On the DreamHost Warrant

You’ve probably already read about DOJ’s expansive request for information on the website Disrupt J20 via a warrant served on its host, DreamHost. The information the government has asked for would cover the browsing records of 1.3 million visitors to the Disrupt site. After DOJ served the warrant on July 14, DreamHost challenged it. On July 28, DOJ asked a court to force DreamHost to turn over the records. On Friday, DreamHost responded, laying out why they believed the request to be overly broad. DreamHost’s post on the challenge yesterday has generated a good deal of coverage.

Before I get to the breadth of the request, consider the background. The demand comes in the context of DOJ’s efforts to prosecute 200 people who participated in protests on inauguration day. While there was definitely violent destruction associated with the protests, there have been numerous reports of entirely peaceful protestors being included in the 200, including journalists.

The timing and the urgency with which DOJ is seeking the information (see the emails included in this filing) make me wonder whether this is a desperate attempt to sustain another overly broad effort, to prosecute both peaceful and violent protestors of the President. Is DOJ preparing to argue that people who accessed information via Disrupt J20, which it has associated with “a riot,” must themselves be rioters?

Note, too, that among the information DOJ will receive if this warrant is honored, is information posted on the site on how people charged might seek legal help, including emails pertaining to that section of the site. In other words, DOJ is seeking, in part, information on how people it has charged will respond to being charged (though I’m not claiming this amounts to attorney-client privilege).

It’s against that background that the breadth question gets interesting, in my opinion.

Orin Kerr argues that the warrant may not be problematic because the second step of the search would provide particularity — a focus on actual rioters — after DreamHost has turned over the information.

[I]t’s not obvious to me whether the warrant is problematic. Attachment B tells Dreamhost to turn over records to the government relating to “each account and identifier listed in Attachment A.” Notably, Attachment A doesn’t list any specific user accounts: It just lists the specific website. So the warrant seems to be telling Dreamhost to turn over pretty much everything it has on that website. I understand this to be Dreamhost’s objection. Dreamhost thinks the warrant should only require it to hand over specific records about specific users.

What makes this tricky, I think, is that Dreamhost is only involved in the initial search stage of a two-stage warrant. Computer warrants are ordinarily executed in two stages. First, the government gets access to all the electronic records. Next, the government searches through the records for the particularly described evidence. Courts have broadly allowed the government to follow this two-step procedure, in which they get all the stuff in the initial stage of electronic evidence warrants so that they can search it for the relevant evidence. Given that, Dreamhost’s objection is slightly off. As I read it, Dreamhost is essentially challenging the widely accepted two-stage warrant practice. Some federal magistrate judges in the “magistrate’s revolt” have made that argument, but they generally have been overruled at the district court level.

But DreamHost argues that the description of that second stage doesn’t provide particularity at all, not least because after laying out some seeming limiting language, the warrant then asks for “files, databases, and database records” — that is, everything.

The Search Warrant’s description of the things to be seized does not pass the particularity test. It defines what is to be seized in three ways. First, it is information that “constitutes fruits, evidence, and instrumentalities of violations of” the rioting statute “involving the individuals who participated, planed [sic], organized, or incited the January 20 riot.” Second, the information “relat[es] to the development, publishing, advertisement, access, use, administration or maintenance of” the website. Third, the information to be seized includes “files, databases, and database records.” Yet, describing the information to be seized as evidence of a crime “involving” unnamed participants in the crime does not provide any meaningful specificity. Compare Apple, 13 F. Supp. 3d at 161 (description of things to be seized identified the information as “involving any or all of the following: [individuals and entities . . .]”). Limiting the information seized to that “relating to” the “publishing” or “use” of the website also lacks the required specificity, since practically any conceivable information about a web site is related to its publishing or use. Similarly, even if the use of the term “including” after the preceding broad description imposed some limit on the information to be seized, which it does not, limiting the seizure to electronic “files, databases, and database records” is no limit at all. Finally, the lack of a date range alone fails the specificity test. See Microsoft, 212 F. Supp. 3d at 1036 (“In cases in which courts have either denied a search warrant for the entirety of an email account or suppressed evidence based on an overbroad search warrant, the warrants lacked particularity, for example, in identifying a specified date range . . . .”).

Paul Ohm raises a number of interesting points in this thread, ultimately arguing that the warrant should go to the site administrators, not to DreamHost.

This is less like a warrant to Gmail and more like one to Amazon Web Services. The warrant should go to the site admins, not @DreamHost

He also notes that the only reason the entire database for this period is intact is because the government got a preservation order using a 2703(f) preservation letter, which didn’t require any due process.

I want to add just one more point to this.

The breadth of this request is the kind of thing the government does in the national security context — they did with the phone and Internet dragnet, and probably intend to do more of if and when they get the right to obtain Electronic Communications Transaction Records via an NSL. The prosecutor, John Borchert, has prosecuted NSD cases in the past. As such, it’s worth asking whether DOJ is really treating this “riot” as a national security case, with even further chill on those who actually just protested (or in the case of journalists, reported on a protest). The debate on whether or not obtaining all the search records for a site is overbroad may well constrain what the government can do, in secret, in the name of national security.

10 replies
  1. bloopie2 says:

    Does the legal issue here any similarity to the Lavabit email server business?  As I recall, they wanted his encryption key so that they could read everyone’s email as a way to find one particular person’s (Snowden’s) email.

    • SpaceLifeForm says:

      That was targeted.
      This is a fishing expedition.
      And they want DreamHost to provide the ship, the bait, and especially the fish.

      Maybe cocktails and hookers too.

  2. earlofhuntingdon says:

    Pity that Jeff Sessions’s DoJ has no other matters to work on besides giving the president a political blowjob by attempting to intimidate and prosecute those who organized to protest his election – and who dared suggest it was not the most attended, biggest, bestest, brightest inaugural ever.

  3. earlofhuntingdon says:

    OT, on the Trumpian meltdown, it won’t surprise many here.

    It demonstrates that the president’s apologists are pushing a rope.

    It also reminds us that we should stop looking to the White House for moral and personal leadership; we should instead look in our own backyards.

  4. earlofhuntingdon says:

    As for the vehemence in today’s Trumpian meltdown, I think it has several roots:

    1. It’s always all about Donald. Circumstances, facts, histories, emotional or political needs only affect those aware of them, which excludes Donald.

    2. Donald can never be wrong, the sky would fall.

    3. When Donald is wrong, no one should dare point it out to him.

    4. When Donald is wrong, it must always be someone else’s fault, preferably an innocent, which makes the distraction more delicious. Steve Bannon must be feeling the love about now.

    5. Donald never apologizes, perfunctorily or with meaning, regardless of how urgent the need (see rule one). It would make him look weak, a line he would have learned from his father, but that would be more familiar to admirers of Leroy Jethro Gibbs. Even Gibbs makes exceptions. But Donald has trouble with black and white, he can’t rely on himself to learn or apply exceptions, so he doesn’t.

    6. When in doubt, attack, which makes Donald right.

    7. It’s all about Donald.

    • greengiant says:

      Look outside the rationality bubble and beware alt-Reich followers.  Donald is making hay turning them into brainless blood thirsty adrenaline junkies who think they are being attacked.

  5. earlofhuntingdon says:

    I agree that Donald is a multi-purpose bigot, and has much he agrees about with David Duke, his daughter and son-in-law’s religion notwithstanding.  (Even Dick Cheney made exceptions in his bigotry when it came to family members, but, as with most things, Donald is in a league of his own.)  But most Donald events are about Donald.  His horizon almost reaches the end of his tie.

Comments are closed.