Ghosts in the machine: Twitter and the trickle-down Patriot Act effect
(Art by My Dead Pony.)
Yesterday I heard Paul M. Davis, the radio host of Radical Free Ruin, ask why there haven’t been more ghost stories about electronic gadgets the way there used to be about analog devices. The iPhone may flaunt the interactive module of Siri but that doesn’t hold a candle to frequent ye olde time confessions about spirited clicks or voices talking back from one’s typewriter or radio.
A subtext of that podcast—actually the reason I was listening in the first place—was that Davis’ interview guest was Malcolm Harris (talking in a different segment about a completely different subject, but the tracing is notable nonetheless). Twitter has been served with a subpoena for @destructuremal’s private records, presumably related to the Brooklyn Bridge arrest of more than 700 people. Both he and the company are preparing to fight it. Kade Crockford of the ACLU-Massachusetts wrote a post (on a blog you might consider reading regularly anyway) about the government’s likely reasoning behind the subpoena. She asks the $64,000 question: what could Manhattan District Attorney Cyrus Vance possibly want with a public Twitter account? Private access, likely.
And it wasn’t too long ago here in Massachusetts that Boston’s Assistant District Attorney Benjamin Goldberger subpoenaed not only Twitter accounts and IP address logs, but even hashtags, related to Occupy Boston and Anonymous. Hilarity ensued when the information requested from Twitter appeared nonsensical—the wrong Occupy Boston handle was subpoenaed, one account name was turned into a hashtag, and so on—but the scope of the phishing expedition appeared, in the words of the ACLU, ‘politically explosive.’ Was the district attorney seriously going after the IP information of every single person who had ever tweeted from the #BostonPD hashtag?
Conversations around Occupy Boston/Anonymous and Mal’s case, among others, are bound to interpret the subpoena tactic as a tool of political intimidation (at least in authoritarian regimes where the state controls internet access, intimidating users is often effective, however flexible and clever the activist or collective may be). We spend less time conjuring the history of the tactic itself. The machine ghost we assumed went into dormancy with the advent of our incalculably more advanced devices and electronic habits and private files flits its little head out from time to time.
It was almost exactly a year ago that Twitter revealed a secret court order issued by the Department of Justice to obtain private access to the contents of Wikileaks-related accounts. (It’s important to state this point: it was a secret order and not a subpoena as with the more recent cases highlighted here.) The order included ‘network addresses, connection logs, credit card information, and identities of everyone they talked to.’ I can’t speak for others but Twitter’s notification of users was very encouraging even as the twisted nature of the Court’s request itself was highly believable. Twitter is a multi-million dollar corporation. I am not a citizen in its domain but a subscriber. (To that effect, benevolent dictators are always better than malicious ones.) For once, Twitter’s notification of users (and promise to hand over no information to the feds if account-holders filed a motion within ten days) became something of a ‘gold standard of customer protection’ and an encouraging move in a muddled consumer-subscriber realm where corporate abuse seems not only likely but morosely expected.
The Court order issued to Twitter in the Wikileaks case was authorized under 18 USC 2703(d), as can be seen here. This provision was bundled in with a law called the Stored Communications Act, originally enacted as early as 1986. Among other measures the law allowed (and continues to allow) the government to compel companies to turn over records concerning electronic communications.
Darryl Li (@abubanda) writes me:
The USA PATRIOT act amended and enlarged the scope of this law. Prior to the PATRIOT Act, the companies could turn over information such as: name, address, telephone billing records, telephone numbers, length of service, and types of services. The PATRIOT Act specified that such information could also include ‘records of session times and durations’ for phone calls as well as network addresses. It also—and most significantly—added the power to obtain ‘means and source of payment for such service (including any credit card or bank account number).’
A marked-up version comparing the two versions of the law is available here.
The secret orders and subpoenas are likely a tiny part of the picture, one we know about because of the historical precedent set by Twitter to give a hoot. (At the time of the secret order E. B. Boyd wrote that the reason Twitter was the only company to challenge the secret Wikileaks order was because of the person heading its general counsel, Alex Macgillivray or @amac.)
In order to locate this ghost, whose form is closer to an iceberg than a range of stalactites that would be far easier to ferret out, we could contrast the expansion of seemingly novel electronic surveillance tactics with run-of-the-mill police/government infiltration of activists’ lives.
No doubt some will remember ‘Karen Sullivan,’ the undercover agent who infiltrated the networks of Minnesota activists. Jess Sundin, an activist with Anti-War Committee told Democracy Now!:
Karen came to weekly meetings. We’re all volunteers, and so we make decisions together at those meetings, and she participated in those discussions, sometimes even chairing the meetings. Karen had a key to our office, a key which she later used—or the FBI used—to raid the office on September 24th and let themselves in. And she also at times assisted with our bookkeeping and had full access to our financial records, our membership lists and everything else we’re involved in.
‘Karen Sullivan’ appropriated a physical key from a physical site where she had physical access, and that key was used by the FB to enter and seize activists’ records and equipment. This is where the web-created term IRL or ‘in real life’ becomes at best unhelpful and at worse negligent. While the government breaking and entering into your residence, place of work, place of worship, etc. (just ask the uncounted Muslims, Arabs, Middle Eastern-Americans, or those believed to be in cahoots with them) is an undoubtedly terrifying prospect, the presence of a presence differentiates it from a secret order or subpoena which relies on the presence of an absence. Yet that prospect is no less frightening. In the electronic terrain authorization is far more fluid (and shadowy). Notwithstanding a minor exception no police officer need be involved:
Presence of Officer Not Required. — [T]he presence of an officer shall not be required for service or execution of a search warrant issued in accordance with this chapter requiring disclosure by a provider of electronic communications service or remote computing service of the contents of communications or records or other information pertaining to a subscriber to or customer of such service.
We may snort our noses and dismiss the claptrap (even internet-deaf) logic and tactics used by police and prosecutors to break in to our accounts, files, and lives but the electronic history of this wee bit ghost is at least as old as the young people being investigated (my generation) and as sinister as the enduring legacy of PATRIOT.