DOJ Subpoenas Twitter About Popehat, Dissent Doe And Others Over A Smiley Emoji Tweet

from the our-tax-dollars-at-work dept

So, here’s a fun one. Back in May, the Justice Department — apparently lacking anything better to do with its time — sent a subpoena to Twitter, demanding a whole bunch of information on a five Twitter users, including a few names that regular Techdirt readers may be familiar with:

If you can’t see that, it’s a subpoena asking for information on the following five Twitter users: @dawg8u (“Mike Honcho”), @abtnatural (“Virgil”), @Popehat (Ken White), @associatesmind (Keith Lee) and @PogoWasRight (Dissent Doe). I’m pretty sure we’ve talked about three of those five in previous Techdirt posts. Either way, they’re folks who are quite active in legal/privacy issues on Twitter.

And what info does the DOJ want on them? Well, basically everything:

  1. Names (including subscriber names, user names, and screen names);
  2. Addresses (including mailing addresses, residential addresses, business addresses, and e-mail addresses);
  3. Records of session times and durations, and the temporarily assigned network addresses (such as Internet Protocol (“IP”) addresses) associated with those sessions;
  4. Length of service (including start date) and types of service utilized;
  5. Telephone or instrument numbers (including MAC addresses, Electronic Serial Numbers (“ESN”), Mobile Electronic Identity Numbers (“MEIN”), Mobile Equipment Identifier (“MEID”), Mobile Identification Numbers (“MIN”), Subscriber Identity Modules (“SIM”), Mobile Subscriber Integrated Services Digital Network Numbers (“MSISDND”), International Mobile Subscriber Identifier (“IMSI”), or International Mobile Equipment Identities (“IMEI”));
  6. Other subscriber numbers or identities, or associated accounts (including the registration Internet Protocol (“IP”) address);
  7. Means and source of payment for such service (including any credit card or bank account number) and billing records.

That’s a fair bit of information. Why the hell would the DOJ want all that? Would you believe it appears to be over a single tweet from someone to each of those five individuals that consists entirely of a smiley face? I wish I was kidding. Here’s the tweet and then I’ll get into the somewhat convoluted back story. The tweet is up as I write this, but here’s a screenshot in case it disappears:

And, just to make it clear, here are all the users “in the conversation” on that tweet (since Twitter now buries at least some of that information):

You’ll note that all of the names are the same names as listed in the subpoena above (as a point of clarification, the four users listed below were already in the conversation, so their metadata gets swept along, and then the tweeter, Justin Shafer, is also adding in @PogoWasRight to the conversation).

So, who is Justin Shafer, and what the hell is all of this about? Buckle up, because it’ll take a bit of background to get around to this tweet (and, yes, it will still feel very, very, stupid that this subpoena was ever issued). First up: Justin Shafer is a security researcher, who has some history spotting bad encryption. Go back to 2013 and he had spotted a weak not really “encryption” standard put out by Faircom. Once it was called out as weak, vulnerable and not really encryption, Faircom rebranded it from the “Faircom Standard Encryption” to “Data Camouflage” since the reporting by Shafer showed that it wasn’t really encryption at all — but just a weak attempt at obfuscation.

Fast forward to late 2013, when a dentist named Rob Meaglia alerted some of his patients that a computer was stolen from his offices with “medical records and dental insurance information.” But, Dr. Meaglia told his patients that the records system they were using, Dentrix, made by a company called Henry Schein, Inc., had all of that data encrypted. Except it appeared that Dentrix was actually using Faircom’s “Data Camouflage” and not actual encryption. And, as that link notes, Henry Schein, Inc. had been informed of this problem months earlier, around the time Faircom admitted it wasn’t actual encryption.

In May of 2016, the FTC announced a settlement with Henry Schein, Inc. over the claim that it “falsely advertised the level of encryption it provided to protect patient data.” Kudos to Justin Shafer.

But, literally days later, the FBI was raiding Justin Shafer’s home and taking all of his computers. This was not specifically about the Harry Schein case, but since Shafer had continued to investigate poor data security practices involving dentists, he’d come across an FTP server operated by another dental software company, Patterson Dental, which makes “Eaglesoft,” a dental practice management software product. Shafer had discovered an openly available anonymous FTP server with patient data. Shafer did the right thing as a security researcher, and alerted Patterson. However, rather than thanking Shafer for discovering the server they had left with patient data exposed, Patterson Dental argued that Shafer had violated the CFAA in accessing the open anonymous FTP server. Hence the FBI raid.

Not surprisingly, Shafer was none too pleased with the FBI’s decision to raid his home and take all of his electronics. In particular, it appears he was especially annoyed with FBI Special Agent Nathan Hopp (who he initially believed was actually Nathan “Hawk.”)

Fast forward to March of this year, to an entirely different story: the FBI arresting John Rivello for “assaulting” journalist Kurt Eichenwald with a tweet. If you follow Techdirt related stuff, you probably remember that whole story. Lots of people, including us, posted the criminal complaint that was put together by one Nathan Hopp, a special agent at the FBI.

It appears that the Rivello arrest and subsequent news coverage suddenly alerted Shafer to the fact that “Nathan Hawk” was actually “Nathan Hopp” and Shafer began a bit of an open source “investigation” on Twitter. I wouldn’t necessarily call the following tweets “smart,” but Shafer, finally aware of the FBI agent who lead the raid on his house, started trying to find any public info on Hopp — and his family. Now, searching out his family isn’t great. But it does appear that he was just looking up publicly available information:

At this point, the FBI decided to start protecting its own. Seeing as the guy whose home the FBI had ridiculously raided a year earlier was now tweeting some info about one of its special agents, the FBI started putting together a new criminal complaint arguing that all of the tweets above amounted to “Cyber Stalking” under 18 USC 2216A. This seems like a huge stretch, because that law requires “intent to kill, injure, harass, intimidate, or place under surveillance….”

Either way, about the time all of this was happening, Ken “Popehat” White had started another Twitter thread about the Rivello arrest, leading Virgil and Keith Lee to respond about the criminal complaint, eventually leading Mike Honcho to note “Nathan Hopp is the least busy FBI agent of all time.” It is to that tweet that Shafer replies with his smiley emoji and adds or cc’s, Dissent Doe to the conversation:

And that takes us to 10 days later, when a new criminal complaint against Shafer is issued*, arguing that those tweets were criminal Cyber Stalking. And because part of that included his smiley emoji in response to the Popehat thread/Honcho tweet, the DOJ felt it necessary to issue a subpoena demanding basically all info on those 5 Twitter users (including Popehat, a former Assistant US Attorney whose info is pretty easy to find on Google). Perhaps the FBI somehow thinks that Shafer was really behind those other accounts or something — but anyone with even the slightest level of competence should realize that’s unlikely — and that’s got nothing to do with anything here anyway.

* As an aside, look closely at that criminal complaint against Shafer. I have no idea why but it appears that the FBI/DOJ is so clueless that rather than submitting the final complaint, they actually submitted the copy showing the “comments” on the Word doc they were using to prepare the complaint — which shows two comments that both suggest the FBI is well aware that this complaint is weak sauce and probably doesn’t meet the standard under the law… but this story is crazy enough without spending too much time on that.

Twitter is apparently fighting back against this subpoena. And even though it was issued back in May, a few days ago, the company alerted the individuals that the DOJ was demanding info on. Dissent Doe has already stated publicly a plan to move to quash the subpoena as well, and I wouldn’t be surprised to see the others named take similar steps.

But, really, take a step back and everything about this situation is crazy. Going after Shafer the first time was crazy. Going after him again for supposed “Cyber Stalking” over a few harmless tweets was clearly just the FBI trying to protect its own from being embarrassed online. Then, to subpoena a ton of info on 5 totally unrelated Twitter users… just because Shafer tweeted a smiley face emoticon at them? What the fuck is the DOJ up to? Doesn’t Assistant US Attorney Douglas Gardner, who signed the subpoena, have better things to do with his time, like going after actual criminals, rather than harassing people for tweeting?

Filed Under: , , , , , , , , , , , , , , , ,
Companies: henry schein, patterson dental, twitter

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “DOJ Subpoenas Twitter About Popehat, Dissent Doe And Others Over A Smiley Emoji Tweet”

Subscribe: RSS Leave a comment
Anonymous Coward says:

"So, here's a fun one."???

Your idea of “fun” varies from mine. This is just dull.

However, since apparently real criminal investigation with possible penalty here, I doubly don’t see it as “fun”. So it’s likely that you’re just gleeful at having a “safe” topic, meaning one in which you’ve no stake.

Anonymous Coward says:

Re: "So, here's a fun one."???

How is it dull to report that, not only is FBI Special Agent Nathan Hopp unable to differentiate between a Good Samaritan reporting a vulnerability and a massively incompetent Black Hat hacker, but that Assistant US Attorney Douglas Gardner has nothing better to do than harass Twitter and its users for one of those users repeating public information, for several of those users being seemingly innocent bystanders to the innocent reposting of that public information, and that at least some of those innocent bystanders are more easily found by looking up their voluntarily published contact information than by sending a subpoena to Twitter? The “Your-tax-dollars-at-work” department seems extremely apt here. If these are the people the public is paying to uphold the law, we’re clearly paying too much and it’s amazing we don’t have more unpunished lawlessness.

Anonymous Coward says:

Not surprisingly, Shafer was none too pleased with the FBI’s decision to raid his home and take all of his electronics. In, particular, it appears he was especially annoyed with FBI Special Agent Nathan Hopp[.]

Shafer began a bit of an open source "investigation" on Twitter. I wouldn’t necessarily call the following tweets "smart," but Shafer, finally aware of the FBI agent who lead the raid on his house, started trying to find any public info on Hopp — and his family.

Perhaps if Mr. Shafer hadn’t been robbed at badgepoint on baseless grounds, he would have spent this time on more productive matters, hunting subtle vulnerabilities that threaten people’s security instead of digging up easily discovered public information.

Personanongrata says:

Oink, Oink

Doesn’t Assistant US Attorney Douglas Gardner, who signed the subpoena, have better things to do with his time, like going after actual criminals, rather than harassing people for tweeting?

going after actual criminals is hard work.

harassing people for tweeting while feeding at the public trough is fun.

Anonymous Coward says:

So basically, if a hacker or hacker group contacts a security researcher in order to communicate the legitimacy of the threat their extortion demands present, the security researcher is automatically suspected by the FBI of being a co-conspirator, albeit an inept one who freely alerts the FBI to the nature of the threat…

By that logic, the newspapers who received letters from the Zodiac killers were accomplices.

Anonymous Coward says:


I’m wondering how Ken White will respond to this. On one hand, I’m sure he could write a truly epic motion to have the subpoena squashed. On the other hand, almost all the information they asked for as it relates him, can be found on Google within a few minutes. So can you quash a subpoena for information that is already public?

Could Twitter just bill the government an amount similar to what the FBI would charge for an equivalent FOIA request? If so, Twitter could make bank on these things.

rsteinmetz says:

Re: Re: WWKD

IANAL but one option is to file a Federal Civil Rights Law Suit alleging the FBI and USA are acting “under color of authority” to deprive several people of their civil rights under various amendments of the U S Constitution, the First and Fourth come to mind, but I’m sure there are others.

While Mr. Shafer might be portrayed to a naive Grand Jury as some nefarious “hacker”, they would have a hard time pulling that with Ken “PopeHat” White and his all star team of dancing ponies, considering his work as an AUSA, his criminal defense practice, first amendment advocacy and his authorship of numerous articles in the MSM.

Anonymous Coward says:


“Could Twitter just bill the government an amount similar to what the FBI would charge for an equivalent FOIA request?”

I don’t know about federal law, but in my state, I’ve served subpoenas that come with a check for a few dollars, maybe like $5. You’re not exactly going to “make bank” on them.

Peter (profile) says:

Third Party Doctrine

How weird! Whenever us underlings are concerned, the DOJ insists that anything accessible to any third party whatsoever is in the public domain and up for grabs to whoever wants it.

How come they suddenly change their view when one of their own is concerned? Even if the allegations are correct, Shafer has done nothing but make publicly available information, well, a bit more public. How can anyone believing in the Third Party Doctrince take issue with that?

Anonymous Coward says:

This isn’t about the law, this is about fucking with someone who questioned them.

They see someone collecting information on an agent (which is fucking with them) and they fuck with them back. Of course, when the government fucks with you, it usually isn’t very proportional to how much you can fuck with the government.

That Anonymous Coward (profile) says:

‘Merika where if you call out stupid actions by your betters we’ll rain down a wave of law like you’ve never seen.

So the story as I see it so far…
Skippy the wonder agent decided he had this awesome slam-dunk case to earn him a gold star.
People then noticed that Skippy was out of his fscking mind.
Skippy then decided that gifs were actually WMD’s.
People comment on case 2 & Skippy get the bright idea that an emoji WMD is just as dangerous & decides to go on the attack.

Skippy isn’t very bright, is he.
Perhaps pissing off a former AUSA with a large platform wasn’t very smart.
I do wonder how this will look on Assistant US Attorney Douglas Gardner record, signing off on the thinnest complaint ever & taking a swing at lawyers.

Yeah our protectors aren’t inept keystone cops, the keystone cops actually had detailed plans for their stunts.

Matthew Cline (profile) says:

Re: Where's the smirk, Ken?

What exactly is your beef with Ken White?

Anyone here ever play dominoes? Fun game.

The internet version is even more fun!

So you think the info that the feds will get about/from Ken will point to other people, which will in turn point to other people, and so on? That Ken is involved with multiple people in some sort of conspiracy? If so, what is that conspiracy?

Darrell Pruitt (profile) says:

Justin Shafer

As a friend of Justin, he shared with me his suspicion of FBI Special Agent Nathan Hopp’s (or Hawk’s) perceived vendetta as it was happening. I responded, “What an asshole.” And that was enough to warrant an unannounced visit to my dental office by two agents, whose questions indicated to me that they really didn’t have a clue about the case they were prosecuting. I think they were disappointed that I actually didn’t assist Justin in identifying Hopp, that I have nothing to do with TheDarkOverlord, and that no money had been exchanged between Justin and me… Thus went an hour of my life which I’ll never regain – Not to mention that my first patient waited in my dental chair for an hour while I was asked pointless questions. I was even warned by one of the agents that “‘I don’t know’ will only go so far.” But it is the damn truth.

That One Guy (profile) says:

Re: Justin Shafer

I was even warned by one of the agents that "‘I don’t know’ will only go so far." But it is the damn truth.

Ah good old inquisition tactics, where a plea of innocence is merely a sign that you need a little ‘persuasion’ to admit your ‘true’ guilt.

Nice of them to confirm your original stance like that though.

Anonymous Coward says:

Re: Justin Shafer

I was even warned by one of the agents that "’I don’t know’ will only go so far."

Why did your attorney advise you to say one word to the FBI at all?

I can maybe understand why you felt uncomfortable with “Please leave, you’re trespassing.” But saying something like “It’s x:xx o’clock in the morning” ?

JustMe (profile) says:

Back on Eichenwald

Since I don’t see it mentioned in this discussion why did you quote assaulting up in the Rivello/Eichenwald paragraph, Mike? The dude knew Eichenwald has epilepsy, intentionally constructed a tweet designed to cause a seizure, then sent it to Eichenwald. Rivello is guilty as hell of assault and I am certain he will be convicted. Here’s why:

(copying highlights from the NYTimes here) Rivello wrote in that message “YOU DESERVE A SEIZURE FOR YOUR POSTS”. He also sent direct messages to other Twitter users about Mr. Eichenwald, including one that read, “I hope this sends him into a seizure.” and “I know he has epilepsy.” Investigators also found a screenshot on Rivello’s digital accounts Mr. Eichenwald’s Wikipedia page that had been altered to show a fake date of death of Dec. 16, 2016, the day after the strobe light attack.

Thad (user link) says:

Re: Back on Eichenwald

All that’s addressed in Mike’s previous article on the subject, which he links in that same sentence.

I can’t speak for why he used quotation marks but I’m going to guess that it wasn’t sarcasm but merely the acknowledgement that this is an unusual, if not unprecedented, application of the term “assault”. Not that it’s legally inaccurate, but that it’s certainly not the first example anyone would think of on hearing that word.

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...