from the tough-situations dept
Shawn Sims points us to the interesting story of how the popular electronics company Sparkfun publicly explained how it dealt with a very broad subpoena demanding all sales information on sales made to addresses in Georgia over a six month period. The reasoning was that a Sparkfun device was found as a part of a credit card skimmer device.
Sparkfun CEO Nate Seidle explains that the subpoena came after an initial call requesting the same info, where the company politely refused to provide the info, noting its support of the privacy rights of its consumers. As Seidle noted, no one supports card skimming, but there are issues of principle here:
I want to be very clear: creating devices that steal credit card numbers are illegal and cause pain for a lot of people. We know our parts can be used for good or for evil. We have zero tolerance for those who use them for evil. I will offer our technical services to any law enforcement that may need help reverse engineering a device. It is obvious the law enforcement agency is requesting this information to put a stop to this activity. However, I also believe strongly in the right to privacy and the protection of personal data.After talking to their lawyers, and realizing that you don't have to fully comply with a subpoena -- but also that a subpoena can turn into a warrant which you do have to comply with -- the company worked with the law enforcement to try to limit the type of information requested, and eventually came to a compromise:
This is a tough position to be in -- and you can certainly argue that the company could have (or perhaps should have) continued to fight the subpoena. But in the end, it's likely that it would have to turn over the info eventually no matter what. At the very least, you have to respect the company for being totally transparent and open about what happened and why (and how Seidle personally felt). Plenty of other companies would hand over the data and then never discuss the issue publicly ever.
Please read the subpoena carefully. The request for 'all orders' seemed like they were casting a very wide net without cause. Discussing this issue with our counsel and working with the law enforcement agency, we agreed to obtain the orders that had the product on it, not all orders as required by the subpoena. This ended up being about 20 orders. In my opinion, one order is too much information. While I believe this legal process protects us all from wrong doing, turning over any piece of data goes against every fiber in my being. But without any further legal options, I made the decision to turn over the sub set of data.
I want everyone to know that we take your data and privacy extremely seriously. We guard it with the highest levels of security and confidentiality. If we are legally forced to turn over data, we promise you we will work with the law enforcement agency to do everything in our power to limit the amount of information released.