From EFF’s Secret Files: Anatomy of a Bogus Subpoena

Electronic Frontier FoundationFrom the Electronic Frontier Foundation: Can the U.S. government secretly subpoena the IP address of every visitor to a political website? No, but that didn’t stop it from trying.

In a report released today, EFF Senior Staff Attorney Kevin Bankston tells the story of a bogus federal subpoena issued to independent news site Indymedia.us, and how the site fought back with EFF’s help. Declan McCullagh at CBSNews.com also has the story.

The report describes how, earlier this year, U.S. attorneys issued a federal grand jury subpoena to Indymedia.us administrator Kristina Clair demanding “all IP traffic to and from www.indymedia.us” for a particular date, potentially identifying every person who visited any news story on the Indymedia site. As the report explains, this overbroad demand for internet records not only violated federal privacy law but also violated Clair’s First Amendment rights, by ordering her not to disclose the existence of the subpoena without a U.S. attorney’s permission.

Because Indymedia follows EFF’s Best Practices for Online Service Providers and does not keep historical IP logs, there was no information for Indymedia to hand over, and the government withdrew the subpoena. However, as the report describes, that wasn’t the end of the tale: Ms. Clair wanted EFF to be able to tell the story of the subpoena and shine a light on the government’s illegal demand, yet the subpoena ordered silence. Under pressure from EFF, the government admitted that the subpoena’s gag order had no legal basis, and ultimately chose not to go to court to try to force Ms. Clair’s silence despite earlier threats to do so.

This story is an an important example of how government abuses breed in secrecy, and an argument for Congress to step in and require meaningful reporting about how the government uses its surveillance authorities. How often does the government attempt such illegal fishing expeditions through internet data? How many online service providers have received similarly bogus demands, and handed over how much data, violating how many internet users’ privacy? How many of those subpoena recipients have been intimidated into silence by unconstitutional gag orders?

We don’t know. And until Congress exerts stronger oversight, we can’t know, except in those occasional instances where a brave online service provider steps up, pushes back, and tells the world. We encourage other online service providers to follow the example of Indymedia.us and Kristina Clair by standing up for their users’ rights when the government secretly overreaches. If you’re an ISP, a web host, an email provider, an app developer, a Web 2.0 start-up or any other kind of online service provider and you receive a government demand for your users’ data, please call a lawyer. If you don’t have a lawyer, call EFF.

Related Posts

Mozilla is phasing out SHA-1 based signature algorithms Mozilla's Security Engineering Team has announced that they are proactively phasing out the SHA-1 based signature algorithms for digital certificates,...
Internet monitoring system to publish tools as open source An Estonian government project to safeguard the country's Internet infrastructure will publish some of the tools it is developing as open source, usin...
Crowdfunding Piwik 2.0 Piwik is a Free Software Web analytics application. If you run a website, it is what you use when you do not want to use Google Analytics or any other...
NVIDIA SHIELD: Android game console, with Tegra 4 inside It's been in beta mode since it was announced back in January, but now, the NVIDIA SHIELD is ready for prime time. Or at least, you can pre-order it n...
Container Security with SELinux and CoreOS At CoreOS, running containers securely is a number one priority. We recently landed a number of features that are helping make CoreOS Linux a trusted ...
Using Decision Trees to predict infant birth weights In this article, I will show you how to use decision trees to predict whether the birth weights of infants will be low or not. We will use the birthwt...

We Recommend These Vendors and Free Offers

Launch an SSD VPS in Europe, USA, Asia & Australia on Vultr's KVM-based Cloud platform starting at $5:00/month (15 GB SSD, 768 MB of RAM).

Deploy an SSD Cloud server in 55 seconds on DigitalOcean. Built for developers and starting at $5:00/month (20 GB SSD, 512 MB of RAM).

Want to become an expert ethical hacker and penetration tester? Request your free video training course of Online Penetration Testing and Ethical Hacking

Whether you're new to Linux or are a Linux guru, you can learn a lot more about the Linux kernel by requesting your free ebook of Linux Kernel In A Nutshell.


Leave a Comment

Your email address will not be published. Required fields are marked *

*