any sentences in which I make statements on the capabilities or actions of any particular government.

Wikinews also consulted French IT security researcher Stevens Le Blond on the issues surrounding the case, and the state-of-the-art in monitoring, and analysing, communications online. Le Blond, currently presenting a research paper on attacks on Tor to USENIX audiences in North America, responded via email:

Were the US Government to obtain the sought data, it would seem reasonable the NSA would handle further investigation. How would you expect them to exploit the data and expand on what they receive from Twitter?

  • Le Blond: My understanding is that the DOJ is requesting the following information: 1) Connection records and session times 2) IP addresses 3) e-mail addresses 4) banking info
By requesting 1) and 2) for Birgitta and other people involved with WikiLeaks (WL) since 2009, one could derive 2 main [pieces of] information.
First, he could tell the mobility of these people. Recent research in networking shows that you can map an IP address into a geographic location with a median error of 600 meters. So by looking at changes of IP addresses in time for a Twitter user, one could tell (or at least speculate about) where that person has been.
Second, by correlating locations of different people involved with WL in time, one could possibly derive their interactions and maybe even their level of involvement with WL. Whether it is possible to derive this information from 1) and 2) depends on how this people use Twitter. For example, do they log on Twitter often enough, long enough, and from enough places?
My research indicates that this is the case for other Internet services but I cannot tell whether it is the case for Twitter.
Note that even though IP logging, as done by Twitter, is similar to the logging done by GSM [mobile phone] operators, the major difference seems to be that Twitter is subject to US regulation, no matter the citizenship of its users. I find this rather disturbing.
Using 3), one could search for Birgitta on other Internet services, such as social networks, to find more information on her (e.g., hidden accounts). Recent research on privacy shows that people tend to use the same e-mail address to register an account on different social networks (even when they don’t want these accounts to be linked together). Obviously, one could then issue subpoenas for these accounts as well.
I do not have the expertise to comment on what could be done with 4).
((WN)) As I believe Jonsdottir to be involved in the Icelandic Modern Media Initiative (IMMI), what are the wider implications beyond the “WikiLeaks witchhunt”?
  • Le Blond: Personal data can be used to discredit, especially if the data is not public.

Having been alerted to the ongoing case through a joint press release by the ACLU and EFF, Wikinews sought clarification on the primary issues which the two non-profits saw as particularly important in challenging the U.S. Government over the ‘secret’ court orders. Rebecca Jeschke, Media Relations Director for the EFF, explained in more detail the points crucial to them, responding to a few questions from Wikinews on the case:

((WN)) As a worse-case, what precedents would be considered if this went to the Supreme Court?
  • Rebecca Jeschke: It’s extremely hard to know at this stage if this would go to the Supreme Court, and if it did, what would be at issue. However, some of the interesting questions about this case center on the rights of people around the world when they use US Internet services. This case questions the limits of US law enforcement, which may turn out to be very different from the limits in other countries.
((WN)) Since this is clearly a politicised attack on free speech with most chilling potential repercussions for the press, whistleblowers, and by-and-large anyone the relevant U.S. Government departments objects to the actions of, what action do you believe should be taken to protect free speech rights?
  • Jeschke: We believe that, except in very rare circumstances, the government should not be permitted to obtain information about individuals’ private Internet communications in secret. We also believe that Internet companies should, whenever possible, take steps to ensure their customers are notified about requests for information and have the opportunity to respond.
((WN)) Twitter via the web, in my experience, tends to use https:// connections. Are you aware of any possibility of the government cracking such connections? (I’m not up to date on the crypto arms race).
  • Jeschke: You don’t need to crack https, per se, to compromise its security. See this piece about fraudulent https certificates:
Iranian hackers obtain fraudulent httpsEFF website.
((WN)) And, do you believe that far, far more websites should – by default – employ https:// connections to protect people’s privacy?
  • Jeschke: We absolutely think that more websites should employ https! Here is a guide for site operators: (See external links, Ed.)

Finally, Wikinews approached the Icelandic politician, and WikiLeaks supporter, who has made this specific case a landmark in how the U.S. Government handles dealings with – supposedly – friendly governments and their elected representatives. A number of questions were posed, seeking the Icelandic Parliamentarian’s views:

((WN)) How did you feel when you were notified the US Government wanted your Twitter account, and message, details? Were you shocked?
  • Birgitta Jonsdottir: I felt angry but not shocked. I was expecting something like this to happen because of my involvement with WikiLeaks. My first reaction was to tweet about it.
((WN)) What do you believe is their reasoning in selecting you as a ‘target’?
  • Jonsdottir: It is quite clear to me that USA authorities are after Julian Assange and will use any means possible to get even with him. I think I am simply a pawn in a much larger context. I did of course both act as a spokesperson for WikiLeaks in relation to the Apache video and briefly for WikiLeaks, and I put my name to the video as a co-producer. I have not participated in any illegal activity and thus being a target doesn’t make me lose any sleep.
((WN)) Are you concerned that, as a Member of Parliament involved in the Icelandic Modern Media Initiative (IMMI), the US attempt to obtain your Twitter data is interfering with planned Icelandic government policy?
  • Jonsdottir: No
((WN)) In an earlier New York Times (NYT) article, you’re indicating there is nothing they can obtain about you that bothers you; but, how do you react to them wanting to know everyone you talk to?
  • Jonsdottir: It bothers me and according to top computer scientists the government should be required to obtain a search warrant to get our IP addresses from Twitter. I am, though, happy I am among the people DOJ is casting their nets around because of my parliamentary immunity; I have a greater protection then many other users and can use that immunity to raise the issue of lack of rights for those that use social media.
HAVE YOUR SAY
Do you believe the U.S. government should have the right to access data on foreign nationals using services such as Twitter?
Add or view comments
((WN)) The same NYT article describes you as a WikiLeaks supporter; is this still the case? What attracts you to their ‘radical transparency’?
  • Jonsdottir: I support the concept of WikiLeaks. While we don’t have a culture of protection for sources and whistleblowers we need sites like WikiLeaks. Plus, I think it is important to give WikiLeaks credit for raising awareness about in how bad shape freedom of information and expression is in our world and it is eroding at an alarming rate because of the fact that legal firms for corporations and corrupt politicians have understood the borderless nature of the legalities of the information flow online – we who feel it is important that people have access to information that should remain in the public domain need to step up our fight for those rights. WikiLeaks has played an important role in that context.I don’t support radical transparency – I understand that some things need to remain secret. It is the process of making things secret that needs to be both more transparent and in better consensus with nations.
((WN)) How do you think the Icelandic government would have reacted if it were tens of thousands of their diplomatic communications being leaked?
  • Jonsdottir: I am not sure – A lot of our dirty laundry has been aired via the USA cables – our diplomatic communications with USA were leaked in those cables, so far they have not stirred much debate nor shock. It is unlikely for tens of thousands of cables to leak from Iceland since we dont have the same influence or size as the USA, nor do we have a military.
((WN)) Your ambassador in the US has spoken to the Obama administration. Can you discuss any feedback from that? Do you have your party’s, and government’s, backing in challenging the ordered Twitter data release?
  • Jonsdottir: I have not had any feedback from that meeting, I did however receive a message from the DOJ via the USA ambassador in Iceland. The message stated three things: 1. I am free to travel to the USA. 2. If I would do so, I would not be a subject of involuntary interrogation. 3. I am not under criminal investigation. If this is indeed the reality I wonder why they are insisting on getting my personal details from Twitter. I want to stress that I understand the reasoning of trying to get to Assange through me, but I find it unacceptable since there is no foundation for criminal investigation against him. If WikiLeaks goes down, all the other media partners should go down at the same time. They all served similar roles. The way I see it is that WikiLeaks acted as the senior editor of material leaked to them. They could not by any means be considered a source. The source is the person that leaks the material to WikiLeaks. I am not sure if the media in our world understands how much is at stake for already shaky industry if WikiLeaks will carry on carrying the brunt of the attacks. I think it would be powerful if all the medias that have had access to WikiLeaks material would band together for their defence.
((WN)) Wikinews consulted a Belgian IT security expert who said it was most likely companies such as Facebook, Microsoft, and Google, would have complied with similar court orders *without advising the ‘targets*’. Does that disturb you?
  • Jonsdottir: This does disturb me for various reasons. The most obvious is that my emails are hosted at google/gmail and my search profile. I dont have anything to hide but it is important to note that many of the people that interact with me as a MP via both facebook and my various email accounts don’t always realize that there is no protection for them if they do so via those channels. I often get sensitive personal letters sent to me at facebook and gmail. In general most people are not aware of how little rights they have as users of social media. It is those of uttermost importance that those sites will create the legal disclaimers and agreements that state the most obvious rights we lose when we sign up to their services.
This exclusive interview features first-hand journalism by a Wikinews reporter. See the collaboration page for more details.
((WN)) Has there been any backlash within Iceland against US-based internet services in light of this? Do you expect such, or any increase in anti-American sentiments?
  • Jonsdottir: No, none what so ever. I dont think there is much anti-American sentiments in Iceland and I dont think this case will increase it. However I think it is important for everyone who does not live in the USA and uses social services to note that according to the ruling in my case, they dont have any protection of the 1st and 4th amendment, that only apply to USA citizens. Perhaps the legalities in relation to the borderless reality we live in online need to be upgraded in order for people to feel safe with using social media if it is hosted in the USA. Market tends to bend to simple rules.
((WN)) Does this make you more, or less, determined to see the IMMI succeed?
  • Jonsdottir: More. People have to realize that if we dont have freedom of information online we won’t have it offline. We have to wake up to the fact that our rights to access information that should be in the public domain is eroding while at the same time our rights as citizens online have now been undermined and we are only seen as consumers with consumers rights and in some cases our rights are less than of a product. This development needs to change and change fast before it is too late.

The U.S. Government continues to have issues internationally as a result of material passed to WikiLeaks, and subsequently published.

Within the past week, Ecuador has effectively declared the U.S. ambassador Heather Hodges persona-non-grata over corruption allegations brought to light in leaked cables. Asking the veteran diplomat to leave “as soon as possible”, the country may become the third in South America with no ambassadorial presence. Both Venezuela and Bolivia have no resident U.S. ambassador due to the two left-wing administrations believing the ejected diplomats were working with the opposition.

The U.S. State Department has cautioned Ecuador that a failure to speedily normalise diplomatic relations may jeapordise ongoing trade talks.

The United Kingdom is expected to press the Obama administration over the continuing detention of 23-year-old Manning, who also holds UK citizenship. British lawmakers are to discuss his ongoing detention conditions before again approaching the U.S. with their concerns that his solitary confinement, and treatment therein, is not acceptable.

The 22 charges brought against Manning are currently on hold whilst his fitness to stand trial is assessed.