August 9th, 2012
(EFF) – When New York Magazine reported that Twitter had declined an NYPD request for identifying information about a Twitter account that had allegedly been posting death threats since May, Harrison Weber at The Next Web titled his response: “Twitter Withholds Information from Police After Troll Threatens Murder.” While this language may make for an attention-grabbing headline, the facts are decidedly more complicated.
In his article, Weber cites the recent Guy Adams case to illustrate why Twitter has to “tread extremely carefully on this one, as it has recently received criticism for over-policing its platform.”
In fact, while we were extremely critical of Twitter’s actions in the Adams case, the two don’t warrant comparison. Whereas Twitter believed it was acting on the letter of its terms of service in respect to Adams’ tweets, in this situation the company has taken a clear stand in respect to the law: Twitter will not, in most cases, hand over user information without valid legal process.
Here’s what happened: According to the original New York Post article, NYPD detectives sent an “emergency request” to Twitter to unmask the user. Twitter declined the request with the following response:
“While we do invoke emergency-disclosure procedures when it appears that a threat is present, specific and immediate, this does not appear to fall under those strict parameters as per our policies.”
Twitter has certain legal obligations under the Stored Communications Act, which regulates when and how a service provider can disclose information to others. Twitter is not required to turn over information to law enforcement agents in an emergency, but—under 18 USC § 2702—may do so if it, “in good faith, believes that an emergency involving danger of death or serious physical injury to any person requires disclosure without delay of communications relating to the emergency.”
Despite the fact that Twitter did not deem the tweets to be immediate threats, the NYPD dispatched officers to a location proposed in one of the Twitter user’s alleged threats.
The prospect of Twitter handing over user data to law enforcement on the basis of a simple, informal request—rather than formal legal process like a subpoena, court order, or a warrant, which are subject to varying degrees of oversight from courts—has tremendous implications for Twitter as a platform supporting international freedom of expression. According to Twitter’s first Transparency Report, Twitter received 170 government requests for user information from countries other than the United States between January and July of 2012.
Because Twitter’s policy is to require valid legal process before it will hand over user data, very few of these requests were granted in part or in whole. But if Twitter were to loosen this requirement—as many of yesterday’s commentators have suggested it ought to—it would make it far easier for governments to violate user privacy and demand information be censored.
In other words, if Twitter were to give up the identity of a user to the NYPD based only on a request (as opposed to a court order), what’s to stop them from giving up the identity of a user who breaks Turkish law by “insulting Turkishness” to Turkish authorities, or a user who criticizes the King of Thailand