recommended reading

WikiLeaks ruling spotlights outdated e-privacy law

A federal court ruling against three individuals allegedly associated with WikiLeaks is fueling the debate over updating a 1980s electronic privacy law.

The three argued that the Justice Department's request for personal records from the social media service Twitter constitutes an invasion of privacy. The government sought the data as part of a criminal investigation into WikiLeaks.

The case is refocusing attention on outdated digital privacy mandates that protect the contents of electronic messages, such as Tweets, but not transactional data associated with those messages, including Twitter subscriber names, connection times and computer access locations, or Internet protocol addresses. According to court documents, Justice last year targeted the Twitter records of the trio in connection with a probe apparently into their relationships with the anti-secrets website that leaked mountains of confidential U.S. files. The federal government maintains it has a right to order the records under a 1994 amendment to the 1986 Electronic Communications Privacy Act, which allows authorities to obtain from Internet service companies noncontent data without a warrant.

On Thursday, Judge Liam O'Grady, who sits on the U.S. District Court in Alexandria, Va., ruled, "The Twitter order was issued under [the law], which enumerates particular records subject to disclosure, including the subscriber or customer's name, address, telephone connection records or records of session times and durations, length and type of service used, telephone number or temporarily assigned network address, and method of payment. The government need not notify the customer or subscriber of a records request."

Obama administration officials have cautioned lawmakers who are revamping the law against requiring law enforcement officers to obtain search warrants to access all online communications.

The subjects -- Jacob Appelbaum, an American computer security specialist; Rop Gonggrijp, a Dutch citizen; and Birgitta Jonsdottir, an Icelandic parliamentarian -- learned about the government's orders to Twitter because the company chose to notify them, according to the Electronic Frontier Foundation, a privacy organization representing Jonsdottir. Thursday's decision upheld a March ruling allowing the government to collect the information.

"With this decision, the court is telling all users of online tools hosted in the United States that the U.S. government will have secret access to their data," Jonsdottir said in a statement. The foundation's legal director, Cindy Cohn, added, "We are gravely worried by the court's conclusion that records about you that are collected by Internet services like Twitter, Facebook, Skype and Google are fair game for warrantless searches by the government."

The American Civil Liberties Union, which is co-representing Jonsdottir, has been advocating for revisions to the 1986 law that would tell citizens when the government is seeking their private information from Twitter and other digital forums.

The subjects are considering possible next steps, according to the foundation. On Friday, Justice officials declined to comment on the new ruling beyond what the government has argued in previous filings.

Senate Judiciary Chairman Patrick Leahy, D-Vt., is pushing to amend the 1980s legislation to, among other things, require that the government tell individuals within three days when their accounts are disclosed.

In October, he pledged his committee would vote on legislation he introduced in May, S.1011, by the end of the year. Leahy was not available for comment Friday.

James A. Baker, U.S. associate deputy attorney general, told Leahy's committee in April that Justice opposes altering the law in a way that would insulate communications relevant to criminal investigations. "The kinds of information we're talking about, especially when you come to noncontent information, is critical for our ability to conduct investigations," he testified. "And if we were to raise the standard with respect to some electronic communications, it's going to have an impact on law enforcement investigations."

On Friday, classification researcher Steven Aftergood said Thursday's ruling redraws the boundaries between what is protected online and what is open to surveillance in favor of surveillance.

"Is that what we want?" he questioned. "Or do we want to affirm an expectation of privacy with respect to such records? I think the question is now up for grabs. It's up to privacy proponents to mobilize support for their point of view and to persuade Congress to act. Will Congress do so? I couldn't say."

Aftergood, who directs the government secrecy program at the Federation of American Scientists, turned down a 2007 invitation from WikiLeaks founders to serve on the site's advisory board. He has criticized WikiLeaks for disrespecting the rule of law and the privacy rights of individuals.

He noted on Friday that the fact privacy has become an issue at all in the criminal investigation is yet one more "bit of fallout from the WikiLeaks episode, which has produced a series of negative consequences."

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.


When you download a report, your information may be shared with the underwriters of that document.