DOJ sends evidence preservation request to Domains by Proxy for details of CyberWarNews.info blogger

Some days, it’s not easy being a data breach researcher and citizen journalist. In time, you somewhat get used to legal threats because you published something a company took exception to, and you shrug when your site gets DDoSed by those who don’t like your criticism of their hacking activities. But when the U.S. Department of Justice gets involved, that’s a whole other level of worry. And that’s what has happened to the researcher/breach blogger who publishes cyberwarnews.info.

Lee, who’s in Australia, registered cyberwarnews.info using Domains By Proxy (DBP). Yesterday, they forwarded a 2703(f) evidence preservation request they received as his agent from the U.S. Department of Justice.

The request, signed by Albert Rees, Jr. , Senior Counsel at the DOJ, asks DBP to preserve evidence relating to a post Lee made in February: #OpIndependence. Confidential e-mails of Klitschko leaked.

The request asks DPB to

not disclose the existence of this request to the subscriber or any other person, other than as necessary to comply with this request. If compliance with this request might result in a permanent or temporary termination of service to the Account, or otherwise alert any user of the Account as to your actions to preserve the information described below, please contact me as soon as possible and before taking action.

I do not know whether DBP contacted Mr. Rees or not, but they did forward the request the very same day (yesterday) to Cyberwarnews.info, who tweeted:

seems the DOJ is looking for me? pic.twitter.com/VoV4TTRtvr — CWN (@Cyber_War_News) April 17, 2014

seems the DOJ is looking for me?

CWN sent a copy of DOJ’s request letter to DataBreaches.net, and I’ve uploaded it here.

The request asks DBP to preserve, for 90 days, “pending further legal process:”

The contents of any communication or file stored by or for the Account and any associated accounts, and any information associated with those communications or files, such as the source and destination email addresses or IP addresses. All records and other information relating to the Account and any associated accounts including the following:

a. Names (including subscriber names, user names, and screen names);

b. Addresses (including mailing addresses, residential addresses, business addresses, and e-mail addresses);

c. Local and long distance telephone connection records;

d. Records of session times and durations, and the temporarily assigned network addresses (such as Internet Protocol (“IP”) addresses) associated with those sessions;

e. Length of service (including start date) and types of service utilized;

f. Telephone or instrument numbers (including MAC addresses);

g. Other subscriber numbers or identities (including temporarily assigned network addresses and registration Internet Protocol (“IP”) addresses (including carrier grade natting addresses or ports)); and

h. Means and source of payment for such service (including any credit card or bank account number) and billing records.

So why is DOJ seeking Lee’s information over that post? Does it have something to do with the fact that Lee noted that the statement had been “submitted anonymously” to his site? Even if it was submitted anonymously, it appears to be the same content publicly viewable on Pastebin. Anyone could have sent the material or link to Lee – including someone who was not involved in the data leak but just thought he might be interested in it.

And even if it was sent by the leaker – who may or may not have been involved in any hack – why is DOJ getting involved in an #OpIndependence or Anonymous Ukraine action?

And can the DOJ do anything to Lee? Should they even have access to his details if he’s merely investigating and reporting? Is this a matter for those concerned about press freedom?

I suggested Lee contact EFF to see if they might give him some advice as to whether to try to challenge this request or not. I hope someone advises him, because if the DOJ can just go after us breach bloggers and get our details for further action, I fear many of us are at risk.