Yottabytes: Storage and Disaster Recovery

Aug 16 2017   11:36PM GMT

Dreamhost Fights DoJ Inauguration Warrants — All 1.3 Million

Sharon Fisher Sharon Fisher Profile: Sharon Fisher

Tags:
government
privacy
Security

As you may recall, in February we covered the question of how many search warrants the government could legally expect to serve on Facebook at once, given that the company felt that the 381 it had received was too many.

“For example, could the government get a warrant for everyone who posted on Facebook that they had attended the Women’s March so it could arrest them or put them in some sort of database?” we asked presciently.

Little did we know.

As it turns out, the Department of Justice is asking the web hosting company Dreamhost to provide information about every visitor to a particular website, www.disruptj20.org, which was intended to help organize protests at the inauguration of President Donald Trump. Some 230 people, including six journalists, were arrested. (“J20” referred to January 20, the date of the inauguration.) But the DoJ is asking for information on all 1.3 million visitors to the website.

And it is asking for a lot of information: “names, addresses, telephone numbers and other identifiers, e-mail addresses, business information, the length of service (including start date), means and source of payment for services (including any credit card or bank account number), and information about any domain name registration,” as well as the content each person viewed.

In other words, even if you simply visited the website once, didn’t post any information, and didn’t attend any protests, the government would now have your information. Incidentally, disruptj20 did not keep logs of this data itself, but Dreamhost did, according to NPR.

So, just by virtue of researching this story, I’m now on this list. Twice.

“No plausible explanation exists for a search warrant of this breadth, other than to cast a digital dragnet as broadly as possible,” writes Mark Rumold of the Electronic Frontier Foundation, which is helping Dreamhost with its defense. “But the Fourth Amendment was designed to prohibit fishing expeditions like this. Those concerns are especially relevant here, where DOJ is investigating a website that served as a hub for the planning and exercise of First Amendment-protected activities.” The organization is also helping Facebook fight a similar request for information, but doesn’t even know whether it’s also about the inauguration, because of a gag order.

Dreamhost, which spilled the beans on all this on August 14 , is fighting the warrant on First and Fourth Amendment grounds, saying it is “overbroad.”

You think?

A hearing is scheduled for Friday.

Interestingly, the DoJ sent out its warrant on July 12. For an event on January 20? It doesn’t necessarily mean that the DoJ attorneys are slow, though they have been fighting with Dreamhost about this data since a week after the inauguration. The Electronic Communications Privacy Act Stored Communications Act changes the rules at 180 days. “Under the ECPA, emails on a server for more than 180 days is considered ‘abandoned’ by users and can be accessed through a subpoena instead of a search warrant,” explains Ryan Reilly in the Huffington Post. To what degree that is actually a factor here is hard to tell, because many of the outlets reporting on this aren’t technical enough to say. But it’s interesting timing.

The DoJ made its initial request, a subpoena and an order to preserve records, on January 27. However, Dreamhost, perhaps disingenuously, didn’t understand what the government was actually asking for. “Within three weeks of service of the subpoena, DreamHost produced its records responsive to these categories,” the company writes. “In its correspondence accompanying the production, DreamHost’s General Counsel made clear that he understood the subpoena was directed to records regarding the registrant, and not records regarding third party visitors to the website.”

Dreamhost also points out in its response that the request is more like a subpoena than a search warrant, because “it requires DreamHost itself to execute the warrant and provide the responsive records to the government.” The company also notes that the information the government is asking for is really more like evidence of a violation than a violation itself, despite how the warrant is worded.

It also isn’t clear exactly what the DoJ is trying to find out, or if it’s simply going on a fishing expedition, because that part of the warrant is sealed. But assuming it gets away with this request, it is making its requests for Microsoft data overseas look like child’s play. If companies can be forced to provide this much data about every single visitor to its customers’ websites, no matter how innocent, this could have a seriously chilling effect on, well, everything.

2  Comments on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.
  • spintreebob
    So how many of us will vote for the libertarian in the 2018 primaries?
    60 pointsBadges:
    report
  • Sharon Fisher
    oh, like that'll help, spintreebob...
    9,065 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: