Senior government officials reached out to Twitter to uncover the unknown National Parks employee who allegedly retweeted a photo to the department's official Twitter account showing fewer people at President Trump's inauguration than that of President Barack Obama's.
The retweet -- along with two other rogue retweets -- were quickly deleted from the National Parks Service's official Twitter account. The account was briefly suspended, while the White House said that it neither demanded the tweets were taken down or that the account be suspended.
But a request under the Freedom of Information Act showed that the newly inaugurated president was "directly involved" with what was described as a "sensitive issue" in an email by Tim Cash, chief of digital strategy at the National Parks Service, to Shaun Cavanaugh, the agency's chief information security officer, according to sister-site CBS News, which first covered the story after the department disclosed the files on public records site MuckRock.
According to the emails, a social media officer at the department received an "automated email from Twitter Thursday night asking if she had changed the email address associated with the account and it included an IP address from 'Santa Cruz or Clara, CA'," said Cash in another email.
He added: "The IP that posted our retweets was from the San Bruno area. All three are within an hour of each other, and as ISPs go, that may not be a coincidence."
That's when Cash reached out to Twitter to ask if the company can "put a finer point" on the matter, amid concern that the department's Twitter accounts had been in an internal breach.
It's not known specifically what the administration asked Twitter for help with. When reached by email, Cash only said the department "knew the IP addresses used for the retweets, so we didn't have to request Twitter's assistance for that issue."
A Twitter spokesperson declined to comment.
But based on Twitter's past responses to government requests, the company likely said no.
Twitter has traditionally taken a strong approach to user privacy and security, going as far as pushing back on government requests to unmask its users -- who don't need to register or display their true names, unlike other social networks.
In 2012, Twitter fought the government over a subpoena to obtain information on one of its users, an Occupy Wall Street protester, which the microblogging site said would constitute an unreasonable search. The company eventually buckled amid threats of large fines.
Last month, Twitter pushed back on a lawsuit filed by the Trump administration to unmask the alleged government employee behind a rogue account, purporting to be staff at US Citizenship and Immigration Services (USCIS). Twitter said that the attempts to unmask the users violate their First Amendment rights to disseminate anonymous or pseudonymous political speech.
Within a day of Twitter's pushback, the government dropped its complaint.