From EFF’s Secret Files: Anatomy of a Bogus Subpoena

Electronic Frontier FoundationFrom the Electronic Frontier Foundation: Can the U.S. government secretly subpoena the IP address of every visitor to a political website? No, but that didn’t stop it from trying.

In a report released today, EFF Senior Staff Attorney Kevin Bankston tells the story of a bogus federal subpoena issued to independent news site Indymedia.us, and how the site fought back with EFF’s help. Declan McCullagh at CBSNews.com also has the story.

The report describes how, earlier this year, U.S. attorneys issued a federal grand jury subpoena to Indymedia.us administrator Kristina Clair demanding “all IP traffic to and from www.indymedia.us” for a particular date, potentially identifying every person who visited any news story on the Indymedia site. As the report explains, this overbroad demand for internet records not only violated federal privacy law but also violated Clair’s First Amendment rights, by ordering her not to disclose the existence of the subpoena without a U.S. attorney’s permission.

Because Indymedia follows EFF’s Best Practices for Online Service Providers and does not keep historical IP logs, there was no information for Indymedia to hand over, and the government withdrew the subpoena. However, as the report describes, that wasn’t the end of the tale: Ms. Clair wanted EFF to be able to tell the story of the subpoena and shine a light on the government’s illegal demand, yet the subpoena ordered silence. Under pressure from EFF, the government admitted that the subpoena’s gag order had no legal basis, and ultimately chose not to go to court to try to force Ms. Clair’s silence despite earlier threats to do so.

This story is an an important example of how government abuses breed in secrecy, and an argument for Congress to step in and require meaningful reporting about how the government uses its surveillance authorities. How often does the government attempt such illegal fishing expeditions through internet data? How many online service providers have received similarly bogus demands, and handed over how much data, violating how many internet users’ privacy? How many of those subpoena recipients have been intimidated into silence by unconstitutional gag orders?

We don’t know. And until Congress exerts stronger oversight, we can’t know, except in those occasional instances where a brave online service provider steps up, pushes back, and tells the world. We encourage other online service providers to follow the example of Indymedia.us and Kristina Clair by standing up for their users’ rights when the government secretly overreaches. If you’re an ISP, a web host, an email provider, an app developer, a Web 2.0 start-up or any other kind of online service provider and you receive a government demand for your users’ data, please call a lawyer. If you don’t have a lawyer, call EFF.

Related Posts

LinuxBSDos.com is now on Facebook I never thought it'd happen, but it just did. LinuxBSDos.com is now on Facebook! It's not something I wanted, but the realities of the market pl...
Smart appliances, including a refrigerator, used in an IoT-based spam attack A report by Proofpoint Inc., a security-as-a-service provider, has revealed a spam attack that involved so-called Internet of Things, everyday devices...
New MCUs from TI bring Haptics to the fingertips of Joe Developer Texas Instruments has announced the release of a new MSP430TCH5E haptics-enabled microcontrollers. The microcontrollers allow any developer to "add...
Introducing the Open Web Foundation Agreement The Open Web Foundation was founded to help developer communities collaborate and share technical innovation on the web, bringing to the world of form...
$49 Android PC’s ROM, kernel and bootloader released It has just been announced that the ROM, kernel and bootloader for the APC (Android PC) are now available for public download. The APC is an initiativ...
Joli OS is being discontinued Joli OS is being discontinued. That the latest news about Joli OS, a desktop distribution that has since been replaced with a browser-based platfor...

We Recommend These Vendors and Free Offers

ContainerizeThis 2016 is a free, 2-day conference for all things containers and big data. Featured, will be presentations and free, hands-on workshops. Learn more at ContainerizeThis.com

Launch an SSD VPS in Europe, USA, Asia & Australia on Vultr's KVM-based Cloud platform starting at $5:00/month (15 GB SSD, 768 MB of RAM).

Deploy an SSD Cloud server in 55 seconds on DigitalOcean. Built for developers and starting at $5:00/month (20 GB SSD, 512 MB of RAM).

Want to become an expert ethical hacker and penetration tester? Request your free video training course of Online Penetration Testing and Ethical Hacking

Whether you're new to Linux or are a Linux guru, you can learn a lot more about the Linux kernel by requesting your free ebook of Linux Kernel In A Nutshell.


Leave a Comment

Your email address will not be published. Required fields are marked *

*