Feds Gagged Encrypted Communications Firm Open Whisper Systems Over Massively Overbroad Subpoena

from the and-then-backed-down dept

This morning the ACLU announced that it had convinced the government to remove a ridiculous gag order on a subpoena that had been sent to Open Whisper Systems, the makers of the popular Signal encrypted messaging app, and whose encrypted communication protocol is used by many others, including WhatsApp, Facebook and Google for their encrypted messaging offerings. It's not that surprising that a grand jury would issue a subpoena to Open Whisper Systems demanding "subscriber name, address, telephone numbers, email addresses, method of payment, IP registration, IP history logs and addresses, account history, toll records, upstream and downstream providers, any associated accounts acquired through cookie data, and any other contact information from inception to the present" for certain accounts being investigated. But, of course, Open Whisper Systems has basically none of that data. It "complied" with the subpoena to the extent that it could, which is basically that the only information it has is when the account was created and the last time it was accessed:
As Marcy Wheeler rightly points out, the request itself is way too broad, covering information that the government is not allowed to ask for under ECPA (Electronic Communications Privacy Act). But, it's not like the government feels it needs to follow its own laws anyway...

The really concerning part about this, however, is that the subpoena came with an unnecessary and likely unconstitutional gag order. The gag order was, at least, bounded. After years of the DOJ issuing gag orders with no end date, at least this one was limited to one year. However, as the ACLU pointed out, a gag order needs to meet a pretty high bar to get over the fairly large First Amendment hurdle. And this one did not do that:
A magistrate judge signed the gag order, citing “reason to believe that notification of the existence of the . . . subpoena will seriously jeopardize the investigation [under prosecution by the grand jury], including by giving targets an opportunity to flee or continue flight from prosecution, destroy or tamper with evidence, change patterns of behavior, or notify confederates.”

Of course, those risks could be real, and the government’s need for secrecy in law enforcement investigations cannot be dismissed outright. But that general interest applies in virtually every criminal investigation, including those involving the public execution of search warrants. To meet the stringent First Amendment standard, any gag must be justified by something much greater. The First Amendment requires that to close courtrooms or seal evidence—and especially to prohibit a party from speaking publicly on a matter of public concern—the government demonstrate a compelling interest in secrecy, and it must apply that secrecy in the narrowest possible way. But instead, the government appears to seek blanket gag orders by default, without considering precisely what information can be disclosed without harm to its interests.
Open Whisper Systems went to the ACLU. The ACLU reached out to the government with a friendlier version of "WTF?" -- and the government basically backed down immediately, more or less admitting that the gag order was bogus:

To its credit, the government quickly agreed with us that most of the information under seal could be publicly disclosed. But the fact that the government didn't put up too much of a fight suggests that secrecy—and not transparency—has become a governmental default when it comes to demands for our electronic information, and critically, not everyone has the resources or the ability to work with the ACLU to challenge it.

OWS immediately recognized that even though the government required some secrecy over the subpoena, it did not need, nor could it justify, total secrecy. So OWS came to us, and we went to the government, which agreed to reverse its original demand for secrecy—and now OWS’s customers and the broader public can see for themselves just how wildly overbroad the government’s gag order was from the jump. And while this—the only one ever received by OWS—is now public, there are many more like it, hiding in the filing cabinets in the U.S. attorney’s offices across the country.

Of course, this leaves the big open question implied by the ACLU's statement above: how many other companies have also received unconstitutional gag orders, and simply complied? The larger tech companies have gotten much better (in the post-Snowden era) of pushing back against such gag orders, but for smaller companies it's likely that many are just complying, because they don't have either the resources or knowledge that this kind of thing is not actually allowed.

Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    Ninja (profile), 4 Oct 2016 @ 10:00am

    And encryption prevented the abuse of the overly broad subpoena. Note this is the US, supposedly the land of the free (at least nominally). Remember this could happen elsewhere where at least nominally there's no free in the land.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 4 Oct 2016 @ 10:19am

    The more the government get to peer into people lives by gathering data, the more protective it becomes of its own data. Could it be they realize just how much they can work out about what people are doing from the data that they gather, and do not wish the people to do the same to them?.

    reply to this | link to this | view in chronology ]

  • This comment has been flagged by the community. Click here to show it
    identicon
    Anonymous Coward, 4 Oct 2016 @ 10:47am

    "..Of course, those risks could be real, and the government’s need for secrecy in law enforcement investigations cannot be dismissed outright.."

    Behold, the jew-paint shifts another shade darker. Perhaps it wont be noticed (NOT).

    Fuck you, and fuck the government.

    reply to this | link to this | view in chronology ]

  • identicon
    John Mayor, 4 Oct 2016 @ 11:06pm

    OUR ICT LEARNING CURVE

    Yes!... and it's a sad state of affairs!
    .
    Please!... no emails!
    .
    P.S.: we need a better "ICT learning curve model"!... and rather, than our "ad hoc", and "hit and miss" approach to countless ICT issues!

    reply to this | link to this | view in chronology ]

  • icon
    That Anonymous Coward (profile), 5 Oct 2016 @ 12:56am

    The truly sad thing is most of these are misused.
    They are trying to find the insider threats & imagined boogeymen they were told stories about.
    While they rush though the secret courts & secret laws none of these courts have asked them to show their work.
    Imagine if a Judge who signed 100 overly broad orders demanded follow up information and discovered that 99 of them were pointless fishing trips on a hunch and the 1 good one was them finding someone who said something unkind about Comey.

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Insider Shop - Show Your Support!

Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.