FBI drops subpoena to identify readers of USA Today article about shootout with agents
Feds, facing pushback over constitutional concerns, say they no longer need the data after all
The FBI on Saturday withdrew a subpoena issued to USA Today's parent company Gannett in April to find out who read an online news story published in February about a shootout that led to the deaths of two FBI agents and the wounding of three others.
The subpoena, challenged by Gannett [PDF], sought the IP addresses, user agent strings, and other device identifiers (ESN, MEIN, MEID, SIM, MSISDN, IMSI, IMEI, MAC address, and phone numbers), with accompanying date and time stamps, for anyone who read this story about the Sunrise, Florida shooting during a 35-minute window between 0003 UTC and 0038 UTC on February 3, 2021.
The article described how an FBI operation went awry a day earlier when two agents were shot and killed and three other agents were wounded while serving a warrant in a child exploitation investigation.
An FBI spokesperson told The Register in an email that the subpoena was withdrawn because the agency no longer needed the reader information.
"The administrative subpoena was issued in connection with a child exploitation investigation and was limited to subscriber-related information in a narrow time window," the FBI spokesperson said. "It did not seek any communications records of journalists. The subpoena is being withdrawn because intervening investigative developments have rendered it unnecessary."
This is just us speculating here, but it could be that the FBI was monitoring certain people or a person online without knowing who they were exactly, but knew they potentially read the above news article in that 35-minute window, and sought to discover their IP address and any other identifying information.
Sophia Cope, staff attorney for the Electronic Frontier Foundation, told The Register in a phone interview that this is not the first such attempt to gather broadly targeted data in this manner. But clearly, she said, it's not very common.
She pointed to the US Justice Department's 2017 demand that Dreamhost turn over 1.3m IP addresses and other personal details associated with visitors to the disruptj20.org website (which Dreamhost, with the help of the EFF, opposed and avoided).
She also noted that in 1998, independent counsel Ken Starr subpoenaed two Washington DC bookstores seeking details about 16 book purchases made by Monica Lewinsky, in order to corroborate her statements related to the investigation of President Clinton. Legal challenges by the two bookstores were dropped after Lewinsky agreed to provide Starr with the information.
- Apple sent my data to the FBI, says boss of controversial research paper trove Sci-Hub
- Microsoft received almost 25,000 requests for consumer data from law enforcement over the past six months
- Thought the FBI were the only ones able to unlock encrypted phones? Pretty much every US cop can get the job done
- Report: Aussie biz Azimuth cracked San Bernardino shooter’s iPhone, ending Apple-FBI privacy standoff
Cope said that the USA Today subpoena raises First Amendment concerns for online readers.
"The Supreme Court has acknowledged that people have a First Amendment right to access and receive information and to have privacy in doing so," she said.
And the subpoena also implicates the First Amendment rights of the press. The Justice Department, she said, has a policy for obtaining information from the press.
The government guidelines say that when legal processes like subpoenas or warrants are issued to the press, she said, they're supposed to be a last resort, because the information isn't available from any other source.
"The fact that this was withdrawn after the government found who they were looking for through other avenues shows that the government violated their own policies," said Cope.
There are, however, no practical consequences for ignoring these guidelines, she said.
Change at the top
At the same time, President Biden appears to be more willing to respect government guidelines for press interaction than the previous occupant of the White House.
On Friday, the New York Times reported that the Justice Department, in an effort that began under the Trump administration and continued on into the Biden administration, tried to obtain the email logs of four New York Times reporters from Google to identify sources for their stories.
After it emerged that the DoJ in March had issued a gag order to prevent newspaper executives from discussing the matter, the Biden administration on Saturday issued a statement that the White House had been unaware of the effort and disagreed with it.
"While the White House does not intervene in criminal investigations, the issuing of subpoenas for the records of reporters in leak investigations is not consistent with the President’s policy direction to the Department [of Justice], and the Department of Justice has reconfirmed it will not be used moving forward," said Press Secretary Jen Psaki. ®
- Black Hat
- Common Vulnerability Scoring System
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- Digital certificate
- Identity Theft
- Kenna Security
- Palo Alto Networks
- Privacy Sandbox
- Privacy Shield
- Trusted Platform Module
- Zero trust