Feds Gagged Encrypted Communications Firm Open Whisper Systems Over Massively Overbroad Subpoena

from the and-then-backed-down dept

This morning the ACLU announced that it had convinced the government to remove a ridiculous gag order on a subpoena that had been sent to Open Whisper Systems, the makers of the popular Signal encrypted messaging app, and whose encrypted communication protocol is used by many others, including WhatsApp, Facebook and Google for their encrypted messaging offerings. It's not that surprising that a grand jury would issue a subpoena to Open Whisper Systems demanding "subscriber name, address, telephone numbers, email addresses, method of payment, IP registration, IP history logs and addresses, account history, toll records, upstream and downstream providers, any associated accounts acquired through cookie data, and any other contact information from inception to the present" for certain accounts being investigated. But, of course, Open Whisper Systems has basically none of that data. It "complied" with the subpoena to the extent that it could, which is basically that the only information it has is when the account was created and the last time it was accessed:
As Marcy Wheeler rightly points out, the request itself is way too broad, covering information that the government is not allowed to ask for under ECPA (Electronic Communications Privacy Act). But, it's not like the government feels it needs to follow its own laws anyway...

The really concerning part about this, however, is that the subpoena came with an unnecessary and likely unconstitutional gag order. The gag order was, at least, bounded. After years of the DOJ issuing gag orders with no end date, at least this one was limited to one year. However, as the ACLU pointed out, a gag order needs to meet a pretty high bar to get over the fairly large First Amendment hurdle. And this one did not do that:
A magistrate judge signed the gag order, citing “reason to believe that notification of the existence of the . . . subpoena will seriously jeopardize the investigation [under prosecution by the grand jury], including by giving targets an opportunity to flee or continue flight from prosecution, destroy or tamper with evidence, change patterns of behavior, or notify confederates.”

Of course, those risks could be real, and the government’s need for secrecy in law enforcement investigations cannot be dismissed outright. But that general interest applies in virtually every criminal investigation, including those involving the public execution of search warrants. To meet the stringent First Amendment standard, any gag must be justified by something much greater. The First Amendment requires that to close courtrooms or seal evidence—and especially to prohibit a party from speaking publicly on a matter of public concern—the government demonstrate a compelling interest in secrecy, and it must apply that secrecy in the narrowest possible way. But instead, the government appears to seek blanket gag orders by default, without considering precisely what information can be disclosed without harm to its interests.
Open Whisper Systems went to the ACLU. The ACLU reached out to the government with a friendlier version of "WTF?" -- and the government basically backed down immediately, more or less admitting that the gag order was bogus:

To its credit, the government quickly agreed with us that most of the information under seal could be publicly disclosed. But the fact that the government didn't put up too much of a fight suggests that secrecy—and not transparency—has become a governmental default when it comes to demands for our electronic information, and critically, not everyone has the resources or the ability to work with the ACLU to challenge it.

OWS immediately recognized that even though the government required some secrecy over the subpoena, it did not need, nor could it justify, total secrecy. So OWS came to us, and we went to the government, which agreed to reverse its original demand for secrecy—and now OWS’s customers and the broader public can see for themselves just how wildly overbroad the government’s gag order was from the jump. And while this—the only one ever received by OWS—is now public, there are many more like it, hiding in the filing cabinets in the U.S. attorney’s offices across the country.

Of course, this leaves the big open question implied by the ACLU's statement above: how many other companies have also received unconstitutional gag orders, and simply complied? The larger tech companies have gotten much better (in the post-Snowden era) of pushing back against such gag orders, but for smaller companies it's likely that many are just complying, because they don't have either the resources or knowledge that this kind of thing is not actually allowed.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: 1st amendment, encrypted communications, encryption, gag order, signal, subpoena
Companies: aclu, open whisper systems

Reader Comments

Subscribe: RSS

View by: Thread

  • icon
    Ninja (profile), 4 Oct 2016 @ 10:00am

    And encryption prevented the abuse of the overly broad subpoena. Note this is the US, supposedly the land of the free (at least nominally). Remember this could happen elsewhere where at least nominally there's no free in the land.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 4 Oct 2016 @ 10:19am

    The more the government get to peer into people lives by gathering data, the more protective it becomes of its own data. Could it be they realize just how much they can work out about what people are doing from the data that they gather, and do not wish the people to do the same to them?.

    reply to this | link to this | view in chronology ]

  • This comment has been flagged by the community. Click here to show it
    Anonymous Coward, 4 Oct 2016 @ 10:47am

    "..Of course, those risks could be real, and the government’s need for secrecy in law enforcement investigations cannot be dismissed outright.."

    Behold, the jew-paint shifts another shade darker. Perhaps it wont be noticed (NOT).

    Fuck you, and fuck the government.

    reply to this | link to this | view in chronology ]

  • identicon
    John Mayor, 4 Oct 2016 @ 11:06pm


    Yes!... and it's a sad state of affairs!
    Please!... no emails!
    P.S.: we need a better "ICT learning curve model"!... and rather, than our "ad hoc", and "hit and miss" approach to countless ICT issues!

    reply to this | link to this | view in chronology ]

  • icon
    That Anonymous Coward (profile), 5 Oct 2016 @ 12:56am

    The truly sad thing is most of these are misused.
    They are trying to find the insider threats & imagined boogeymen they were told stories about.
    While they rush though the secret courts & secret laws none of these courts have asked them to show their work.
    Imagine if a Judge who signed 100 overly broad orders demanded follow up information and discovered that 99 of them were pointless fishing trips on a hunch and the 1 good one was them finding someone who said something unkind about Comey.

    reply to this | link to this | view in chronology ]

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here

Subscribe to the Techdirt Daily newsletter

Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)


Add A Reply

Have a Techdirt Account? Sign in now. Want one? Register here

Subscribe to the Techdirt Daily newsletter

Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Special Affiliate Offer

Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat

Warning: include(/home/beta6/deploy/itasca_20201215-3691-c395/includes/right_column/rc_promo_discord_chat.inc): failed to open stream: No such file or directory in /home/beta6/deploy/itasca_20201215-3691-c395/includes/right_column/rc_module_promo.inc on line 8

Warning: include(): Failed opening '/home/beta6/deploy/itasca_20201215-3691-c395/includes/right_column/rc_promo_discord_chat.inc' for inclusion (include_path='.:/usr/share/pear:/home/beta6/deploy/itasca_20201215-3691-c395:/home/beta6/deploy/itasca_20201215-3691-c395/..') in /home/beta6/deploy/itasca_20201215-3691-c395/includes/right_column/rc_module_promo.inc on line 8

Warning: include(/home/beta6/deploy/itasca_20201215-3691-c395/includes/right_column/rc_promo_jq_chat.inc): failed to open stream: No such file or directory in /home/beta6/deploy/itasca_20201215-3691-c395/includes/right_column/rc_module_promo.inc on line 8

Warning: include(): Failed opening '/home/beta6/deploy/itasca_20201215-3691-c395/includes/right_column/rc_promo_jq_chat.inc' for inclusion (include_path='.:/usr/share/pear:/home/beta6/deploy/itasca_20201215-3691-c395:/home/beta6/deploy/itasca_20201215-3691-c395/..') in /home/beta6/deploy/itasca_20201215-3691-c395/includes/right_column/rc_module_promo.inc on line 8
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it

Email This

This feature is only available to registered users. Register or sign in to use it.