A search warrant is not a sealed subpoena, and you should always at least be able verify the people who issued it exist and have the authority to do so. I would hope you can also verify some identification number and major details, but I only know the German legal system, not the US one.
>and you should always at least be able verify the people who issued it exist and have the authority to do so
I don't think that would have helped in this case since although it was based on an affidavit from a fake police officer, the name of a real judge was used to approve the fake warrant.
What would have helped is Verizon calling the court and verifying that they issued the warrant.
Literally nothing stops these companies from having a staff member look up the courthouse's contact info on the official court website, call a clerk, and verify the warrant....except they don't want to pay for the labor to do so.
Law enforcement should be free, or at least paid for by generic taxes.
If I host a movie night with some friends, and an altercation occurs between them, then it's unjust for the police to create unreasonable cost on me as a host. They shouldn't tear up the house or create lots of time consuming paperwork without compensation.
You may think that my movie nights are inherently a danger to society. But even if that's correct, we should create direct legislation to discourage this dangerous activity rather than using search processes/warrants to impose cost in an approximate and roundabout way.
You’re not a company, if you host a movie night privately its different than a company that handles and has the responsibility of the personal data of millions of people, I am not even sure wtf I am reading, do you guys even consider scale and contexts when writing things or just throw random examples around
But also the cost for you would be the time to call law enforcement, for them is the time to verify the validity of a document, so its just nonsense
I’m trying to emphasise that safety legislation should operate through direct legislation whenever possible.
Large companies can face massive civil & criminal liabilities for mishandling personal data, whilst also being made whole for the administrative cost of cooperating with law enforcement.
Responding to legal requests is part of operating a phone service, and apparently they failed to do that without seriously endangering a stalking victim.
I have no idea what exact laws and liabilities apply here, but my feeling is there's very likely going to be an undisclosed civil settlement between Verizon and the victim, and maybe some laughable fine (let's say ≤$10k) for violating privacy laws on the criminal side.
If the law is "you will hand over this data in response to a warrant", how did they fail?
The fact that the US warrant system has holes capable of driving a truck through isn't the fault of Verizon - there exists no sensible way of validating a warrant.
> If the law is "you will hand over this data in response to a warrant", how did they fail?
Just because a piece of paper claims to be a warrant, doesn't mean it is one. Warrants and subpoenas contain contact information for the person that issued them. It is on verizon to verify that the warrant the received was legitimate and if it wasn't, to report to the DA that someone is issuing fake warrants (which is a crime all by itself).
Subpoenas (like verizon was issued) are never immediately actionable. You have a right to appeal subpoenas. If the subpoena had a "You must respond right now" trigger it'd eliminate that right. Something I'm CERTAIN verizon knows because they file motions to quash all the time [1].
There is a way, that’s the whole point. They can contact the issuing authority, just like you do when you get any letter or email asking you for sensitive information.
I don't think it'd actually be a GDPR case in EU; it's more of a wiretapping case - note some of the victims communication was revealed. (GDPR violations might be a secondary charge, but wiretapping would be way more significant.)
That said it really depends on the exact legal framework (which I have no clue about) and eagerness of a prosecutor to make a case. Hence my "maybe".
FWIW I have a side job at a small community ISP in the EU and the GDPR was a no-op for us. The requirements for anyone operating in the telco space were already stricter. If I remember correctly the GDPR fines are higher though, whereas wiretapping (& co.) laws are much more likely to land you personally in jail.
(I was being intentionally vague with "privacy laws"; I do include wiretapping charges in that but, again, I don't know the US legal situation.)
Generally speaking, when you get a subpoena you can demand "conduct money" precisely to reimburse this cost. Otherwise the subpoena is unenforceable. Not sure exactly how warrants work
