Two Republican senators asked the secretary of the Department of Homeland Security on Friday for details about the department’s protocols for requesting consumers’ personal information from businesses, following a lawsuit from Twitter Thursday against DHS after it demanded the company reveal the identities behind an account critical of the government.

Twitter dropped its suit Friday after U.S. Customs and Border Protection dropped its own request that the company reveal who was behind the @ALT_USCIS account, which tweets criticisms of U.S. immigration policy and national politics.

The company accused the government in its lawsuit of using “boilerplate language” in the summons but otherwise offering no evidence of wrongdoing or any assurances that the request wasn’t being made to suppress free speech.

“We are writing to request clarification about U.S. Customs and Border Protection’s (CBP’s) internal protocols for ordering that private companies divulge their customers’ names, addresses, account holder details, or any other personally identifiable information,” Sens. Cory Gardner (R-CO) and Mike Lee (R-UT) wrote in their letter to DHS Secretary John Kelly.

Kelly was listed in his official capacity in Twitter’s lawsuit, along with CBP’s leadership.

“Are there instances outside of an official criminal or civil investigation in which CBP would request that a private company provide a customer’s personally identifiable information or any other information that might otherwise lead CBP to the identity of that customer?” the senators’ letter asks.

“Do DHS and CBP believe that an appropriate court order should be sought prior to requesting that a private company unmask the identity of one of their customers?”

Read Gardner and Lee’s letter to Kelly below:

Dear Secretary Kelly:

We are writing to request clarification about U.S. Customs and Border Protection’s (CBP’s) internal protocols for ordering that private companies divulge their customers’ names, addresses, account holder details, or any other personally identifiable information.

Recent news reports allege that a Special Agent in Charge at CBP ordered Twitter to reveal the identity of a Twitter user who operates a parody account called @ALT_USCIS. That Twitter user frequently criticizes the government’s policies, specifically those policies in place at DHS and CBP. In order to better understand how and why CBP requests such information, please answer the following questions:

1. Under what statutory authority may CBP pursue agency investigations of private companies, their customers, or individuals? If DHS believes such CBP investigations may rely on multiple provisions of law, please list all that apply.

2. How many requests has CBP made of private companies for their customers’ personally identifiable information or any other information that might otherwise lead CBP to the identity of any of those companies’ customers?

3. Is there any official established policy at DHS or CBP that provides guidance to officials within CBP on when and whether such requests should be made? If so, please provide a reference to that specific policy and if not, please indicate how such decisions are made.

4. Prior to requesting that private companies divulge their customers’ personally identifiable information or other details about their customers, does CBP pursue any other courses of action to attempt to complete their investigation without making such a request? If so, please detail what courses of action CBP typically takes prior to making such a request.

5. Is there any circumstance in which CBP would consider non-criminal speech a sole factor in whether to request that a private company divulge any of their customers’ personally identifiable information or any other information that might otherwise lead CBP to the identity of any of those customers?

6. Are there instances outside of an official criminal or civil investigation in which CBP would request that a private company provide a customer’s personally identifiable information or any other information that might otherwise lead CBP to the identity of that customer? If so, please provide examples of such instances.

7. Do DHS and CBP believe that an appropriate court order should be sought prior to requesting that a private company unmask the identity of one of their customers?