The Justice Department has issued new guidelines aimed at providing more transparency around prosecutors’ secret demands for customer data stored on tech firms’ servers.
US Department of Justice
Of?ce of the Deputy Attorney General
The Deputy Attorney General Washington. DC. 20530
October 19. 20I7
MEMORANDUM FOR HEADS OF DEPARTMENT LAW ENFORCEMENT COMPONENTS
DEPARTMENT LITIGATING COMPONENTS
THE DIRECTOR. EXECUTIVE OFFICE FOR US. ATTORNEYS
ALL UNITED STATES ATTORNEYS
FROM: Rod J. Rosenstein
Deputy Attorney eral
SUBJECT: Policy Regarding Applications for Protective Orders
Pursuant to 18 U.S.C. 2705(b)
This memorandum provides guidance and direction for Department of Justice attorneys
and agents seeking protective orders pursuant to 18 U.S.C. 2705(b) of the Stored
Communications Act This guidance applies prospectively to all applications seeking
protective orders. including both new orders and renewals, ?led on or after 30 days of the date
this memorandum is issued.
The SCA permits the government to obtain certain records and information from
providers of electronic communications services or remote computing services relating to their
customers or subscribers. Under the SC A. the government may compel the disclosure of
different categories of information via subpoena. a court order under 18 U.S.C. 2703(d). or a
search warrant. The SC A does not by default forbid a provider from notifying anyone.
Providers will be prohibited from voluntarily notifying their users of the receipt of legal process
under the SCA only if the government obtains a protective order under I8 U.S.C. 2705(b).
based on a need for protection from disclosure.
Each 2705(b) order should have an appropriate factual basis and each order should
extend only as long as necessary to satisfy the govemment?s interest. Prosecutors who are
applying for 2705(b) orders must follow the steps outlined below:
This guidance is intended only to improve the internal management of the Department of Justice. It is
not intended to and does not create any right, bene?t, trust, or responsibility. whether substantive or
procedural. enforceable at law or equity by a party against the United States. its departments. agencies,
instrumentalities. entities, of?cers. employees. or any person. nor does it create any right of review in an
administrative. judicial. or any other proceeding. This memorandum does not impact or alter existing
procedures governing protective orders pursuant to any other authority. including l8 U.S.C. 2709(c) or
the Termination Procedures for National Security Letter Nondisclosure Requirement. Federal Bureau of
Investigation (Nov. 24. 20l 5).
Distribution List Page 2
l. Prosecutors must conduct an individualized and meaningful assessment regarding the
need for protection from disclosure prior to seeking an 2705(b) order and only seek an
order when circumstances require.
2. In applying for 21 2705(b) order, prosecutors should tailor the application to include the
available facts of the speci?c case and/or concerns attendant to the particular type of
investigation. The prosecutor should identify which of the factors set forth in
apply and explain why. For example, prosecutors might choose to
include information about the relationship of the data sought to the subject(s) ofthe
investigation or describe the potential for related accounts 0r data to be destroyed or
otherwise made inaccessible to investigators. Similarly. prosecutors may identify
concerns attendant to the risk of ?ight or harm to public safety in that particular
investigation. including those concerns based on experience with similar types of
investigations. The factors justifying protection from disclosure may be similar in many
cases, particularly at the outset ofan investigation. As appropriate, prosecutors may state
the extent to which the stage of the investigation limits the availability of specific facts
justifying the 2705(b) order.2
3. Prosecutors may seek a single protective order that covers multiple grand jury subpoenas
issued as part of the same investigation, or a single protective order that covers other sets
of nearly-identical legal process in a discrete investigation. A single protective order for
multiple items of process should be sought only if the facts justifying protection from
disclosure are the same for all items of process covered by the order. Prosecutors should
ensure that a copy of the protective order is served with each item of process covered by
4. Barring exceptional circumstances. prosecutors filing 2705(b) applications may only
seek to delay notice for one year or less.3
3 When applying for a 2705(b) order to accompany a subpoena seeking basic subscriber information in
an ongoing investigation that is not public or known to the subject(s) of the investigation. stating the
reasons for protection from disclosure under as the risk that subject(s) will ?ee. destroy
or tamper with evidence, change patterns of behavior. or notify confederates?usually will suf?ce. At a
later stage of the investigation. for example, when a search warrant is being sought, the prosecutor should
include more speci?c facts. as available, in support of the protective order.
7? There may be exceptional circumstances in which orders of longer duration are necessary. such as in
certain national security investigations that materially differ from routine criminal investigations. Orders
seeking to delay notice beyond the time limit listed above shall be sought only with the written
concurrence of a supervisor designated by the United States Attorney or the appropriate Assistant
Attorney General, based upon facts and concerns that support a longer delay (gag. the suspect is an
overseas fugitive who may travel intemationally at some future time. if not alerted to the investigation).
Distribution List Page 3
5. The Department recognizes that judges may direct shorter or longer periods for orders.
consistent with the language of 2705(b).
6. If factors justifying protection from disclosure continue to exist at the expiration of the
original order, subsequent extensions of equal or less duration may be sought. Requests
should be supported with such additional. speci?c facts as may have been developed
through the investigation.
The guidance was developed with input from many Department components and will be
added to the US. Attomey?s Manual. Nothing in this guidance is intended to indicate or imply
that any existing protective order(s) issued by any court may be improper. If you have questions
relating to the interpretation or recommended implementation of this guidance. please contact the
Computer Crime and Intellectual Property Section of the Criminal Division at 202-514-1026.