Reddit Removes NSL Warrant Canary from Transparency Report

Reddit has removed a warrant canary from its latest transparency report, indicating it has received its first National Security Letter.

Reddit’s latest transparency report is missing a nugget of information that was present in a previous report.

Last year’s report included a warrant canary which stated that as of Jan. 29, 2015, Reddit had never received a National Security Letter, Foreign Intelligence Surveillance Court order or classified order for user data.

“If we ever received such a request, we would seek to let the public know it existed,” Reddit said in last year’s report.

This year’s report includes no such notice, indicating that Reddit has since been served with such an order from the U.S. government.

A request for comment to Reddit’s press contact went unanswered prior to publication.

National Security Letters are government subpoenas requesting data from an organization for national security purposes. They are accompanied by a gag order preventing the recipient from disclosing they’ve received such an order.

NSLs have been until fairly recently shrouded in secrecy. They are law enforcement’s and government’s most powerful tool to compel companies such as technology and service providers to turn over a broad range of user data. In December, a NSL recipient who ran an ISP in 2004 was legally cleared to publicly reveal the contents of his NSL attachment.

Nicholas Merrill, owner of Calyx, fought his NSL in court for more than a decade before a judge ruled in his favor that the FBI had not demonstrated that disclosing the contents of the attachment would cause “enumerated harm.”

The unredacted attachment was published and showed that the FBI sought detailed personal subscriber information including browser history, IP addresses the subscriber connected to, six months of online purchase history, email addresses, screen names and online aliases associated with a user’s account. The FBI also sought a radius log, which includes cell tower-based tracking information.

Reddit’s transparency report is published annually and the organization said that there was a 78 percent increase in the number of U.S. and foreign requests for disclosures. In total, Reddit received 98 requests for user information impacting 142 accounts; Reddit complied in 60 percent of cases.

Foreign requests shot up to 21 from five in 2014; Reddit complied in 71 percent of those requests.

Reddit for the first time received content removal orders (53) from governments outside the U.S. and said it complied in 21 percent of those requests.

“Although Reddit is a United States based company, we exercise our discretion to block content from being accessed by users in certain countries, where necessary to comply with local law, to preserve the existence of Reddit in those countries,” Reddit said in its report. “When we receive an order for removal of content, we review it to determine whether it violates local law, and, if so, we may block the content from being accessed by the users in that country.”

Russia has the most requests (39) where all but one were requests for the removal of content related to the development, manufacture and use of illegal drugs. Reddit said the content was blocked from Russian IPs.

Suggested articles

RSA conference 2019

RSA Conference 2019 Recap

From privacy to patches, Threatpost editors discuss the biggest infosec news and trends that they saw this week at RSA Conference 2019.

Discussion

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.