Feds tried to inflict year-long gag over data request from Signal chat app

© Issei Kato
The American Civil Liberties Union (ACLU) has released documents for a case against a year-long gag order that it fought and won over a federal subpoena demanding logs by two users on an encrypted chat app, Signal.

The subpoena was issued to Open Whisper Systems (OWS), as part of a federal grand jury proceeding in Eastern District of Virginia. It sought a vast array of information for two phone numbers from the company that created the chat app Signal, and involved data for two phone numbers.

Under the subpoena from the Justice Department, the company was asked to “provide any and all subscriber account information and any associated accounts to include subscriber name, address, telephone numbers, email addresses, method of payment, IP registration, IP history logs and addresses, account history, toll records, upstream and downstream providers, any associated accounts acquired through cookie data, and any other contact information from inception to the present for the following accounts.”

OWS was willing to comply with the data request, and only one of the phone numbers was associated with a Signal account. All it could provide were the dates and times for when the account was created, and when it last connected to Signal’s servers. But the company took exception to a year-long gag order and sought help from the ACLU.

The gag order, signed by a magistrate judge, cited knowledge of the “existence of the …subpoena will seriously jeopardize the investigation…giving targets an opportunity to feel or continue flight from prosecution.”

The ACLU said the gag order violated the First Amendment.

“To meet the stringent First Amendment standard, any gag must be justified by something much greater,” stated the ACLU. “The First Amendment requires that to close courtrooms or seal evidence – especially to prohibit a party from speaking publicly on a matter of public concern – the government demonstrate a compelling interest in secrecy, and it must apply that secrecy in the narrowest possible way. But instead, the government appears to seek blanket gag orders by default, without considering precisely what information can be disclosed without harm to its interests.”

The ACLU was able to get the government to back down and publish the subpoena requests ‒ although some areas have been redacted ‒ to “help illuminate just how much the exception has become the rule in American courtrooms and law enforcement. Indeed, that they are public at all is remarkable by itself.”

The ACLU said companies like Signal have dual roles as custodians of Americans’ private data and as necessary actors in the execution of government surveillance requests.

“These providers have a critical role to play and an indispensable perspective to share with the public about government surveillance practices,” the ACLU said.

The ACLU said the government routinely uses secrecy orders to shield information from the public when seeking information under many other authorities, including national security letters and the Electronic Communications Privacy Act (ECPA) but the government should only seek gag order to “protect truly sensitive information when, for example, it seeks to use malware in criminal investigations or obtain emails under ECPA.”

In a related case, a businessman won an 11-year court battle in 2015 over an FBI surveillance gag order that had been imposed under the Patriot Act.

Nicholas Merrill spent 11 years challenging its constitutionality. The FBI sent Merrill, who ran an internet service company, a National Security Letter requesting access to his customer’s records. Under the Patriot Act, he was prohibited from mentioning the letter, its contents and what it sought because of a possible threat to an investigation. The court ruled the government had violated his constitutional rights and marked the first time a gap order was lifted since the Patriot Act vastly expanded the FBI’s authority for warrantless spying in 2001.

Merrill never complied with the agency’s request for information and it eventually withdrew its NSL request, but Merrill decided to keep fighting the gag order.

The Electronic Frontier Foundation believes that about 300,000 such letters have been sent since the law was enacted in 2001.