On 14 August 2017, the web hosting company DreamHost announced through their blog that the Department of Justice had sent them a search warrant on 12 July asking for information about visitors to the web site disruptj20.org. The web site, which is explicitly anti-Trump, helped organize protests of his inauguration.
This warrant was the latest effort by the Department of Justice to compel the company to turn over information about disruptj20.org. The department first issued a grand jury subpoena in January 2017 for information about the owner of the site.
While DreamHost says that they complied with the earlier subpoena, the July warrant requests — in the company’s words — “all information available to us about this website, its owner, and, more importantly, its visitors”. DreamHost published a complete copy of the July warrant, saying that their legal team “has taken issue with this particular search warrant for being a highly untargeted demand that chills free association and the right of free speech afforded by the Constitution.”
The warrant allows the government to “seize” information from DreamHost that brings to light any evidence implicating people potentially involved in criminal activity associated with inauguration protests, including:
“HTTP request and error logs”;
“SSH, FTP or telnet logs showing connections related to the website”;
“Any other transactional information including records of session times and durations, log files, dates and times of connecting, methods of connecting, and ports”;
Databases containing email addresses associated with activity on the site.
In response to the warrant, DreamHost filed a counter motion against the Justice Department with the legal help of Electronic Frontier Foundation (EFF), a nonprofit dedicated to internet privacy protection. In that document, DreamHost essentially asks the government to narrow the request because, in their view, it is unconstitutionally broad:
The government’s search warrant […] requires [DreamHost] to turn over every piece of information it has about every visitor to a website expressing political views concerning the current administration. […] In essence, the Search Warrant not only aims to identify the political dissidents of the current administration, but attempts to identify and understand what content each of these dissidents viewed on the website.
The Search Warrant also includes a demand that DreamHost disclose the content of all e-mail inquiries and comments submitted from numerous private e-mail accounts and prompted by the website, all through a single sweeping warrant.
Specifically, the counter motion argues that the warrant is so broad that it violates the Fourth Amendment (which prohibits unreasonable searches and seizures), the First Amendment (which protects, among other things, a citizen’s right to free speech and free assembly), and the Privacy Protection Act. The EFF argues that the potential risks to a person’s First Amendment rights are significant enough to require a higher level of specificity (legally termed “particular exactitude”) to be considered constitutional under the search requirements of the Fourth Amendment:
The Search Warrant cannot survive scrutiny under the heightened particular exactitude standard required by the presence of the First Amendment issues. It fails to identify with the required particularity what will be seized by the government.
It also fails to provide DreamHost with any assurance that the government will return or destroy the large portion of the information irrelevant to the government’s criminal case or cases. These features render the Search Warrant unreasonable under the Fourth Amendment.
In addition, the Search Warrant violates the privacy protections of the Privacy Protection Act, a statute enacted specifically to address such instances, and is without a jurisdictional basis.
Albert Gidari, Director of Privacy for the Center for Internet and Society at Stanford Law School, told us he agrees with the EFF’s argument:
Asking for metadata on everyone that visits a particular website implicates more than just the particularity required by the 4th Amendment. It implicates the 1st Amendment rights of anyone that visited the site.
The [government] is obligated in such cases to ensure that they are using the least intrusive means of obtaining whatever evidence they are searching for. […] On the face of it […] this kind of warrant is overbroad.
He told us that warrants this broad are rare, and they are often later narrowed by the courts:
In the many years I represented online providers in responding to such requests, I’ve seen very few such warrants, and when the warrants were challenged, the courts narrowed or delimited them.
But Jennifer Granick, a former Director of Civil Liberties in the same Stanford center as well as a former director of the EFF’s civil liberty division, told us it’s hard to know for sure how common this phenomenon is:
The truth is we don’t know how often this kind of abuse happens. Sometimes the provider pushes back and comes to a deal with the investigators. A further subset of those times, the provider has to challenge it in court. Not generally for subpoenas, but for other kinds of legal process seeking this type of information, the government routinely gets a gag order which prevents the provider from disclosing the problem, and any court litigation is sealed. This secrecy hides the full truth from the public.
Bill Miller, a representative for the U.S. Attorney’s Office for the District of Columbia, told us “we have no comment beyond our filing”, and that a hearing on DreamHost’s counter motion was scheduled 18 August 2017.
In a subsequent e-mail, he told us that the hearing has now been postponed to an unspecified later date.
On 21 August 2017, the Department of Justice announced that the hearing would be held on 24 August 2017 and, in an amended filing, stated that they did not intend for the request to be broad:
“The government has no interest in records relating to the 1.3 million IP addresses that are mentioned in DreamHost’s numerous press releases and Opposition brief […]
In a post on their blog, DreamHost described the amended filing as a win for internet privacy:
We see this as a huge win for Internet privacy, and we absolutely appreciate the DOJ’s willingness to look at and reconsider both the scope and the depth of their original request for records. That’s all we asked them to do in the first place, honestly.
On 24 August 2017, Judge Robert Morin of the DC Superior Court delivered a setback to DreamHost, allowing the collection of “a wide-ranging set of records from the company, which will now include emails for users who signed up for an account associated with the website, organizers’ membership lists and emails of third parties who sent messages to disruptj20.org account users, among other information.”
A lawyer for DreamHost suggested during the hearing that the company may appeal the ruling.