Researchers and analysts say a trove of data archived from conservative-favored social media app Parler poses a real risk for those who used the platform to share their involvement in a pro-Trump mob that stormed the U.S. Capitol.

It's mind-blowing. The potential effects go well beyond tagging who participated in the takeover of the Capitol, said Peter Singer, a strategist and senior fellow at the New America think tank.

The archive, which was scraped by a self-described hacker who goes by the Twitter handle @donk_enby, represents up to 99.9 percent of the data from Parler before Amazon's cloud services took it offline Monday, Gizmodo's Dell Cameron first reported. Some of the rioters who attacked the Capitol last week, hoping to overturn the presidential election, had posted their plans on Parler, which was also removed from Apple and Google's app stores in the riot's aftermath.

Law enforcement officials have since used the rioters own social media accounts to help track them down and arrest them. That means information archived from sites like Parler, which also includes millions of posts that users deleted, could be used to implicate those who stormed the Capitol and committed possible crimes.

The underlying data attached to the posts, including location data, could be matched with information from other online forums, such as Facebook, Singer says.

With tensions over the riot so high, non-law enforcement could use the data to dox or blackmail users, Singer says.

An example of the metadata found in the archive from @donk_enby:

Although @donk_enby confirmed the archive only contains information publicly available via the app, that could still include data such as phone numbers and emails. As one Twitter user pointed out, Rep. Marjorie Taylor Greene (R-Ga.), who supports the QAnon theory, had been soliciting emails and phone numbers on the app to keep in touch with supporters after Twitter and Facebook kicked President Trump off their platforms for inciting the violence.

Parler users also may have shared other identifying information in public posts.

Speculation that law enforcement could use the data to track down members of the Capitol riot raises legal questions.

All the data would be fair game for law enforcement, said Kiel Brennan-Marquez, a professor at the University of Connecticut School of Law who specializes in surveillance and data collection.

A principle under the Fourth Amendment, called the private search doctrine, allows the government to use data stemming from surveillance or intrusion by a third party so long as law enforcement didn't coordinate with the individual. This argument has stood up in cases involving data from hacker vigilantes,Brennan-Marquez says.

Where law enforcement could run into issues is if the data were presented in court, which would likely require authentication of  the evidence. Essentially, although the archived data from Parler might hasten law enforcement efforts, officials probably would still have to confirm its authenticity through a subpoena of the original posts from Amazon Web Services or other means.

Although it wasn't archived, Parler also collected Social Security numbers, phone manufacturer and carrier, and mobile activities. That's a treasure trove of data should law enforcement choose to subpoena it. 

There's also a chance such a high-profile case could become a flash point in arguments the private search doctrine has given law enforcement too much authority, as Brennan-Marquez and other legal experts have warned.

A map of the Parler post locations in the U.S. based on the archive data by coder Kyle McDonald:

Parler's failure to safeguard user content and metadata from scraping challenges its funders' claims to be a “beacon” for privacy.

“It’s one thing to have the intention of privacy and it’s another to be able to deliver it in a meaningful way,” security researcher Troy Hunt told my colleagues Rachel Lerman and Nitasha Tiku. He pointed out that both Facebook and Twitter have controls in place to prevent the same kind of scraping.

It's unclear why Parler would have collected such extensive data on users. The company was launched by an investment from the billionaire Republican megadonor Rebekah Mercer, who with her father helped bankroll Trump and Cambridge Analytica, the firm behind the notorious Facebook data-harvesting project. 

As trusted enterprise services, including security firms, drop right-wing apps for hosting content inciting violence, they could become even more insecure.

The keys

The Treasury Department sanctioned Russia-linked trolls who tried to spread unfounded corruption allegations about Biden. 

Several were involved with a campaign by Trump's personal lawyer Rudolph W. Giuliani to damage President-elect Joe Biden, officials said, Ellen Nakashima and David L. Stern report

Andrii Telizhenko worked with Giuliani to spread anti-Biden information with Republican lawmakers. The allegations of corruption resulted in a Senate probe that fizzled out with any real evidence. 

“By imposing sanctions on Telizhenko, the Trump administration confirms that Senate Republicans’ year-long investigation was based on Russian disinformation,” the Senate Finance Committee’s ranking Democrat, Sen. Ron Wyden (Ore.), said in a statement.

Giuliani’s lawyer, Robert J. Costello, called the Treasury Department’s statement an attempt to “paint guilt on people by association.”

Biden will nominate William J. Burns as the next director of the CIA as tensions with Russia over hacking heat up.

Burns was most recently the deputy secretary of state under President Barack Obama before retiring in 2014, Shane Harris reports.

Burns, who has more than three decades worth of foreign service experience and served as a U.S. ambassador to Russia, would be taking over as the United States deals with a massive hack of multiple government agencies by Russia. The CIA, alongside the intelligence community, has also had to contend with election interference from Russia, China and Iran.

“Bill Burns is an exemplary diplomat with decades of experience on the world stage keeping our people and our country safe and secure,” Biden said in a statement. “He shares my profound belief that intelligence must be apolitical and that the dedicated intelligence professionals serving our nation deserve our gratitude and respect.”

An angry State Department employee — not a hacker — appears to be behind an edit saying Trump's term is over.

The changes to the State Department's biographical pages for the president and Vice President Pence were the work of an angry employee not a hacker, Christopher Miller at BuzzFeed reported. Both pages were removed by 4 p.m. 

It’s a “closed system” that is “nearly impossible to hack,” one diplomat familiar with the situation told BuzzFeed. “It's 100% not a hack.”

Secretary of State Mike Pompeo has ordered an internal investigation of the matter, a diplomat with knowledge of the situation told BuzzFeed. 

Acting homeland security secretary Chad Wolf resigned Monday. Lawmakers are questioning his timing.

His sudden resignation comes just little over a week before the agency is set to oversee the presidential inauguration, where pro-Trump militants plan to stage gatherings similar to last week's deadly mob, Nick Miroff  and Carol D. Leonnig report. 

Lawmakers have blasted Wolf and DHS for not anticipating the threats posed by last week's mob and have called for hearings on the subject. Now lawmakers are questioning Wolf's early resignation before the next big potential threat.

“He has chosen to resign during a time of national crisis and when domestic terrorists may be planning additional attacks on our government,” Rep. Bennie Thompson (D-Miss.), chairman of the House Homeland Security Committee, said in a statement. “Unlike others, he is apparently not leaving the Trump Administration on principle.”

Wolf served in the acting role for more than a year without congressional confirmation.


Secure log off

Seth Meyers on Twitter's Trump ban: