Indiana University

Skip to:

  1. Search
  2. Breadcrumb Navigation
  3. Content
  4. Browse by Topic
  5. Services & Resources
  6. Additional Resources
  7. Multimedia News

Media Contacts

James Boyd
Center for Applied Cybersecurity Research

Last modified: Thursday, March 31, 2011

CACR graduate fellow files amicus brief in Twitter/WikiLeaks case

March 31, 2011

BLOOMINGTON, Ind. -- An Indiana University cybersecurity researcher has joined in the legal proceedings on whether the Department of Justice should have access to Twitter account records of several individuals associated with WikiLeaks.

Christopher Soghoian, a graduate fellow with the Indiana University Center for Applied Cybersecurity Research, filed an amicus brief with the U.S. District Court for the Eastern District of Virginia this week, urging a federal judge to at least consider an argument that Twitter's privacy policies were not sufficiently clear.

While other lawyers and observers have homed in on the legality of seizing what could be considered private communications, Soghoian has focused on the confusing and dense terms of service agreement users sign when installing new software or registering for social media websites.

Chris Soghoian

Chris Soghoian

Soghoian, along with 10 cosigners, contends that Twitter's privacy policies were buried amid a trove of other language that users are required to agree to before they can begin utilizing the service, language that—according to various academic studies—was probably overlooked.

"When consumers sign up for a Twitter account, they are shown a copy of the over 200-line Terms of Service in a text box which displays five lines of text at a time," Soghoian wrote. "Users are not required scroll to the bottom or click a check box acknowledging that they have read the terms."

Instead, as it is with many other products and services, users can agree to the full terms of service without reading beyond the first five lines of text. Soghoian argues it is highly unlikely the Twitter users went beyond that, never reading the portion of the agreement that specifies IP addresses are stored and can be subject to scrutiny.

"The Twitter Terms of Service, obscured as they are, do not include any mention of IP addresses. Instead, it is Twitter's Privacy Policy that includes the relevant disclosure, in the sixth paragraph. It is entirely possible, if not likely, that petitioners never clicked the link to and never saw Twitter's privacy policy," Soghoian wrote.

Backing up his argument, Soghoian cites a number of examples of prominent lawmakers and government officials who have publicly admitted that dense user agreements are often ignored. The IU researcher quotes U.S. Supreme Court Chief Justice John Roberts and Federal Trade Commission Chairman Jon Leibowitz as both saying current terms of service agreements are too dense and complex for the average user.

"Academic studies as well as statements by senior officials at the Federal Trade Commission and the Chief Justice of the Supreme Court confirm that consumers do not read privacy policies," Soghoian wrote.

The Department of Justice in December requested user information for three individuals with ties to WikiLeaks: Birgitta Jónsdóttir, a member of the Icelandic parliament; DXS4ALL Internet provider co-founder Rop Gonggrijp; and American Jacob Appelbaum. Appelbaum visited the CACR in January as part of the center's Security Seminar series.

The three Twitter users filed a motion to prevent their data from being disclosed, but a federal judge ruled against them. An appeal was filed last week, and Soghoian's amicus brief was filed this week to support the case of Twitter users.

Soghoian's research is generally focused on the topic of online privacy, including both consumer issues (such as online tracking) as well as government surveillance. His Ph.D. dissertation is focused on the role that companies play in either resisting or facilitating surveillance of their customers. He can be reached at: