US Justice Department Compels Anti-Trump Protest Site to Turn Over Data on Over A Million Visitors [UPDATED]

Posted on August 16, 2017

UPDATE (8/25/17): New reports on DreamHost’s challenge to the federal search warrant targeting, this time reported by The Intercept, reveal that while the Department of Justice stands by its decision to drop its order for DreamHost to submit the IP addresses of the site’s 1.3 million visitors, it will still proceed with the rest of its warrant including, in particular, a request for a list of group members and corresponding email addresses retained by the site. After DreamHost’s challenge to the warrant as initially filed, DC Superior Court judge Robert Morin ruled that the court would oversee the execution of the warrant by ordering that any records disclosed to the Justice Department which were not subsequently deemed relevant to its prosecution to be sealed, and thus made unavailable to other government agencies. 

It is certainly encouraging that Judge Morin is sensitive to the tendency of federal government agencies to liberally share obtained records with other agencies to avoid surveillance and intelligence gathering restrictions, it is nevertheless concerning that the court has consented to allow the Justice Department to demand what amounts to a membership roster for an overwhelmingly peaceful (and lawful) dissident political group. Raymond Aghaian, legal counsel for DreamHost, remarked on exactly this, and expressed further alarm that it was pursued with a single legal order, saying “What they’ve done here is essentially obtained a general warrant.” The site data which the warrant will ultimately compel the site to disclose still has yet to be settled, as DreamHost is likely to continue its challenge to the warrant, but as it stands, the order as the court has upheld is worryingly broad.

UPDATE (8/23/17): The Guardian has since reported that the Justice Department has voluntarily withdrawn its bulk request for IP address data on 1.3 million visitors to, modifying the execution of its search warrant to exclude the acquisition of IP addresses as well as media and pages not published on the site. Prosecutors in the case stated that they did not intend for the warrant to target this now-exempt data, and that they will proceed in executing the remainder of their warrant.

While many activists and free speech advocates have hailed this as a significant victory for First Amendment and digital freedoms, others have expressed grave skepticism. In an Ars Technica article on the revised warrant, lawyer and civil rights advocate Paul Allen Levy remarked that, as the original warrant application explicitly lists “HTTP requests and error logs,” the Justice Department’s claim that it never intended to seek IP address and other personal information should be viewed as extremely dubious. Moreover, civil libertarians unsettled by the federal government’s apparent efforts to cast a chilling pall over dissident free speech still have reason for concern–the prosecutors’ statement in a court filing notes that “the website was not just a means to publicly disseminate information (as many websites are designed to do), but was also used to coordinate and to privately communicate among a focused group of people whose intent included planned violence.”

* * *

A new piece from The Guardian reports that the US Department of Justice has issued a warrant forcing an anti-Trump protest website to hand over sensitive data on 1.3 million of its visitors. Issued in conjunction with the ongoing prosecution on felony riot charges of 212 protesters arrested in Washington DC on January 20, 2017, the search warrant compels the site’s hosting provider, DreamHost, to disclose records on the IP addresses of 1.3 million visitors to the site, The warrant also orders DreamHost to supply the personal information uploaded or submitted via forms, such as contact information and even photos, for thousands of visitors. Since revealing the reception of the search warrant, DreamHost has announced that it will contest the warrant in court on the grounds that it is not clearly relevant to the investigation of which it is a part, and that it constitutes a punitive move against peaceful demonstrators exercising their constitutional free speech rights.  

Given the nature of the data requested, the Justice Department search warrant targeting records on participants in largely peaceful First Amendment demonstrations is both shockingly broad and unsettlingly invasive. An IP address can be used to geo-locate the internet-connected device assigned to it and, by extension, the device’s owner. And because internet service providers (ISPs) keep records on which IP addresses have been assigned to which customers at which times, if users browsing a website visited while connected to their home network, an ISP could pair the IP address with the customer record and, thus, identify individual visitors. 

Combined with other data included as part of the search warrant, Trump Justice Department officials could possibly build relatively detailed profiles on visitors to a site openly critical of President Donald Trump. To start with, because the connection to the site is not encrypted, visitor records would inherently include a complete catalog of all the individual pages on the site that users visited and every piece of information submitted to the site for any reason. There are numerous organizing resources, documents, maps, and event listings posted on the site, and any visitor record  would list every one of these resources that an individual interacted with, allowing investigators to construct a rich profile on every individual whose records are contained in the trove.  Thus the fishing expedition can become a net to trap dissenters.

Perhaps more alarming, though, is the precedent that such a warrant sets in enabling government reprisal for the exercise of constitutionally protected speech. It is extremely doubtful that even a significant fraction of the 1.3 million records requested can be shown to be relevant to the prosecution of the 212 accused protesters which the warrant is intended to support, and so by allowing the government to demand the disclosure of such a massive dataset for the sake of a comparatively minuscule number of cases invites abuse. 

You can read the full story from The Guardian here.

Jonathan Terrasi has been a Research Assistant with the Chicago Committee to Defend the Bill of Rights since January 2017. His interests include computer security, encryption, history, and philosophy. In his writing, he regularly covers topics on current affairs and political developments, as well as technical analyses and guides on security issues, published on his blog, Cymatic Scanning, and Linux Insider.