“In the First Half of 2016” Signal Received an (Overbroad) Subpoena

This morning, the ACLU released a set of information associated with a subpoena served on Open Whisper Systems, the maker of Signal)\, for information associated with two phone numbers. As ACLU explained, OWS originally received the subpoena with a broad gag order. OWS was only able to turn over the account creation and last connection date for one of the phone numbers; the other account had no Signal account associated with it.

screen-shot-2016-10-04-at-7-31-15-am

But OWS also got ACLU to go challenge the gag associated with it, which led to the release of today’s information. All the specific data associated with the request is redacted (as reflected above), though ACLU was able to say the request was served on OWS in the first half of the year.

There are two interesting details of this. First, as OWS/ACLU noted in their response to the government, the government asked for far more information than they can obtain with a subpoena, including:

  • subscriber name
  • subscriber address
  • subscriber telephone numbers
  • subscriber email addresses
  • subscriber method of payment
  • subscriber IP registration
  • IP history logs and addresses
  • subscriber account history
  • subscriber toll records
  • upstream and downstream providers
  • any associated accounts acquired through cookie data
  • any other contact information from inception to the present

As OWS/ACLU noted,

OWS notes that not all of those types of information can be appropriately requested with a subpoena. Under ECPA, the government can use a subpoena to compel disclosure of information from an electro1lic communications service provider onJy if that information falls within the categories listed at 18 U.S.C. § 2703(c)(2). For other types of information, the government must obtain a court order or search warrant. OWS objects to use of the grand-jury subpoena to request information beyond what is authorized in Section 2703(c)(2).

I’ve got an email in with ACLU, but I believe ECPA would not permit the government to obtain the IP, cookie, and upstream/downstream information. Effectively, the government tried to do here what they have done with NSLs, obtain information beyond the subscriber and toll record information permitted by statute.

ACLU says this is “the only one ever received by OWS,” presumably meaning it is the only subpoena the company has obtained, but it notes the government has other ways of gagging compliance, including with NSLs (it doesn’t mention Section 215 orders, but that would be included as well).

I do wonder whether in the latter case — with a request for daily compliance under Section 215 — Signal might be able to turn over more information, given that they would know prospectively the government was seeking the information. That’s particularly worth asking given that the District that issued this subpoena — Eastern District of Virginia — is the one that specializes in hacking and other spying cases (and is managing the prosecution of Edward Snowden, who happens to use Signal), which means they’d have the ability to use NSLs or individualized 215 orders for many of their cases.

Update: Here’s a Chris Soghoian post from 2013 that deals with some, but not all, of the scope issues pertaining to text messaging.

image_print
4 replies
  1. martin says:

    It appears you’ve made it home safely. There for a while, I was worried the USG might drone you while overseas. After all, if Clinton wanted to murder Assange with a Drone after Cablegate, all bets are off
    quote“Can’t we just drone this guy?” Clinton openly inquired, offering a simple remedy to silence Assange and smother Wikileaks via a planned military drone strike, according to State Department sources.”unquote

    http://truepundit.com/under-intense-pressure-to-silence-wikileaks-secretary-of-state-hillary-clinton-proposed-drone-strike-on-julian-assange/

    ut oh. I’ve got $10 that says Clinton’s head is exploding about now. And another $10 that says today is gonna be a baaaaaaaaaaaaad day for her.

    Assassinating a private citizen.. for JOURNALISM???

    No wonder Assange is out to destroy her. And he’s about to do it too. Given this latest bombshell, I’d submit Clinton’s going to get a “expose’ ” MSM buttfuck pretty quick. They can’t possibly squelch what is coming. It’s too big.

    http://www.reuters.com/article/us-ecuador-
    sweden-assange-idUSKCN1240UG

  2. martin says:

    Moreover, I’ve got  that says, the USG subpoenaed  OWS in it’s effort to find Snowden.. and DRONE him at the first opportunity.  And another $10 that says it’s James Clapper who’ll order the kill button to be clicked.  After all…if the USG would stoop to murder a private citizen for ..ahem..journalism, then Snowden is a no brainer.

     

    No matter, the mere fact Clinton wanted to murder Assange via drone, is living proof the US has hit the bottom of the bloody cesspool.   But what’s really astounding, is Obama claiming he’s “trying” to make it “harder” for a future President to wage continuous, Drone murder.

    https://theintercept.com/2016/10/03/obama-worries-future-presidents-will-wage-perpetual-covert-drone-war/#comment-290563

     

    right. By campaigning on behalf of a wannabe Drone murderer.

    sheeezus.  You can’t make this shit up.

     

  3. SpaceLifeForm says:

    More retro-cover.

    http://mobile.reuters.com/article/idUSKCN1241YT

    By Joseph Menn | SAN FRANCISCO
    Yahoo Inc last year secretly built a custom software program to search all of its customers’ incoming emails for specific information provided by U.S. intelligence officials, according to people familiar with the matter.

    The company complied with a classified U.S. government directive, scanning hundreds of millions of Yahoo Mail accounts at the behest of the National Security Agency or FBI, said two former employees and a third person apprised of the events.

    Yahoo in 2007 had fought a FISA demand that it conduct searches on specific email accounts without a court-approved warrant. Details of the case remain sealed, but a partially redacted published opinion showed Yahoo’s challenge was unsuccessful.

    [No, legal did not want to fight it. Whimps.
    Like I previously mentioned, Yahoo has been
    hacked for over ten years. This story has to
    do with Yahoo tightening up security post ES.
    The earlier backdoors stopped working]

    And read the article about how the security IT
    people were kept out of the loop and why the
    CISO resigned.

Comments are closed.