We've never seen a subpoena before, have you? Check this out...
In our 9 year history, we have been extremely lucky with our legal entanglements. We received a Cease and Desists in 2009 and in March, we received our first subpoena. I'm writing today to explain a little bit to folks on the American legal process as seen from a business. I hope this educates a few people about how it works.
In early March we received some inquiries from a Sheriff's office in a state in the Union. Their office had found credit card skimmers installed in gas pumps along a major highway. One of the PCBs had the SparkFun logo so they gave us a call and started asking for customer information. We respectfully declined letting them know we don't give out customer information to anyone. A few days later we were served a subpoena via email.
I want to be very clear: creating devices that steal credit card numbers are illegal and cause pain for a lot of people. We know our parts can be used for good or for evil. We have zero tolerance for those who use them for evil. I will offer our technical services to any law enforcement that may need help reverse engineering a device. It is obvious the law enforcement agency is requesting this information to put a stop to this activity. However, I also believe strongly in the right to privacy and the protection of personal data.
Needless to say, I have learned a lot about our legal system during this process. A subpoena is public record once the case is closed. We were asked to use discretion when posting full names and to delay our homepage post until the investigation was closed so that we didn't impede the case. To our knowledge no arrests or discoveries were made.
You can say 'no' to a subpoena if you have a very good reason to refuse. We were informed that if you do say no, the law enforcement entity issuing the subpoena will issue a warrant, contact your local sheriff and appear at your work to obtain the requested information. Obviously, this type of escalation would be good for no one.
Please read the subpoena carefully. The request for 'all orders' seemed like they were casting a very wide net without cause. Discussing this issue with our counsel and working with the law enforcement agency, we agreed to obtain the orders that had the product on it, not all orders as required by the subpoena. This ended up being about 20 orders. In my opinion, one order is too much information. While I believe this legal process protects us all from wrong doing, turning over any piece of data goes against every fiber in my being. But without any further legal options, I made the decision to turn over the sub set of data.
I want everyone to know that we take your data and privacy extremely seriously. We guard it with the highest levels of security and confidentiality. If we are legally forced to turn over data, we promise you we will work with the law enforcement agency to do everything in our power to limit the amount of information released.
Please know that subpoenas are very serious, but they are not set in stone. The law enforcement agency was simply trying to do their job and worked with us to limit the scope while getting the information that they needed. I hope you are never served a subpoena but if you are sent one, don't be caught flat footed. Please let this homepage post serve as a reason to raise your hand and ask more questions.