DreamHost Wins Challenge Against DOJ's Overbroad Data Demands
from the the-Man-briefly-experiences-having-it-stuck-to-him dept
DreamHost has been fighting the DOJ and its breathtakingly-broad demand for information on all visitors to an anti-Trump website. This has gone on for a few months now, but the origin of the DOJ’s interest in the DreamHosted disruptj20.org site traces all the way back to protests during Trump’s inauguration.
Here’s what the DOJ demanded DreamHost hand over:
a. all records or other information pertaining to that account or identifier, including all files, databases, and database records stored by DreamHost in relation to that account or identifier;
b. all information in the possession of DreamHost that might identify the subscribers related to those accounts or identifiers, including names, addresses, telephone numbers and other identifiers, e-mail addresses, business information, the length of service (including start date), means and source of payment for services (including any credit card or bank account number), and information about any domain name registration;
c. all records pertaining to the types of service utilized by the user,
d. all records pertaining to communications between DreamHost and any person regarding the account or identifier, including contacts with support services and records of actions taken.
These demands conceivably applied to every single one of the site’s 1.2 million visitors. The DOJ scaled back some of its demands a week later, but also stated its attempt to “converse” (read: talk DreamHost into compliance) had been rebuffed, with the hosting company stating its desire to continue challenging the subpoena.
This demand for information would be in addition to a warrant it served to Facebook, seeking everything ever from the accounts of more than 6,000 users. This was served to Facebook, along with a gag order — something the DOJ conveniently dropped the night before oral arguments, perhaps sensing it might be in for an unfavorable precedential ruling.
Chief Judge Morin of the DC Superior Court has issued a ruling on the DreamHost-targeting subpoena, and it’s good news for everyone but the overreaching DOJ. DreamHost reports on the judge’s order:
Under this order, we now have the ability to redact all identifying information and protect the identities of users who interacted with disruptj20.org before handing over any data to the court.
We are now required to hand over a drastically reduced amount of data to the government and will redact any identifying information from every scrap of it that relates to non-subscribers.
On top of that, the DOJ will have to submit search protocols and procedures to the court for approval before demanding further site visitor info and limit its requests to info it can show the court is linked to actual criminal activity (violations of DC’s rioting statutes). The DC Superior Court will make final determinations on the validity of the government’s data requests before any identifying information is released by DreamHost.
As the court notes in its order [PDF], it’s not interested in assisting the government with its fishing expeditions.
Because of the potential breadth of the government’s review in this case, the Warrant in its execution may implicate otherwise innocuous and constitutionally protected activity. As the Court has previously stated, while the government has the right to execute its Warrant, it does not have the right to rummage through the information contained on DreamHost’s website and discover the identity of, or access communications by, individuals not participating in alleged criminal activity, particularly those persons who were engaging in protected First Amendment activities.
And this still may not be the end of the DOJ’s problems. Even if revised info demands are approved by the court, there are still a handful of potential investigation targets (site visitors and owners) readying their own challenges of the government’s data requests. At this point, site visitors who’ve already attempted to challenge the subpoena obviously don’t know if they’re actually targeted by the DOJ. The court has dismissed their appeals without prejudice, which will allow them to refile if they make the government’s final cut.
This is good news for everyone who avails themselves of third-party services (which is pretty much everybody). A little pushback sometimes goes a long way. Anyone seeking to keep their private info private should be taking note on who’s willing to challenge the government’s overreach and who’s willing to act as little more than a data broker for law enforcement agencies.
Filed Under: disruptj20, doj, fishing expedition, inauguration, privacy, protests
Comments on “DreamHost Wins Challenge Against DOJ's Overbroad Data Demands”
It is not only good news, but I hope it is good precedent for future overreach by the DOJ or other law ‘enforcement’.
How far we’ve come that constitutionally protected speech can be rummaged through by the DOJ simply because an orange clown jackass has thin skin.
Please don’t take that to mean I am referring to any particular orange clown. Just to orange clowns collectively in general.
Oh how fun it would be to redact information getting sent to the government.
Hopefully it will end up including at least one page that’s one word, maybe two, surrounded by a positive sea of black redaction marks.
How warrants work
How warrants work…
A crime is committed, you develop probable cause, you request a warrant, you go get the information you asked to seize in the warrant, you confirm/prove the crime, you go arrest someone.
how they DO NOT WORK…
you THINK a crime was committed, you request a warrant, you go sifting through illegally seized data, you develop probable cause, you arrest someone.
Re: How warrants work
and sometimes a crime has not been committed and they know it….
they just want to take your stuff.
Use against Stingray Devices?
Where the judge says “it does not have the right to rummage through the information” and “discover the identity of, or access communications by, individuals not participating in alleged criminal activity” isn’t this basically what a Stingray device does? Hoover up everyone’s comms in the area and let them sift through it for ANY “activity”?
Snooping and US jurisdiction
Surely one answer is to use web hosting outside the jurisdiction of the US?
There are plenty of countries in Western Europe like Switzerland and Germany that respect human rights including prevention of mass surveillance. (UK excepted.)
I guess that every crime and the person who committed it HAVE to be punished and it’s a normal thing in the law country. Many crimes are connected with IT sphere, Internet, computers and that’s kinda logical in today’s digital world… Therefore, I pay sooo much attention to the web hosting! Quality hosting that can protect my website (i need website for business) from fraudsters is so important and difficult to find! By the way, here is DreamHost review and it’s kinda detail to understand everything about this web hosting company. I always check out reviews of the reputable experts before ordering something and paying money for it!
Hopefully they will find at least one item that could lead to arrests and prosecution of individual involved and the owners / managers of Dreamhost. Get rid of sites that support hate speech.