Homeland Security subpoenas Twitter for an independent researcher’s information

Twitter user @s7nsin’s “Flash Gordon” avatar

Homeland Security has subpoenaed Twitter for the account information of an independent researcher who has been the source of a number of this site’s reports. Is this just another chapter in the war on independent researchers to try to chill speech? Or is there more to the story that we do not yet know? 

Zack Whittaker of ZDNet reports that Homeland Security served Twitter with a subpoena demanding the account information of the Twitter user known as @s7nsins (“Flash Gordon”). Flash has been a frequent source of information on leaks and exposed databases, and this site has reported on just some of the many leaks he has uncovered and shared with this site. His Twitter timeline is filled with examples of his many finds.

Flash, who self-identifies as being in New Zealand, first revealed the export enforcement subpoena in a tweet last month, and provided this site with a copy:

Homeland Security subpoenaed Twitter for @s7nsin’s account information. Supplied image.
The subpoena demanded a variety of details on Flash Gordon’s account. Supplied image.

The April 24 subpoena required Twitter to supply the following information:

  1. Subscriber’s screen name
  2. Subscriber address
  3. Subscriber’s telephone number or numbers, the e-mail address or addresses, account or login name or names, or any other information pertaining to the identity of the subscriber, including type and number of credit cards used for billing purposes, or any other identifying information.
  4. The types of services subscribed to or utilized by the subscriber and the lengths of such services
  5. This should include means of payment of any such account and associated IP logs for these accounts; member lists; and other IP logs including all ISS logs
  6. Any complaints that Twitter, Inc. may have received regarding this said account or any related screen names.

This non-governmental explanation of export control may help readers understand the basis for DHS/ICE getting involved:

What is an Export?

When we think of exports, we typically envision the shipment of a physical item from the U.S. to another country. While this is one form of an export, another involves the export of information from a U.S. individual to a non-U.S. person, and such so-called “deemed exports” can take place completely within the United States. A “deemed export” is an export of controlled “technology” (typically, information necessary for the production, development, or use of an item) to a non-U.S. person. These exports are “deemed” to be exports to the home country of the individual to whom the information is released. While exports of information are commonplace at institutions all around the United States, some “deemed exports” require government authorization in the form of a deemed export license from the U.S. Department of Commerce, or a foreign national employment license issued as a DSP-5 License by the U.S. Department of State. If the technology shared with a non-U.S. person could not be physically exported as printed material to the home country of the non U.S. person, then generally a deemed export license must be obtained prior to sharing the technology with the non-U.S. person in the U.S., unless a license exception is available.

But how would that apply to this situation? There is no U.S. individual here who is exporting information to a non-U.S. person, is there?

In his report, Zack hypothesizes that the subpoena might be related to a leak involving ALERRT.org, an organization that provides training for active shooter responders.  ZDNet recently reported on the leak that Flash had uncovered. But how likely is that leak to be responsible for an ICE subpoena?

The ALERRT leak/exposure was discovered by @s7nsins in March and it was shared with DataBreaches.net immediately upon discovery. The data were hosted on a server in Texas and the ALERRT organization is headquartered in Texas. DataBreaches.net notified ALERRT.org via voicemail and email on March 24, and received an actual email acknowledgement and thanks that same date. DataBreaches.net did not publicly report on the incident, and did not indicate to ALERRT that this would be reported upon. Did ALERRT report the exposure to DHS? Wouldn’t they have reported to the FBI if they were going to report it at all? And wouldn’t the FBI have pursued it instead of DHS? How/why would ICE get involved at all?

The only thing Flash had tweeted about his find was on March 26, and he didn’t even name the organization or include any screencaps:

Something doesn’t make a lot of sense yet if the ALERRT incident is the explanation for the subpoena.  And as Zack reports, one lawyer ZDNet consulted with found the whole situation a head-scratcher.

Zack is a lot smarter than I am, and perhaps he is right in suggesting that there may be a link to the ALERRT incident, but there are so many leaks that Flash found and disclosed that it’s hard to be confident in any guess. But if this is about a researcher finding exposed data on servers and sharing his findings with U.S.-based journalists, then where is there any “export” that would justify the involvement of ICE?

DataBreaches.net reached out to ALERRT.org and to ICE for a statement on Saturday, but has received no response from either as yet.

Update July 3:  After sending a second request, DataBreaches.net received a reply from Matthew Bourke of ICE’s Office of Public Affairs. Bourke wrote that “we are looking into this issue, but have no information to share at this time.”  DataBreaches.net has not yet heard back from the individual at ALERRT who I had reached out to for follow-up.

About the author: Dissent