Official Flag of the FBI

Why Cloud and Internet Service Providers (ISP) Get Subpoenaed By State & Federal Governments

This is the first post in this 6 part series, telling the story of my Victimless Indictment… Why cloud and ISPs get subpoenaed by the government.

You may be wondering what was going on at Micfo in 2017 and 2018? Let’s start with this common practice that will explain so much.

Government agencies subpoena subscriber information from cloud companies and ISPs like Micfo, for reasons that include: national security, suspected crimes, ongoing investigations and more.

Because of this, as a normal part of conducting day-to-day business, all major ISPs have a department dedicated to compliance and abuse-related matters. At Micfo, which by 2018 was one of the top 1,000 networks globally in terms of traffic, this was the Abuse Department. 

Fun fact: Tech companies are notorious for not even complying with State and Federal governments! 

Three pillars of how Micfo handled government inquiries

  1. Micfo always extended our full co-operation to state and federal agencies and other Internet watchdogs, as long as all necessary legal requirements (like a subpoena or a court order) were in place, as these legal requirements protect the privacy of our clients. Micfo was served with hundreds of state and federal subpoenas over the years. Here is a list of 200+ subpoenas Micfo complied with between 2016-2019. As you can see, this list is extremely detailed and you are welcome to read and verify it for yourself.
  2. We had an established standard operating procedure (SOP) for handling subpoenas to ensure everything went smoothly and all orders were answered. Here is Micfo’s SOP regarding handling subpoenas. All engineers and account managers were trained in this SOP during their orientation.
  3. We had a close working relationship with FBI personnel. Special Agents Thomas Grasso, Mark Bay, and Matt Pinto were our points of contact and made frequent visits to our offices in Atlanta and Charleston to seek our assistance with their subpoena requests. In fact, in early 2019 there was a school shooting threat broadcast on social media that was escalated to me. Local authorities informed us that they were unable to get a judge to sign a subpoena quickly enough address the urgency of the matter. Being father to two little boys, I directed Micfo to cooperate with the local authorities and provide them whatever information was needed, pending an official subpoena.

False Claims by Former Micfo Employee Dustin Carver

In his interview with the FBI, Dustin claimed that Micfo dodged all subpoenas and encouraged employees to not comply with any subpoenas. Dustin also claimed that he worked at a larger company (Linode) in their Compliance Department (false) and that although Linode was much larger than Micfo they never received the volume of subpoenas that Micfo did.

Let’s look at Dustin’s allegations

  1. As I’ve laid out above, Micfo had a standardized system for answering subpoenas, and a robust, ongoing relationship with local agents.
  2. Dustin lied about working in Linode’s Compliance department—he did not. 
  3. There’s no direct correlation between the size of an ISP in terms of revenue or employees and number of subpoenas received. The number of subpoenas depends on amount and type of traffic an ISP receives. As stated above, Micfo was, at the time, among the top 1,000 networks globally. We served 55% of all VPN providers and cybersecurity firms. Our clients included McAfee, Avast, Ntrepid, AnchorFree, Hotspot Shield, NordVPN, PureVPN, ExpressVPN, Cyberghost, Windscribe, London Trust Media (PIA), ProtonVPN, Astrill, and Mullvad–to name a few.
  4. Dustin falsely alleged that Micfo was a platform for cyber criminals. The truth? Like any business, Micfo had users who broke the law. When we found out, we terminated their contracts. We also had incidents where our customers’ end-users were in violation of our terms of service. In these cases we worked with the customer to terminate the offending end-user.

Let’s put this in perspective:

Between a few of our largest VPN clients alone we had close to 60 million VPN users transiting through our network each month. Over three years we received 200+ subpoenas from various state and federal agencies, and most of the subpoenas were directed to their subscribers. Those 200+ subpoenas were the equivalent of receiving subpoenas for 0.000000416% of only one month of our traffic! 

Here’s The Deal

You can buy a kitchen knife to cut tomatoes—or to commit a crime. 

Given that 99.99% of those buying kitchen knives use them to slice tomatoes—does the fact that Bed Bath and Beyond sells kitchen knives mean it is a criminal organization

I have to wonder…How crazy does that sound?

Please scroll down to the comments below and share your point of view on this confusing situation. And again, thanks so much for your enthusiastic support! I don’t know how I could have made through all this without the love and support of my family and friends. This is the first step in our creating community around Helping Every Loving Parent (HELP) to spend time with their children. Every story is important.

[Next in the Series]: When The Joint Terrorism Task Force and Homeland Security Came Calling

Share
Leave a reply

Written by Amir Golestan

Newsletter

What to keep up with my story? Receive updates right in your inbox.

Follow Me

Follow me on Twitter and Instagram to stay informed.