Today the Guardian and others reported that Lord McAlpine will be meeting with members of the Metropolitan Police force to “assess whether criminal prosecutions can be brought over Twitter messages that linked Lord McAlpine with allegations of child sex abuse”.

Having claimed to identify over 10K users that have tweeted and re-tweeted alleged defamatory tweets, Lord McApline appears ready to ask through his lawyers for the police to start a criminal investigation into the identity of the authors of the alleged defamatory tweets.

At this point the matter is still private and any claims to Twitter, a California registered company, will be likely rejected because of California’s libel tourism laws. All private requests to seek the IDs of Twitter users would be rejected.

Twitter’s guidance clearly states that any requests for private information about its users require a subpoena or a court order. In accordance with Twitter’s Privacy Policy and Terms of Service, non-public information about Twitter users is not released except as lawfully required by an “appropriate legal process such as a subpoena, court order, or other valid legal process”. Because Twitter doesn’t demand any sort of information about user verification such as email verification or identity authentication and because they store data automatically, there is not any guarantees that the person running the @mleiser account (me) is actually Mark Leiser. (It is!) Twitter warns that “it may not be accurate if the user has created a fake or anonymous profile.”

It appears his lawyers are wise to the fact Twitter are not going to play ball over providing details of its users for any civil action, and the Guardian article implies a change in tactics to force Twitter to hand over the details.

How would this work? Twitter’s guidance for law enforcement is a good starting point.  It appears that Lord McApline could make a complaint to the police under either Malicious Communications Act 1988 or s127 Communications Act 2003. This would, if the police sought fit to do so, start a criminal investigation into amongst other things, the identification of the 10,000 users Lord McAlpine sent him malicious communications on a public communications network. The Metropolitan Police could not find out users IDs by themselves. They would have to make approaches to Twitter.

In the US, Prosecutors can use a 2703 order to information, which allows them to obtain data without a warrant. It carries more legal weight than a subpoena, but less than a search warrant.  A 2703(d) order is supposed to be issued when prosecutors provide a judge with “specific and articulable facts” that show the information they seek is relevant and material to a criminal investigation.

(Any criminal lawyers know the term of the equivalent here? Please share…)

However what happens if a crime is believed to have been committed in a foreign jurisdiction? US law authorizes Twitter to respond to requests for user information from foreign law enforcement agencies that are issued via U.S. court either by way of a mutual legal assistance treaty or a letter rogatory. (a formal request from a court to a foreign court for some type of judicial assistance)

This is where it gets a tad sticky. How do authorities charge someone with a crime if the ID of the person who committed the crime is unknown? And what would stop Iranian or Mubarak sympathizers from making a prima facie case against Twitter users blogging about democracy or revolution. Twitter has to make a judgement call, and it bases this  judgement on 1st amendment grounds.

Say someone posted a series of pictures on Twitter from an anonymous account depicting a sex act against a minor. The police would duly investigate, and with a court order would give law enforcement some weight when contacting Twitter to release the information about the account including the details and IP addresses.  (I must add here, I would oppose Lord McAlpine getting a Norwich Pharmacal Order on individual tweeters as being disproportionate given the public nature of major apologies and damages.)

However, if successful, with the IP address one could go to the appropriate ISP (BT, Virgin Media, Sky) to find the identity of the account holder of the IP address. At this point the investigator would at least have the account address and possibly the MAC address of the device that sent the tweet.

Don’t worry! If it ever comes to this (which I find unlikely), Twitter will notify its users per its user agreement that a request has been made unless prohibited via a court order.(e.g., an order under 18 U.S.C. § 2705(b) per its own guidelines.

As @highlandlawyer rightly asked earlier today, is it in the public interest for the police to act in this manner and at the request of Lord McAlpine?  It appears, the Metropolitan Police can send a “general” request for information under one single request, but it appears so. In the #OccupyWallStreet case whereas a tweet appeared to encourage protesters “to kill a cop or two” the police demanded access to the account details of the person who sent the Tweet. After being ordered to hand over the details, Twitter appealed the order arguing Malcolm Harris’s (the sender) tweets are protected by the Fourth Amendment “because the government admits that it cannot publicly access them, thus establishing that Defendant maintains a reasonable expectation of privacy in his communications.”

Within Twitter’s argument to the court, they point out that the “U.S. Supreme Court has ruled that public information which would allow law enforcement to draw mere inferences about a citizen’s thoughts and associations are entitled to Constitutional protection, thus establishing that a citizen’s substantive communications are certainly entitled to the same protection.”

From recent statistics it appears Twitter obeys with court orders about 75% of the time by releasing all or some of the information to American authorities. I have not been able to determine (yet) how many requests for information Twitter receives from foreign law enforcement agencies, and how many of them are fulfilled.

What really concerns me is Lord McAlpine, someone who feels has been defamed, using public bodies funded by the taxpayer to circumvent Twitter’s guidelines to find out people’s real IDs to sue under a civil action to remedy their own perceived ills. Furthermore, there has been no reported discussion of how Lord McAlpine’s lawyers determined the 10K people they claim tweeted defamatory comments. If they simply used boolean searches, like #NewsNight #LordMcAlpine and #paedophile only to jot all of the user ids down, then they could be suing people that write two distinctly different tweets for defamation. For example, there is a huge legal difference between saying “”X is the paedophile #Newsnight are talking about” and “#Newsnight talking about X being under investigation for being a #paedophile”. Libel lawyers would argue that both are defamatory and this would be reflected in any damages awarded. Yet there are obvious differences in tweets stating: “disgraceful that #Newsnight is rehashing the discredited #paedophile rumours about #LordMcAlpine”, and “so the #Newsnight #paedophile story is  about #LordMacAlpine”.  All would return in boolean searches. No-one seems to be asking this question from the press.

I am also concerned that any (if there ever was one) letter writing campaign to the alleged 10K users comes across as GoldenEye litigation or trolling volume litigation like the type which brought down ACS Law.

It seems Lord McAlpine’s legal team needs to tread very carefully, because of the very reason we are here in the first place: Twitter. Any letters ambiguous in their terminology; forceful in their vernacular; encouraging people to settle will no doubt be dissected via social media and it appears that Twitter, so far, seriously has got its users’ back. If going to appeal decisions about one Tweeter (from Florida) threatening NYPD cop’s life during the Occupy Wall Street protests, I imagine they will get their back up about any large-scale civil action too.