HazDat
23Sep/09

You Tweet, therefore: YOU ARE HERE.

TwitterVisionHow Twitter says they'll hide your location from twits with subpoenas.

Recently, Twitter announced that they would be adding geolocation features to their service, allowing users to embed their physical location in their Twitter feed. As not to alarm: Twitter has always maintained that this would be an opt-in feature. But, frankly, any web site you visit is privy to some information about your physical location by virtue of the IP address assigned to your computer by your Internet Service Provider (ISP) from a group of IP addresses reserved for your neighborhood. The logs kept by a web server, combined with a subpoena to the appropriate ISP, usually yield a street address for the subscriber assigned that IP address.

SmarterWare's Gina Trapani (formerly of Lifehacker.com) is attending the Twitter Conference in LA. She's posted updates explaining how Twitter plans to deploy this service and how they intend to protect its Twitter geolocation users from subpoenas. According to Gina, "Twitter will scrub geo-data stored in tweets more than 14 days old to avoid getting subpoena’d about a user’s location in the past. They will outright delete the location information from their database, not just anonymize."

She also reports that while,

"Twitter usually encourages developers and applications to cache data, in the case of geo, they recommend dropping historical location data so that application developers don’t become a subpoena target, either. They also recommend 'fuzzing' location and time data, so that instead of knowing that Joe Smith was at 8th avenue and 15th street at 2:11PM Eastern time on March 7, 2008, you only show that Joe was in Brooklyn on that day. The geodata-scrubbing isn’t a permanent solution. They are looking into ways to store this data in a 'safe' (anonymized?) way in the future, so they won’t always scrub +14 day old data, just at first."

Purging data that isn't mission critical, but likely to be subpoenaed makes a lot of sense. After all, no one writes "Satisfy search warrants in a timely, efficient, and effective manner" into their corporate mission statement.

While I'm convinced that Twitter's motivation is for the sanctity of the corporation, rather than its user-base, it is a step in the right direction. In fact, the direction is so right that one has to wonder why all personally identifiable user data isn't "scrubbed" every 14 days from most online services. Of course, Twitter's raison d'être, is -- among other things -- to give it's user's messages some life and legacy. It's likely that most of those users would also like to take credit for their various flashes of 140 character brilliance.

Not so, however, every time an individual fires off an instant message (IM), or searches Google. Most instant messaging services, for instance, don't store messages after they are sent, but they do store the sender and recipient's IP addresses, with their account information, and the time they logged in. While Google relies on demographic data, such as geography, income, and search interests, in order to sell ads, it doesn't need to be personally attributable to me. Companies like Google, Yahoo!, Facebook, MySpace and AOL are not in the subpoena response business. But, all of these companies employ subpoena compliance personnel, who add to the cost of doing business, but contribute nothing to the bottom-line. Worse yet, where nearly every individual in these companies, in some way, does something, either directly or indirectly, to add to the end-user experience, subpoena compliance often works in direct opposition to that objective.

As many companies learn when they're sued, subpoena compliance is often so expensive that it's cheaper to settle. A company can't be forced to produce what they don't have. And, with some significant exceptions, a company can't be forced to archive what they don't need.

By the way, I'm not just an end-user of all the services listed above, I'm also one of the twits writing the subpoenas.

Share
Print This Post Print This Post

About Jeff M. Fischbach

http://www.twitter.com/FischTech Jeff Michael Fischbach is founder and President of SecondWave Information Systems (SecondWave.com), a consulting firm specializing in Forensic Technology. Since 1994, he has served as a board member and technology adviser to numerous professional organizations and corporations. Mr. Fischbach has been engaged as a litigation consultant and Forensic Examiner, offering expert advice and oversight on matters involving intellectual property, computers, information systems, satellite, tracking and wireless communications technologies. He has advised law enforcement, foreign government representatives, judges, lawyers and the press.
Comments (0) Trackbacks (0)

No comments yet.


Leave a comment


No trackbacks yet.

Log In

Join the conversation...

Join the conversation on Twitter

Join the conversation on Facebook

disquslogo_180 Subscribe to RSS feed

Join the Google conversaton…

Geo Visitors Map