Feds Gagged Encrypted Communications Firm Open Whisper Systems Over Massively Overbroad Subpoena
from the and-then-backed-down dept
This morning the ACLU announced that it had convinced the government to remove a ridiculous gag order on a subpoena that had been sent to Open Whisper Systems, the makers of the popular Signal encrypted messaging app, and whose encrypted communication protocol is used by many others, including WhatsApp, Facebook and Google for their encrypted messaging offerings. It’s not that surprising that a grand jury would issue a subpoena to Open Whisper Systems demanding “subscriber name, address, telephone numbers, email addresses, method of payment, IP registration, IP history logs and addresses, account history, toll records, upstream and downstream providers, any associated accounts acquired through cookie data, and any other contact information from inception to the present” for certain accounts being investigated. But, of course, Open Whisper Systems has basically none of that data. It “complied” with the subpoena to the extent that it could, which is basically that the only information it has is when the account was created and the last time it was accessed:
As Marcy Wheeler rightly points out, the request itself is way too broad, covering information that the government is not allowed to ask for under ECPA (Electronic Communications Privacy Act). But, it’s not like the government feels it needs to follow its own laws anyway…
The really concerning part about this, however, is that the subpoena came with an unnecessary and likely unconstitutional gag order. The gag order was, at least, bounded. After years of the DOJ issuing gag orders with no end date, at least this one was limited to one year. However, as the ACLU pointed out, a gag order needs to meet a pretty high bar to get over the fairly large First Amendment hurdle. And this one did not do that:
A magistrate judge signed the gag order, citing ?reason to believe that notification of the existence of the . . . subpoena will seriously jeopardize the investigation [under prosecution by the grand jury], including by giving targets an opportunity to flee or continue flight from prosecution, destroy or tamper with evidence, change patterns of behavior, or notify confederates.?
Of course, those risks could be real, and the government?s need for secrecy in law enforcement investigations cannot be dismissed outright. But that general interest applies in virtually every criminal investigation, including those involving the public execution of search warrants. To meet the stringent First Amendment standard, any gag must be justified by something much greater. The First Amendment requires that to close courtrooms or seal evidence?and especially to prohibit a party from speaking publicly on a matter of public concern?the government demonstrate a compelling interest in secrecy, and it must apply that secrecy in the narrowest possible way. But instead, the government appears to seek blanket gag orders by default, without considering precisely what information can be disclosed without harm to its interests.
Open Whisper Systems went to the ACLU. The ACLU reached out to the government with a friendlier version of “WTF?” — and the government basically backed down immediately, more or less admitting that the gag order was bogus:
To its credit, the government quickly agreed with us that most of the information under seal could be publicly disclosed. But the fact that the government didn’t put up too much of a fight suggests that secrecy?and not transparency?has become a governmental default when it comes to demands for our electronic information, and critically, not everyone has the resources or the ability to work with the ACLU to challenge it.
OWS immediately recognized that even though the government required some secrecy over the subpoena, it did not need, nor could it justify, total secrecy. So OWS came to us, and we went to the government, which agreed to reverse its original demand for secrecy?and now OWS?s customers and the broader public can see for themselves just how wildly overbroad the government?s gag order was from the jump. And while this?the only one ever received by OWS?is now public, there are many more like it, hiding in the filing cabinets in the U.S. attorney?s offices across the country.
Of course, this leaves the big open question implied by the ACLU’s statement above: how many other companies have also received unconstitutional gag orders, and simply complied? The larger tech companies have gotten much better (in the post-Snowden era) of pushing back against such gag orders, but for smaller companies it’s likely that many are just complying, because they don’t have either the resources or knowledge that this kind of thing is not actually allowed.