FBI case proves PIAs ‘No Logs’ claim
A very interesting court case currently before the Florida District Courts has resulted in the FBI testing the claim made by popular VPN provider Private Internet Access, that they do not keep any logs of their user’s activity.
As anyone familiar with VPNs will be aware, it is a common claim from many providers keen to emphasize their privacy-protecting credentials. We make reference to it quite frequently in our reviews of different VPNs, and when we do so we always do what research we can to ensure that the claim can be backed up.
It has been the case previously that some VPN providers have retained logs of one kind or another despite claiming not to though, and the case in question inadvertently probed whether this is the case with PIA.
The case is regarding a US man, Preston McWaters, who the FBI claims gave “false or misleading information regarding an explosive device”. In layman’s terms this means he is suspected of making a hoax bomb threat.
The criminal complaint, which can be read in full here, begins with claims that McWaters had been stalking a former co-worker called Devon Kenney. Then in December, there were a number of hoax bomb threats made on social media in the name of Eric Mead, who is Devon’s current boyfriend.
Mead denied making the threats so the FBI investigated and in February of this year issued to Twitter and Facebook requiring them to hand over information about ertain accounts. They complied with these warrants and the complaints states that the FBI believe that it was McWaters who was operating them.
They gathered a variety of other pieces of evidence against him, including CCTV footage of him buying a pre-paid Tracfone. They then looked for IP Address evidence against him. The complaint then states on this line of enquiry that “during the course of the investigation, [we have attempted] to identify the internet protocol (IP) address from where the email messages are being sent. All of the responses from [email provider] 1&1, Facebook, Twitter, and Tracfone have been traced by IP address back to a company named London Trust Media [doing business as] PrivateInternetAccess.com.”
Despite the fact that the FBI most likely has enough evidence to convict McWaters anyway, they subpoenaed London Trust Media for the relevant logs. The complaint continues, “the only information they could provide is that the cluster of IP addresses being used was from the east coast of the United States.”
The only other detail they handed over was that of the companies they accept payment from, although not details of individual payments. The complaint goes on to say “although the investigation has not revealed any payment by McWaters to London Trust, he did make a purchase from AnchorFree Inc [HotspotShield VPN] on October 23, 2015”.
From a VPN point of view this case highlights the level of privacy users can expect from many VPN providers, and especially PIA. It also highlighted how the relationship between VPN providers and law enforcement agencies like the FBI should operate.
It is a great credit to PIA that their ‘no logs’ claim holds up under legal scrutiny and their users will certainly sleep easier at night for knowing that.
It is also a credit to the FBI agents involved in this case, for accepting the policy of PIA and doing their job by collecting evidence from elsewhere to bring the case to court. Those agencies involved in the current dispute with Apple could certainly learn a thing or two from them.
No VPN would condone people using their service for criminal ends, but it is on occasion unavoidable. What must not happen is that they potential compromise the privacy and security of all their users to prevent the actions of just a handful. Retaining no logs is the best way to do this, and for any VPN user for whom privacy is a key reason for signing up, a no logs policy such as PIAs is well worth seeking out.