- The information to be stored will likely contain data from all users ever having viewed a Wikileaks tweet or tweet from any other party mentioned in the subpoena.
- The number of people affected by the subpoena is much larger than the previous estimate of 600,000 Wikileaks followers.
- There’s a real possibility that the information on these users will make it to an updated Terror Watch List.
As other sources have pointed out, the order implicates more than just the 7 named users and user accounts. The language seems to implicate every Twitter follower of each of the named accounts, which explains Wikileaks’ announcement that “all 637,000 @wikileaks followers are a target”:
[R]ecords of user activity for any connections made to or from the Account, including the date, time, length, and method of connections, data transfer volume, user name, and source and destination Internet Protocol address(es). [N]on-content information associated with the contents of any communication or file stored by or for the account(s), such as the source and destination email addresses and IP addresses. (Source; original pdf subpoena)
“Communication” seems to encompass the receipt of any tweet on Twitter, given that data transmission is involved. Hence the language is inclusive of any individual following the primary targets who receives Wikileaks tweets on their Twitter timeline, for instance. The same is true of any Twitter user receiving tweets from ioerror, rop_g, and so on.
Yet if we grant that all followers will be implicated by virtue of having received tweet data from the 7 primary targets, it seems the present language is also inclusive of anyone who has clicked on a link directing them to a tweet from any of the above accounts. If you did view one of these tweets at some point on or after November 1, 2009 (the cut-off date in stipulated in the subpoena) but were not signed in to Twitter, then even if you are not a registered user, it seems you too qualify as a “connection made to or from” the accounts. There is no stipulation that ‘connections’ must be from users who are following Wikileaks et al., or even that they must be from users who are signed in.
If Twitter logs visitors, and it certainly does, then visitor data will be in these logs irrespective of whether they have a Twitter account. How significant is this and what information about you will be visible if you fall under the range of affected parties?
Even if there is no concern over how your data will be used by those entities, the likelihood that your information will remain private decreases significantly with every additional party possessing access to it. Yet concern over the manner in which your information can be used may be legitimate. In tracking paths to and from Twitter, logs exist that document internet browsing tendencies, sites visited, timestamps, host name, search terms used and more.
All this information can be easily accessed from any user not browsing through an anonymity tool like Tor and you don’t need to be logged in to a site in order to disclose your data. Although anyone can get this information from you when you visit their site, the concern here is over the manner in which the data will be used. Insofar as your information exists in the database that brought us the Terror Watch List, and insofar as you have been suspected of being the ally of a “high tech terrorist”, trivial data have the potential of becoming legally relevant. And if the language of the court order is inclusive of all individuals ever having accessed a tweet from any of the targeted accounts (since 2009), then the number of people affected by the subpoena is much larger than the previous estimate of 600,000 Wikileaks followers.