IP data of Twitter users linked to WikiLeaks can’t be granted without a warrant

US prosecutors should be required to get a court warrant to get the IP addresses of Twitter users linked to WikiLeaks according to a court brief filed this week by a group of reputed security experts.

Steve Bellovin, computer science professor at Columbia University; Matt Blaze, computer science professor at the University of Pennsylvania; Peter Neuman, principal scientist at SRI International; Bruce Schneier, chief security technology officer at BT; and others filed the amicus brief in the US District Court in Alexandria, Virginia. The filing argues that IP addresses much like cellphone location data can reveal a lot about a person’s movement, activities and even associations, and therefore should enjoy a higher degree of protection than phone numbers.

These experts claim that a federal judge should to overturn an order requiring Twitter to turn over IP addresses and other information on three WikiLeaks associates.

The case involves Birgitta Jonsdottir, a member of Iceland’s parliament, as well as WikiLeaks’ U.S. representative Jacob Appelbaum, and Dutch businessman and activist Rop Gonggrijp. Jonsdottir and Gonggrijp helped WikiLeaks prepare the release of a classified U.S. Army video published last April.

The U.S. Justice Department obtained a 2703(d) order to get information from Twitter about their accounts with the site. Among the data sought by the government are the IP addresses used to access the accounts and records of their session times and durations.

Experts argue that IP information may provide too many details for the prosecutors including the whole traveling routes of a person. Thus, if a user accesses his Twitter account from different locations starting at an airport and ending at the destination hotel he would leave a trail of IP addresses that could allow the government to map the user’s journey.

Add to this the date and time of access to Twitter, and authorities could infer relationships between the user and others who might be tracked to the same place at the same time.

“Suppose for example that two individuals logged in to Twitter at exactly the same date and time from a single IP address associated with a Starbucks in Reykjavik, Iceland,” the technologists write in the brief. “That information would be highly suggestive of the fact that the two people were meeting each other.”

The government’s acquisition of such data has serious implications for a person’s expectations of privacy, the technologists write, which should, in turn, “trigger greater judicial scrutiny of Constitutional issues that arise.”

Marvin Miller, an attorney who filed the brief told Threat Level that the idea behind the brief is that the information the government is seeking would yield “more than perhaps they’re entitled to or maybe than they might think they’re seeking.”

Co-counsel Thomas Moore added that when it comes to IP addresses and cell phone data, the courts need to throw out their old concepts about telephone numbers and come up with new principles for dealing with newer technologies that are more intrusive.

“We just want the judge to start from the point of view of getting the technology right,” he said.