17 November 2011
A US Court has recently upheld an Order requiring social networking giant Twitter to produce electronic records of three Twitter account holders to the United States Government as part of the criminal investigation into WikiLeaks, Jullian Assange and Bradley Manning. The case raises interesting questions as to how far the First Amendment (freedom of speech) and Fourth Amendment (privacy) rights extend in the world of social media.
Under Twitter’s Privacy Policy, to which users must agree in order to create a Twitter account, Twitter is able to (and does!) collect a wide range of information associated with its users, including: IP address information, which may be used to determine the physical location of a user; records of web pages visited by the user before and after Twitter; log records of time spent on Twitter, and much much more.
It probably wouldn’t surprise readers of this blog to discover that other social media sites (such as Facebook), Internet Service Providers (“ISP”) and many other online businesses around the world also collect this type of information. However, use and/or disclosure of an account holder’s personal information is usually confined by the terms of the social media provider or ISP’s Privacy Policy, and also by privacy laws that apply in the relevant jurisdiction (in Australia, the National Privacy Principles apply).
Twitter is expressly permitted by its Privacy Policy to disclose account holder information if Twitter believes that “it is reasonably necessary to comply with law, regulation or legal request“. It is not uncommon for other online service providers (such as domain name registrants and website hosts) to include similar provisions in their privacy or civil subpoena policy.
WikiLeaks criminal investigation and the Twitter Order
As part of a criminal investigation into WikiLeaks’ release of over 250,000 classified diplomatic cables in 2010, the United States Government applied under Title II of the Electronic Communications Privacy Act (also known as the Stored Communications Act) for an order that Twitter produce account information and other electronic records relating to Jacob Appelbaum (a US computer security expert), Rop Gonggreijp (a Dutch computer security expert) and Birgitta Jonsdottir (an Icelandic member of parliament), all of whom allegedly have links with WikiLeaks.
The order, which was made by Magistrate Judge Buchanan and upheld by Justice O’Grady of the Eastern District of Virginia, requires Twitter to provide the Government with (amongst other things):
- the subscriber names, user names, screen names, or other identities of the account holders;
- any mailing, residential, business or email addresses of the account holders;
- means and source of any payment made to Twitter by the account holder (including credit card or bank account number);
- records of user activity made to and from the account – including the date, length and method of connections, data transfer volume, source and destination IP addresses; and
- non-content information (for example, a record of the source and destination email and IP address) associated with the contents of any communications or file stored by or for the account holder.
The Government was successful in persuading the Court that it had “reasonable grounds to believe that the records or other information sought [were] relevant and material to an ongoing criminal investigations” and that “prior notice of [the Twitter Order] to any person… would seriously jeopardize the investigation“, thus satisfying the provisions of the Stored Comminations Act.
On appeal, the three Twitter account holders argued that the Order contravened both their:
- First Amendment rights – because the Order has a “chilling effect” on their speech and associational rights, as well as the rights of Twitter users in general; and
- Fourth Amendment rights – because they have a reasonable expectation of privacy in IP address information, as this information could be used to track their locations in and between private spaces.
However, the Court found that the Order would not contravene the account holders’ First Amendment rights because they had voluntarily made their Twitter posts and associations with WikiLeaks public, and so any “chilling effect” on their rights was created by their own actions. Further, the account holders had “relinquished any reasonable expectation of privacy” by voluntarily disclosing their IP address and other personal information to Twitter.
Broader implications
As this case relates to a criminal investigation, it is difficult to predict its broader implications.
However, there are similar provisions under the United States Civil Code which enable the Court to order production of account holder information which might be particularly relevant to the online space, where Internet users often post offending content anonymously. One of these provisions, which could be relevant to Australian litigants, is Title 28 of section 1782 of the Code, which allows US District Courts to make orders compelling the production of documents from companies located in the US if those documents are to be used in a foreign proceeding that is either under way or in reasonable contemplation at the time the section 1782 application is made. Given the outcome of this case, such a provision could be useful in an Australian defamation proceeding where the Twitter or Facebook account holder has posted defamatory information under pseudonym, and so the Defendant would be unknown unless Twitter/Facebook disclosed personal information to the litigant.
Whatever thebroader implications of this case are, it appears that the strength of First and Fourth Amendment rights in the US may be slowly whittling away in the Web 2.0 context, as users voluntarily hand over their personal information – without even realising it.
