Slashdot Mirror
Justice Department Demands Five Twitter Users' Personal Info Over an Emoji (techdirt.com)
An anonymous reader quotes a report from Techdirt: Back in May, the Justice Department -- apparently lacking anything better to do with its time -- sent a subpoena to Twitter, demanding a whole bunch of information on five Twitter users, including a few names that regular Techdirt readers may be familiar with. If you can't see that, it's a subpoena asking for information on the following five Twitter users: @dawg8u ("Mike Honcho"), @abtnatural ("Virgil"), @Popehat (Ken White), @associatesmind (Keith Lee) and @PogoWasRight (Dissent Doe). I'm pretty sure we've talked about three of those five in previous Techdirt posts. Either way, they're folks who are quite active in legal/privacy issues on Twitter. And what info does the DOJ want on them? Well, basically everything: [users' names, addresses, IP addresses associated with their time on Twitter, phone numbers and credit card or bank account numbers.] That's a fair bit of information. Why the hell would the DOJ want all that? Would you believe it appears to be over a single tweet from someone to each of those five individuals that consists entirely of a smiley face? I wish I was kidding. Here's the tweet and then I'll get into the somewhat convoluted back story. The tweet is up as I write this, but here's a screenshot in case it disappears. The Department of Justice's subpoena is intended to address allegations that Shafer, who has a history of spotting weak encryption and drawing attention to it, cyberstalked an FBI agent after the agency raided his home. Vanity Fair summarizes the incident: "In 2013, Shafer discovered that FairCom's data-encryption package had actually exposed a dentist's office to data theft. An F.T.C. settlement later validated Shafer's reporting, but in 2016, when another dentist's office responded to Shafer's disclosure by claiming he'd violated the Computer Fraud and Abuse Act and broken the law, the F.B.I. raided his home and confiscated many of his electronics. Shafer was particularly annoyed at F.B.I. Special Agent Nathan Hopp, who helped to conduct the raid, and who was later involved in a different case: in March, he compiled a criminal complaint involving the F.B.I.'s arrest of a troll for tweeting a flashing GIF at journalist Kurt Eichenwald, who is epileptic. Shafer began to compile publicly available information about Hopp, sharing his findings on Twitter. The Twitter users named in the subpoena had started a separate discussion about Hopp, with one user calling Hopp the "least busy F.B.I. agent of all time," a claim that prompted Shafer's smiley-faced tweet."
TL;DR Basically, if you think you had an expectation of privacy to begin with, you're pretty much an idiot.
Everyone else already knows who you are (see Facebook tracking people WITHOUT facebook accounts!), the people who are trying to stop criminals aren't magically the bad guys--any worse than the corporations who keep and sell your info in the first place.
You can't leak data that was never gathered. You want privacy, use a service that's actually designed for privacy.
You want a public forum? You're going to be... in a public forum. With no expectation of privacy.
We can argue about how it should be in a "perfect world", but in the real world, that's the tradeoff. You either get massive exposure on Twitter, or, communicate with a tight-knit group on something actually secure like Tor, Signal, etc.
"How dare someone know the things I said in public!" As if telling someone to kill their self on Twitter is some kind of sacred, protected right. (And dear God, is Twitter a big bucket of hatred.)
Who cares about the fourth amendment, anyway. We should definitely give the federal government all of our personal information. Maybe install cameras for their viewing benefit in our living rooms? We definitely shouldn't allow anyone to be anonymous on the internet. Or, frankly, any public forum. We need video cameras on all the walmart corkboards right? Just in case it would be useful in solving a crime. Certainly, we can trust the federales to safeguard the bank account information of people who've offended the federales, at least until the democrats are in charge again and then it's probably time to complain about it, yes? Also, wtf is the point of a warrant anymore. It gets in the way of solving crimes, and punishing our political opponents, which soon will be considered the same thing anyway.
Reality is a slackware box running on a 386 tucked away in god's sock drawer.
Dissent's thoughts on the whole situation are just gold and provide a deep look at how the FBI is hiding evidence: https://www.databreaches.net/i...
Fast forward to late 2013, when a dentist named Rob Meaglia alerted some of his patients that a computer was stolen from his offices with "medical records and dental insurance information." But, Dr. Meaglia told his patients that the records system they were using, Dentrix, made by a company called Henry Schein, Inc., had all of that data encrypted. Except it appeared that Dentrix was actually using Faircom's "Data Camouflage" and not actual encryption. And, as that link notes, Henry Schein, Inc. had been informed of this problem months earlier, around the time Faircom admitted it wasn't actual encryption.
In May of 2016, the FTC announced a settlement with Henry Schein, Inc. over the claim that it "falsely advertised the level of encryption it provided to protect patient data." Kudos to Justin Shafer.
But, literally days later, the FBI was raiding Justin Shafer's home and taking all of his computers. This was not specifically about the Harry Schein case, but since Shafer had continued to investigate poor data security practices involving dentists, he'd come across an FTP server operated by another dental software company, Patterson Dental, which makes "Eaglesoft," a dental practice management software product. Shafer had discovered an openly available anonymous FTP server with patient data. Shafer did the right thing as a security researcher, and alerted Patterson. However, rather than thanking Shafer for discovering the server they had left with patient data exposed, Patterson Dental argued that Shafer had violated the CFAA in accessing the open anonymous FTP server. Hence the FBI raid.
Collecting data might not seem all that harmful but when it is used to create stupidly flimsy search warrants and the agent that hates you is first through the door, hot to shoot anyone for anything (I saw a bulge in his under shorts and when he reached for them, In emptied my magazine three times in order to stop him). Either that or the beat the piss out of you and your family and shoot your pets or they destroy your career with a security warning or they destroy you finances with a drawn out fake arse criminal trial and on it goes. When they go out of control, which it seems in this case they have, they can cause an extreme amount of damage to the people they target and in the end to the taxpayers who pay the fine for their corruption.
People have every reason for extreme caution when low quality investigative agents, basically incompetents get on them and start fabricating reasons for legal attacks, fo what ever egoistic reasons those agents choose, whether it just be an easy target for career advancement (easy to fabricate evidence out of nothing and they lack the ability to defend themselves), to wanting to screw a particular persons and needing to get someone out of the way, to a straight up ego trip by destroying someone who has offended them.
US law enforcement is widly out of control, there is every reason to fear any interaction with them and to avoid them as much as possible, they are shite and you people let them turn into shite, by going performance based (more arrest more advancement and better pay, numbers count not quality), specially hiring dumber people rather than smarter people because the dumber people last longer (because they are feeding a power ego trip), cheap ass moronic training (training them to be soldiers on a battlefield rather than police officers), protecting corrupt officers to save on civil suits (totally insane psychopathic capitalism right there). Then not giving a fuck because they will only beat up, kill and falsely imprison the poor because you are not poor (until the make you poor or don't recognise you as rich and treat you like the poor).
Chaos - everything, everywhere, everywhen
Some guy went around probing for and disclosing vulnerabilities and pissed off a dentist's office, which then prompted the FBI to raid his house under the computer fraud and abuse act or whatever. Guy claims he was white hat (I don't know if he was or not), but the color of your hat doesn't change the legality of it. I don't know to what extent he actively probed the dentist's office (there were 2, the second one got mad), so he may not be guilty of anything, but the FBI still has to investigate.
The same FBI agent that raided his house was also involved in the case against the guy who sent a flashing GIF to someone who has epilepsy.
I believe that somehow gave the first guy (who got raided) the full name of the FBI agent involved in raiding his house. He then went full-retard and started cyber stalking the FBI agent and his family, posting all info he could find via Facebook, Google, etc. onto Twitter. Allegedly he posted shit to their Facebooks as well, but again, I don't know if that's true.
Then there was a smiley face tweet from 1 person to 4 others (including the cyber stalking guy). The FBI wants info for those 5 accounts. It seems like it's a weak claim from what we can see, as they need to prove intent to kill, harm, or surveil to bring charges. But they don't need to prove that to get the info relevant to the investigation.
If he (or any of the 4) did such a thing via Facebook or other comments, then this is a non story. There may be DMs (or other accounts, info, etc. related to this shit) between some of them that do include intent to harass the FBI agent and his family. The FBI may suspect this or they may know it but need parallel construction.
Seeking information relevant to an investigation to out makes sense, assuming whoever issued it decided there was enough reason to ask Twitter for that info (and assuming that a judge looks at everything when Twitter fights it).
Implicating 5 people based on a smily emoji? No, not at all.
A guy cyber stalking an FBI agent and his family being closely associated with 4 people? Yup.
It's likely the FBI is out to get this guy, but I can't really blame them until they do something wrong. They haven't, so far. Even the initial raiding of his house, while shitty, is expected and understandable in the "OH NO HAXERZ" world we live in.
If they're bringing a case against him for being a white hat and reporting vulnerabilities, that would be wrong.
If they're end up bringing a case against him for his tweets of public info with no other evidence of intent to kill/harm/surveil/harass, that would be wrong.
However, if they find evidence of this guy (and any of the others) conspiring to harm or harass or surveil someone? I won't be crying.
https://www.popehat.com/2017/10/24/in-which-my-identity-is-sought-by-federal-grand-jury-subpoena/
General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
The FBI is upset that someone collected public information about someone and compiled it in one place. Amazing.
As I've pointed out in other related topics, treating people calling you and telling you about a problem YOU created. Geezeus, the guy is trying to help. And you treat him like a criminal... not cool. This is why criminals get the sploits. This crap right here is a huge part of the problem.
And the criminal justice system following lockstep to prosecute someone trying to be helpful... well... when you get that bill for a few grand on a newly minted credit card in your name.. you know who to thank now.
Shafer did the right thing as a security researcher, and alerted Patterson.
Clearly that isn't the right thing.......
"First they came for the slanderers and i said nothing."
Gen. Michael Hayden refused to answer question about spying on political enemies at National Press Club. At a public appearance, Bush's pointman in the Office of National Intelligence was asked if the NSA was wiretapping Bush's political enemies. When Hayden dodged the question, the questioner repeated, "No, I asked, are you targeting us and people who politically oppose the Bush government, the Bush administration? Not a fishing net, but are you targeting specifically political opponents of the Bush administration?" Hayden looked at the questioner, and after a silence called on a different questioner. (Hayden National Press Club remarks, 1/23/06)
---
Landay: "...the Fourth Amendment of the United States Constitution specifies that you must have probable cause to violate an American's right against unreasonable searches and seizures..."
Gen. Hayden: "No, actually - the Fourth Amendment actually protects all of us against unreasonable search and seizure."
Landay: "But the --"
Gen. Hayden: "That's what it says."
Landay: "The legal measure is probable cause, it says."
Gen. Hayden: "The Amendment says: unreasonable search and seizure."
Landay: "But does it not say 'probable cause'?"
Gen. Hayden [exasperated, scowling]: "No! The Amendment says unreasonable search and seizure."
Landay: "The legal standard is probable cause, General -- "
Gen. Hayden [indignant]: "Just to be very clear ... mmkay... and believe me, if there's any Amendment to the Constitution that employees of the National Security Agency are familiar with, it's the Fourth. Alright? And it is a reasonableness standard in the Fourth Amendment. The constitutional standard is 'reasonable'" ( h/t Dale)
-- Knight-Ridder's Jonathan Landay questioned Gen. Michael Hayden at the National Press Club in January.
----Text of the 4th..
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
*"Cogito Ergo Liberalis"*