Open Whisper Systems, the non-profit group behind the encrypted messaging app Signal, was served with a subpoena for user data earlier this year but since the company keeps such little information on its users, it was unable to produce most of what it was asked for.
The American Civil Liberties Union, which represented the company in court, shared transcripts from the subpoena and other court documents on Tuesday, including a gag order it was able to get lifted.
This is the only data we had and were forced to turn over. We'll make all future government requests available here: https://t.co/SVZqTrdEsg pic.twitter.com/zd27UR4x8E
— Open Whisper Systems (@whispersystems) October 4, 2016
Neither the ACLU nor OWS could confirm exactly when it received the subpoena, only that it came in the first half of this year and from the the U.S. District Court for the Eastern District of Virginia. The order, part of a federal grand jury proceeding, asked for records on two individuals – only one of which had a Signal account.
According to the subpoena, the government asked for reams of information, such as the user’s name, address, telephone number, any information the company might have about their toll records, upstream and downstream providers, any accounts Signal may have acquired through cookie data.
OWS complied with the order but was only able to provide limited information on the other individual, including the time the account was created and the date they last connected to Signal’s servers.
The only information Signal requires to setup an account is a user’s phone number; the service doesn’t record user conversations, nor does it store information about users’ contacts or any metadata. The group’s hands were tied as to what it could provide in the first place because it said it couldn’t produce information it didn’t have.
The most interesting part of the whole exchange is the ACLU’s fight it made against the government’s gag order, imposed by Magistrate Judge Theresa C. Buchanan, public.
In a letter to the attorney, ACLU staff attorney Brett Max Kaufman calls the order unconstitutional, and not “narrowly tailored to a compelling government interest.”
“The proper role, scope, and limits of government surveillance are quintessential matters of public concern under the First Amendment, and electronic service providers—who have dual roles as custodians of Americans’ private data and as necessary actors in the execution of government surveillance requests—have a critical role to play, and perspective to share publicly, about government surveillance practices,” Kaufman wrote.
The government responded to OWS and the ACLU, and allowed them to publish a copy of the redacted order and related documents, in a superseding order filed last Thursday.
In an ACLU blog post Tuesday morning, Kaufman called the gag “overbroad” and the latest “secrecy overreach” by the government. Kaufman goes on and makes light of the government’s apparent inclination to issue blanket gag orders by default, “without considering precisely what information can be disclosed without harm to its interests.”
Fighting the gag, previously slated to last a year, helped highlight the government’s inherent secrecy, Kaufman said.
“The fact that the government didn’t put up too much of a fight suggests that secrecy—and not transparency—has become a governmental default when it comes to demands for our electronic information, and critically, not everyone has the resources or the ability to work with the ACLU to challenge it,” Kaufman wrote.
OWS said that going forward it will publish transcripts of communication it has around government requests for data in a new section of their site.
The fact that Open Whisper Systems was able to fight the order, win, and publish transcripts around the case is a rarity; companies infrequently disclose when they receive such letters, let alone their contents. The majority of National Security Letters sent from the FBI usually contain a gag order forbidding a company to discuss the contents of the letter unless it’s with an attorney.
Over the last few years, many tech companies have asked the government for the ability to be more transparent when they receive NSLs asking for customer data. In this post Snowden-world, many firms publish semi-annual transparency reports regarding requests, such as subpoenas, they receive from law enforcement and the U.S. government. Yahoo became one of the first companies to disclose the redacted contents of a NSL when it published three letters it received earlier this summer.
The news of Open Whisper Systems’ grand jury subpoena comes just a few days after five members of congress argued in a briefing (.PDF) that the way the FBI handles gag orders is unconstitutional. The main argument of the briefing, filed by Marcia Hofmann – now an attorney at Zeitgeist Law PC, formerly of the Electronic Frontier Foundation is that procedures currently in place for reviewing and terminating NSL nondisclosure orders violate the USA FREEDOM Act. The document was signed off by U.S Representatives Zoe Lofgren (D-Calif.), James Sensenbrenner (R-Wisc.), John Conyers (D-Mich.), Anna Eshoo (D-Calif.), and Ted Poe (R-Texas).