Tech privacy practices under scrutiny after DOJ subpoenas

Tech companies that publicly promote their privacy practices are coming under scrutiny for handing over metadata on lawmakers, congressional staffers, journalists and even a minor in response to subpoenas from the Trump administration’s Justice Department.

The involvement of tech giants like Apple, Google and Microsoft is shining a spotlight on Silicon Valley’s relationship with Washington and raising questions about whether those companies should have fought the subpoenas to protect user privacy.

“It puts [the companies] in a bad situation, because many of them are claiming they work hard to protect personal privacy, but they’re having to turn information over to government officials. So that’s not the place where they want to be,” said Darrell West, a senior fellow at the Brookings Institution’s Center for Technology Innovation.

The revelations about subpoenas for lawmakers’ data has put the tech companies in a tough spot. From a legal perspective, they have few tools to challenge the government requests that clash with their brand reputations, particularly for a company like Apple.

“On the one hand they obviously have their customers and their reputation. On the other hand, they have to comply with the law,” said Daniel Castro, vice president of the Information Technology and Innovation Foundation.

The tech industry is responding to the bombshell reports by focusing more on the gag orders than the warrants and subpoenas. The individuals swept up in the Trump-era subpoenas were not notified for several years because of court-imposed gag orders.

A Microsoft spokesperson said the company received a 2017 subpoena related to a personal email account but was prevented from notifying the customer for more than two years because of a gag order.

“As soon as the gag order expired, we notified the customer who told us they were a congressional staffer. We then provided a briefing to the representative’s staff following that notice. We will continue to aggressively seek reform that imposes reasonable limits on government secrecy in cases like this,” a Microsoft spokesperson said in a statement.

Microsoft President Brad Smith in a Washington Post op-ed this week called for Attorney General Merrick Garland to prioritize the issue and said Congress should take action to prohibit the executive branch from conducting investigations “wholly in secret.”

Other tech giants are on board with Microsoft’s position.

Facebook is supportive of Smith’s op-ed, a spokesperson said. The social media company is not embroiled in the aftermath of the Trump-era subpoenas, but it has pushed back on gag orders before.

“This, I think, points out a growing problem, which is the gag order,” said Adam Kovacevich, CEO of tech industry coalition Chamber of Progress, which lists Facebook and Google as corporate partners. “Even in cases where they’ve gotten a warrant, it seems clear that the government is abusing gag orders, and that creates problems. I think most companies strive to both support law enforcement and do right by their users. Gag orders are making it impossible to do the latter.”

Other experts said it’s too soon to judge whether tech companies should’ve stopped short of handing over user data to the Department of Justice (DOJ).

“Without having seen the full documents, it’s hard to put in context whether or not the companies had enough information to recognize that there was something potentially troubling, or concerning happening with the subpoena,” said April Doss, executive director of the Georgetown Institute for Technology Law.

For example, if Apple received a subpoena requesting basic subscriber information and did not have reason to believe the account was associated with a lawmaker or a family member, it would be a “fairly vanilla request” for the company to respond to, she said.

Tech companies often receive thousands of government requests for data each year, and many now publish reports disclosing the broad nature of those requests.

“The details really are going to matter a great deal here. Certainly no company is going to want to be perceived as participating in an improper investigation. But we don’t know yet whether the information that was presented to the companies when the subpoenas were served would’ve given the companies enough information to spot this as a possible problem,” Doss said.

Apple, in a statement shared with multiple outlets, said it received a subpoena for data on 73 phone numbers and 36 email addresses by a federal grand jury in February 2018. A yearlong gag order for Apple was renewed three separate times, The New York Times reported. In addition to data on Democrats on the House Intelligence Committee and aides, the subpoena also sought data on family members including one minor, the Times reported

A spokesperson for Apple did not respond to requests for comment.

Tech companies have at times pushed back on such government requests.

As part of the same leak investigation by the Justice Department, Google fought a gag order this year on a subpoena to turn over data on the emails of four New York Times reporters, the newspaper reported.

In another instance that came to light this year, Twitter fought back against a subpoena from federal prosecutors for information that would have revealed the identity of the user behind an account parodying Rep. Devin Nunes (R-Calif.), a close ally of Trump’s who had engaged in several lawsuits against his online critics.

Court documents unsealed last month show Twitter had asked a federal judge to quash the subpoena last year, arguing that it was unconstitutional and suggesting that the Trump administration may have been using its law enforcement powers to aid the then-president’s political ally.

The DOJ ultimately withdrew the subpoena after Biden took office.

Garland has promised to “strengthen” the agency’s procedures for obtaining records from members of Congress and pushed the department’s inspector general to investigate the practice.

The House Judiciary Committee also launched an investigation into the Justice Department’s subpoenas of the data on members of Congress. And John Demers, the agency’s head of the national security division and a holdover from the Trump administration, is said to have announced his retirement to his staff as Congress demands answers and threatens to subpoena Trump’s former attorneys general.

But for more permanent solutions, tech experts argue that the onus is largely on Congress.

“Think about it in terms of a company like Apple, or any tech company, that might be facing multiple threats from the Department of Justice itself. How can they reasonably be expected to push back too much, when they themselves can be targeted by law enforcement perhaps in retaliatory way for not responding to something?” Castro said.