Homeland Security subpoenas Twitter for data breach finder`s account
Source: ZD Net, 02/07/2020
Homeland Security has served Twitter with a subpoena, demanding the
account information of a data breach finder, credited with finding
several large caches of exposed and leaking data.
The New Zealand national, whose name isn`t known but goes by the
handle Flash Gordon, revealed the subpoena in a tweet last month.
The pseudonymous data breach finder regularly tweets about leaked data
found on exposed and unprotected servers. Last year, he found a trove
of almost a million patients` data leaking from a medical
telemarketing firm. A recent find included an exposed cache of law
enforcement data by ALERRT, a Texas State University-based
organization, which trains police and civilians against active
shooters. The database, secured in March but reported last week,
revealed that several police departments were under-resourced and
unable to respond to active shooter situations.
Homeland Security`s export control agency, Immigration and Customs
Enforcement (ICE), served the subpoena to Twitter on April 24,
demanding information about the data breach finder`s account.
Twitter informed him of the subpoena, per its policy on disclosing
legal processes to its users. A legal effort to challenge the subpoena
by a June 20 deadline was unsuccessful.
Attorneys from the Electronic Frontier Foundation provided Flash
Gordon legal assistance.
ICE demanded Twitter turn over his screen name, address, phone number
-- and any other identifying information about the account, including
credit cards on the account. The subpoena also demanded the account`s
IP address history, member lists, and any complaints filed against the
The subpoena did not demand the account`s private messages or any
other content, which typically requires a court order or a search warrant.
It`s not known why the subpoena was issued. Twitter spokesperson Emily
Horne said the company does not comment on individual accounts for
privacy and security reasons.
ICE has faced calls for it to shut down amid bipartisan pressure --
and complaints from within the agency -- over the recent
incarcerations of child migrants and lawful asylum seekers. Although
ICE`s public image is often viewed through a lens of detentions and
deportations, a large part of the agency`s work includes fighting
national security threats and fighting transnational crime, including
prosecuting those who violate export laws.
In a message, Flash Gordon said he believed that the subpoena may have
related to the recent find of law enforcement data, but couldn`t be sure.
Security researchers have a target on their backs â` and looming
threats of legal action and lawsuits have many concerned.
`I don`t know what else [Homeland Security] would want from me,` he said.
But serving an export enforcement subpoena -- used in cases to
investigate US export law violations -- is almost unheard of in the
case of a data breach involving private and personal information,
according to one export controls attorney.
`As a general matter, the subpoena is likely to relate to the
development or production of a controlled item, and not names,
addresses, and contact information,` said the attorney in a phone
call, who asked not to be named to avoid any conflicts with his work.
The attorney said that if the subpoena related to the ALERRT breach
that this would be `a misuse` of the subpoena power, as the exposed
personal data wouldn`t be an export control matter. He said that an
export enforcement subpoena may relate to the posting of materials
subject to export controls, such as military items, or technical
information and schematics.
A search of Flash Gordon`s several hundred tweets revealed nothing
obvious that would justify the kind of subpoena served.
The attorney said it`s `not clear how a Twitter account could even be
relevant in an export control investigation,` calling the case a `head
The data breach finder said he`s been left without answers, and
doesn`t know which offending tweets -- if any -- led to the legal
process. As we covered last year, several prominent security
researchers and data breach hunters spoke of a `chilling effect` on
`Which sucks,` he said in a message, `because now I don`t know what I
am allowed to post or talk about on Twitter.`
When reached, ICE spokesperson Matthew Bourke would not comment.