Riseup, a firm that offers secure online communication tools designed for social activists, has confirmed that it received warrants from the FBI to inspect two users' emails.
Riseup users had warned on social media that the group's "warrant canary" had not been updated for the Winter 2016 quarter. A warrant canary is the term used for a renewable statement confirming that an organisation has not been issued with a court order to compromise users' details within the time period it covers.
The non-renewal of a warrant canary is a sign that the organisation may have been served with a gagging order preventing it from notifying its users of the receipt of a warrant.
In November, Riseup issued a cryptic tweet, which users interpreted as a reference to the non-renewal of the warrant canary:
"Listen to the hummingbird, whose wings you cannot see, listen to the hummingbird, don't listen to me. #LeonardCohen"
The organisation has now confirmed that it received both a warrant from the FBI to inspect the emails of two users and also a gagging order preventing Riseup from going public.
On its blog, Riseup writes: "After exhausting our legal options, Riseup recently chose to comply with two sealed warrants from the FBI, rather than facing contempt of court (which would have resulted in jail time for Riseup birds and/or termination of the Riseup organization). The first concerned the public contact address for an international DDoS extortion ring. The second concerned an account using ransomware to extort money from people."
It continues: "Extortion activities clearly violate both the letter and the spirit of the social contract we have with our users: We have your back so long as you are not pursuing exploitative, misogynist, racist, or bigoted agendas. There was a 'gag order' that prevented us from disclosing even the existence of these warrants until now. This was also the reason why we could not update our 'canary'"
As of Thursday, Riseup is now encrypting all new plaintext emails on its servers in such a way that Riseup staff cannot read them. Existing emails will be migrated to the new system in due course. It will also redraft its warrant canary to differentiate between law enforcement agencies' legitimate interests in pursuing criminals and intrusive surveillance of other members.
"The canary was so broad that any attempt to issue a new one would be a violation of a gag order related to an investigation into a DDoS extortion ring and ransomware operation," it writes. "This is not desirable, because if any one of a number of minor things happen, it signals to users that a major thing has happened."
It adds: "Our initial canary strategy was only harming users by freaking them out unnecessarily when minor events happened. A canary is supposed to signal important risk information to users, but there is also danger in signaling the wrong thing to users or leading to general fear and confusion for no good reason.
"The current canary is limited to significant events that could compromise the security of Riseup users."
Holders of bitcoin could find themselves with free 'bitcoin cash' following a hard fork - but only if they have their private key
Ryzen shine: New microprocessors help boost AMD revenues by 19 per cent to $1.22bn in second quarter
Successful launch of Ryzen 5 and 7 CPUs helps boost sales at AMD
Flagship device also supports firm's modular MotoMod add-ons
Comes just week after firm announced plans to bin the service