Reddit hints that U.S. now spying on its customers

Snowden gives pep talk to hackers

It seems that the federal government has made a demand — in a controversial secret court — to spy on Reddit users.

Normally, the discussion website Reddit would never be allowed to even acknowledge that it received such a request. But thanks to a legal hack, the company has tipped off its customers.

Federal agencies have a tool of mass surveillance called a “National Security Letter.” It’s a formal request that’s usually issued by the FBI to an American company seeking information about customers.

The legal demand is approved by a federal judge sitting on the Foreign Intelligence Surveillance Act court — whose proceedings are kept secret — and the subject company must stay absolutely silent about it.

Sometimes, even a company’s CEO doesn’t know.

If this request is anything like previous ones, the government is likely seeking the true identities of some Reddit customers by obtaining computer logs of all their activity on the website. The government is also likely looking at the Internet Protocol address of customers’ computers to figure out their physical location.

How Reddit made this public

Ever since ex-NSA contractor Edward Snowden in 2013 revealed the extent of U.S. government surveillance, some technology companies have adopted a legal hack to alert the public when they receive these secret demands for information.

It’s called a “warrant canary.” Here’s the logic: Although a company can’t say when it has received a National Security Letter, it can say when it has not received one. So, some companies have included special language in public statements saying things like, “We haven’t received an NSL yet.”

The idea is, when an NSL comes around, the language disappears. It’s like a canary in a coal mine that dies when exposed to toxic gas.

Only a few companies — mostly high tech ones that have a strong pro-privacy stance — have adopted this, such as websites Pinterest, Reddit, and Tumblr, software maker Adobe, phone maker Silent Circle, and mobile cybersecurity company Lookout.

In Reddit’s case, the company previously included this language in its 2014 “transparency report,” which documented how many times governments have requested information on Reddit users.

“As of January 29, 2015, reddit has never received a National Security Letter,” the company wrote then. “If we ever receive such a request, we would seek to let the public know it existed.”

That language disappeared in its next transparency report. Reuters was the first to discover this.

Reddit did not respond to requests for comment. But the company wouldn’t legally be allowed to disclose anything anyway.

It’s impossible for CNNMoney to determine what the national security letter requested. It could be full information on a single user — or everyone.

comments powered by Disqus