As Twitter continues to thrive as the communications tool of choice amongst activists, dissenters and occupiers worldwide it should be no surprise that the San Francisco-based company is drawing heightened attention from US law enforcement agencies. Most recently, and likely to the surprise of even the most conspiratorial privacy advocates has been the Boston Police Department’s subpoena for data on a hashtag, #bostonPD. Yes, a supeona on a hashtag.
While Twitter has fought back against law enforcement agencies’ attempts to get their hands on user data in the past, it seems to be losing more than its winning. Twitter’s defiance towards LEAs has been its policy to notify users when their accounts have been subpoenaed, a policy that LEAs have sought to bypass.
With the support of WikiLeaks the #NOLOGS hashtag is catching on quickly. No surprise there. as from an activist’s perspective this seems like a winning move against the ever-growing Big Brother state. The question that needs to be asked though is, would this actually provide the protection that activists are looking for and need? Also, probably more importantly, what kind of effect would a switch to a #NOLOGS policy have on Twitter’s 140 character worldwide conversation?
Log Data: Our servers automatically record information (“Log Data”) created by your use of the Services. Log Data may include information such as your IP address, browser type, the referring domain, pages visited, your mobile carrier, device and application IDs, and search terms. Other actions, such as interactions with our website, applications and advertisements, may also be included in Log Data. If we haven’t already deleted the Log Data earlier, we will either delete it or remove any common account identifiers, such as your username, full IP address, or email address, after 18 months.
And what that data is used for:
Law and Harm: We may preserve or disclose your information if we believe that it is reasonably necessary to comply with a law, regulation or legal request; to protect the safety of any person; to address fraud, security or technical issues; or to protect Twitter’s rights or property.
From a logging perspective it’s important to consider the amount of data we are talking about here. Twitter claims to have 175 Million users, a statistic that some debate. However, from a logging perspective it matters not if the account is fake or real, they are still getting logged. Regardless of how this data is compressed and stored, this is a LOT of data, every single day. While the average tweet is only 140 characters, when you count the included metadata (IP, Location, Date, Time, browser type, the referring domain, pages visited, your mobile carrier, device and application IDs, and search terms) we are talking about a massive amount of log data. From a management perspective this is a lot of work. Storing and accessing that volume of data is likely not as easy as many would think and from that perspective alone it would seem like Twitter would love to adopt a #NOLOGS policy.
Consider that account X is being reported as spam by a high percentage of users, why not cross reference the IP address its been connecting from (or even address block) to other accounts recently being flagged as spam? Simple algorithms like this could potentially be an integral part of keeping Twitter safe and usable. It would certainly seem like sites like Facebook are using similar systems to thwart fraud as well. Consider the following screen shot, captured after Facebook detected malicious activity.
Beyond fraud and security data, it’s hard to imagine that Twitter is not capitalizing off visited link data as well. If that’s the case, adopting a #NOLOGS policy could potentially have financial implications for the company.
It would seem like Twitter understands the situation, and the ferocious opposition that can be felt when privacy is sacrificed for security, but should the question be around Twitter’s logging policy or the US LEA’s desire to be omnipresent?
Either way, it will be interesting to see if the #NOLOGS hashtag trends on or if this mission loses steam and is forgotten. While the privacy of its activist user base is clearly important to Twitter, when you weigh in all options it seems unlikely that they will adopt such a policy.
If Twitter does remain the activist’s communication tool of choice, one thing is clear: it will be increasingly difficult to appease both US LEA’s and the activist/privacy-supporting section of its user base.