Monday, March 26, 2012

Federal judge: Google free to tell user about mysterious gov requests, likely related to Wikileaks

Summary

In two 1-page orders issued today, a Federal judge in Virginia has (for a second time) ruled that Google is permitted to tell a customer (and only that customer) about two mysterious surveillance orders -- a 2703(d) order and a search warrant -- issued in June, 2011 for records (likely including communications content) associated with their Google account.

While Google is only permitted to notify the subscriber that was the subject of surveillance, that person is permitted to tell anyone else they wish, should they wish to do so.

Background

One month ago, a federal judge published two (pdf) orders (pdf) [hereafter the February 2012 orders], related to two previously secret surveillance orders obtained in June, 2011 by the government seeking data about a Google subscriber. In the two February 2012 orders, the judge ruled that Google could tell the user about the earlier surveillance orders.

Soon after, the government filed a motion with the court, seeking to clarify whether Google could tell any person about the orders, or merely the impacted user.

In the two orders issued today, the judge seems to have been convinced by the government's clarifying motion. Thus, in 14 days (unless the government appeals), Google will be free to tell the impacted user (and no one else) about the June 2011 surveillance orders.

This may involve Wikileaks

When Jeff Rollins at PaidContent first highlighted the existence of these two mysterious court orders, he suggested that they might be related to the Megaupload investigation. The Megaupload connection was mere speculation on his part (as he acknowledged), as there simply isn't anything solid in those two brief court orders that identifies a particular target.

However, for the reasons I outline below, I believe that these surveillance orders are actually related to the investigation of to Wikileaks.

First, in one of the February 2012 orders (page 2), the judge noted that "[t]he existence of the investigation in issue and the government’s wide use of § 2703(d) orders and other investigative tools has been widely publicized now."

The only high-profile federal investigation that I can think of in recent times involving 2703(d) orders is the government's investigation of individuals associated with Wikileaks. That is, while the Megaupload indictment was also filed in the Eastern District of Virginia, there has been little publicity surrounding the actual investigative legal instruments used in the case.

Specifically, I've not seen any published media report indicating that a 2703(d) order was used in that investigation. In contrast, the 2703(d) order issued to Twitter as part of the Wikileaks investigation has itself been a major story, as have the (failed) efforts of the ACLU, EFF and others to quash the order.

In December 2010, a judge from the same court issued a 2703(d) order to Twitter, forcing the company to disclose information about several users associated with Wikileaks. A month later, the Twitter judge agreed to unseal that order, allowing Twitter to notify the impacted individuals. Once existence of the surveillance order was made public, the media went crazy.

The Wall Street Journal later revealed that Google and California broadband provider Sonic had received similar requests as part of the same investigation. At the time of the WSJ report, those surveillance orders remained sealed.

Second, one persistent rumor in Washington DC over the past year has been that one of the main reasons DOJ has cited justifying the continued sealing of the Wikileaks/Google/Sonic orders is a fear of harassment from the Internet community directed at the prosecutors involved in the case.

As the WSJ revealed earlier this year, the address of Tracy Doherty McCormick, the prosecutor whose name was on the original Twitter order "was spread online, and the person's email account [tracy.mccormick@usdoj.gov] was subscribed to a pornography site." According to the unnamed officials quoted by the WSJ, she was also "bombarded with harassing phone calls."

The WSJ also reported that fear of similar harassment led "the government to take the rare step of keeping officials' names out of news releases and public statements when the government shut down the website Megaupload.com." It is likely that similar fears were the reason that no prosecutors names were listed in the recently published Lulzsec indictments.

Why do I mention this? Well, the two orders issued by the judge today specifically state that Google may share a copy of the 2703(d) order and search warrant with the impacted subscriber, but that the email address and name of the attesting official must be redacted first.

This suggests that someone at DOJ has told the judge they are fearful of retaliation from the Internet community -- thus also suggesting that this surveillance is related to a high-profile investigation of a target to whom Anonymous and other Internet activists may feel some sympathy. While this certainly could be the Megaupload case, I'd be willing to bet a few dollars that this involves Wikileaks.

2 comments:

Anonymous said...

Guess the proverb : Birds of a feather... applies in this study of tweets, chirps and birdsong on Twitter. Govt also using guilt by association on social media as guiding principle?

Anonymous said...

I'd bet on the possibility of a sealed surv order (bell canada) on a friend ... whoops, not repeat not a friend of mine. An acquaintance only.