The subpoena probably includes a nondisclosure clause; a court order certainly would. The mechanics of nondisclosures on subpoenas is interesting and I don't totally understand it (by definition, a subpoena is a document authorized by someone other than a judge).
> by definition, a subpoena is a document authorized by someone other than a judge
Uhm, am I misunderstanding what you wrote, because that is definitely not true. Subpoenas require an officer of the court by definition (in the US anyway), which can be a judge, a court clerk, or even lawyers in some jurisdictions.
Can a court clerk or a lawyer unilaterally create a nondisclosure requirement? It is not generally that case that a lawyer, absent a judge, can send you a document you're not allowed to disclose (though certainly lots of C&D's try to suggest otherwise).
I'm sure the NDA stuff here is ironclad! I'm just curious what the mechanism is.
> Can a court clerk or a lawyer unilaterally create a nondisclosure requirement?
If they are acting as an officer of the court, which they’d need to be to sign off on a subpoena, I believe the answer is yes. The mechanism is called a “gag order”.
For subpoenas authorized under the Stored Communications Act, there's statutory authorization for DOJ to request time-limited NDAs, which makes me wonder if there needs to be explicit authorization for other kinds of subpoenas. This is the kind of noodling I'm doing here; I'm not trying to message-board my way to a first-principles argument that the NDA was bogus. :)
It's very common for a subpeona related to an ongoing investigation to include a gag order. For instance, if someone is investigating someone for a crime, and requests that users search history, the last thing they want is for Google et al to alert the user that this happened, as they may not be ready to arrest them yet and the target would flee.
Same with wiretapping orders, or frankly a subpeona for pretty much anything from a third party.
> Subpoenas require an officer of the court … or an agent working for the government
I left off the second part after the ellipses because it’s not relevant to the current discussion and because there’s constitutional challenges against them even when federally issued, as your link calls out. I didn’t want us to tangent off needlessly. The law is a messy place, lots to find and hate.
"We have waited for the string of subpoenas to subside, though we were committed from the beginning to write and publish this post as a matter of transparency, and as allowed by the lack of a non-disclosure order associated with the subpoenas received in March and April 2023."
I doubt it. Most of these investigations (really: most federal computer-related investigations) are super boring, and are about things ordinary people wouldn't object to seeing investigated.
We're a message board and we're thus optimized for drama over truth-seeking (it's just human nature). The truth of these kinds of events is usually not all that interesting. If it's something more dramatic, we'll hear more about it in the future. In, like, a sort of Bayesian sense, you can predict that any given subpoena or court order is going to be about a case nobody would bother sending warning signals about.
> Most of these investigations (really: most federal computer-related investigations) are super boring, and are about things ordinary people wouldn't object to seeing investigated.
This is true. The result may be so boring local news wouldn’t even cover it. In some cases you have to find the investigating agency’s unremarkable press release and then dig for related court documents to even find out what happened.
The users themselves already know their own usernames, presumably. They could let the users know they were subpoenaed without letting them know their username. :P
they have five usernames... that can narrow down what projects they were associated with pretty quickly to infer if there was something nefarious about them. though it could be entirely unrelated to their activity on pypi and be a trawl for leads based on username similarity from some other messageboard or activity that was used for illegality. though, thinking about it more, that seems legally dubious a reason to be able to get a subpoena issued for. ianal
They only wrote that they weren't told what it was about. However it might be obvious from the packages uploaded by those users (e.g. if they uploaded malware).
There's a wide gulf between concrete knowledge and belief.
I see an ambulance going lights-and-sirens behind me. I don't know they're on their way to or from a hospital, but I pull over because I have reason to believe they are.
Weird analogy. An ambulance has a very narrow scope of responsibility. Legal processes have a very wide scope. Clearly this is related to a legal matter and not an immediate medical matter. But the nature of the legal matter could be a very wide variety of things, ranging from lower court civil proceedings up to treason, etc.
Why not to the users themselves? Have they been prohibited from doing so? (TFA does not say afaict)