Compliance Management, Network Security, Privacy

Court tells DreamHost to hand over data on DisruptJ20 visitors, limits scope of gov’t request

No sooner had a federal judge ordered DreamHost to turn over information about visitors to DisruptJ20, a website that organized a protest of Donald Trump on Inauguration Day, to the court, than the company was hit with a distributed denial of service (DDoS) attack.

The Justice Department, investigating Inauguration Day riots, this week narrowed the scope of its original warrant, which would have forced DreamHost to cough up more than 1.3 million IP records of the activist website.

The July 12 search warrant authorized by a federal district court in Washington, D.C., for “the individuals who participated, planned, organized, or incited the January 20 riot," was initially rebuffed by DreamHost as "a strong example of investigatory overreach and a clear abuse of government authority.”

Thursday's ruling, which reduced the time period specified by the search warrant, had D.C. Superior Court Judge Robert E. Morin toeing a thin line between free speech and investigators' needs in probing the protests, which broke into a riot that injured numerous people and resulted in hundreds of arrests.

DreamHost's legal team had argued that the modified warrant was still too broad. “They are requesting all database and database records,” the Washington Post cited attorney Raymond Aghaian as saying. “With one warrant, they are trying to obtain content from multiple email accounts. That is unconstitutional.”

While Morin said “there is a need to review the data and decide what is relevant,” he told DreamHost to turn over the data to his court where it will sit until an appeals court rules, and ordered prosecutors to inform the court who would conduct the review and what criteria they would use to determine if data is “critical.” Additionally, any unrelated information that prosecutors run across is to be sealed, Morin said.

“The de-scoping of the original warrant, combined with the court's additional restrictions on the use of, and access to, that data, is a clear victory for user privacy,” DreamHost wrote in a blog post. “We're pleased that the court further limited the government's access to this data today. Judge Morin confirmed the validity of the Department of Justice's amended request, with some changes, and he is enforcing the DOJ's motion to compel.”

The company said it is “now obligated to comply with the court's request.”

DreamHost later announced that its engineers had determined a DDoS attack by an unknown assailant was behind its DNS degradation. “We are beginning to mitigate the attack and will update this post as new information becomes available," the company said.

Some speculated the site had been taken down by those disappointed with the ruling. “All my sites are on Dreamhost and they've apparently been taken down by hackers for standing up for freedom and democracy,” one Twitter user posted while another wrote that the company “should [have] expected this” from hacktivists.

But others said DreamHost had been targeted for “hosting the newest version of the Daily Stormer website,” the Punish Stormer.

GoDaddy, Google and others refused to host the neo-Nazi website in the wake of the violence in Charlottesville, Va., that resulted in the death of Heather Heyer, a young woman protesting neo-Nazis and white supremacists who met in the college town for a “Unite the Right” rally.

After GoDaddy booted the Daily Stormer, the site was allegedly commandeered by Anonymous.

An In-Depth Guide to Network Security

Get essential knowledge and practical strategies to fortify your network security.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds