Evernote Gave Dark Web Dealer’s Notes to the DEA

As part of a dark web investigation, Evernote handed over a suspect's notes stored on the company's servers.
December 5, 2019, 1:00pm
Image: micamica

As part of a dark web drug case the Drug Enforcement Administration (DEA) obtained a search warrant compelling cloud-based note taking app Evernote to provide a user's data, according to court records.

The warrant highlights how as users increasingly move aspects of their lives to various pieces of software, from ridesharing to note taking apps, that information is often stored remotely on a company's servers and is available to third parties.


"One flashdrive provided by Evernote consisting of 18 data folders in Evernote proprietary software," the executed search warrant from July 2018, listing what data Evernote provided, reads.

Evernote is a note taking app, which allows users to sync images, videos, and texts between their computers and phones via Evernote's servers.

"Take notes anywhere. Find information faster. Share ideas with anyone. Meeting notes, web pages, projects, to-do lists—with Evernote as your note taking app, nothing falls through the cracks," Evernote's website reads.

Do you know about any other unusual requests for data? We'd love to hear from you. Using a non-work phone or computer, you can contact Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox, OTR chat on jfcox@jabber.ccc.de, or email joseph.cox@vice.com.

The warrant was written during an investigation into Stephan Caamano, a dark web drug dealer who sold fake Xanax. Earlier this year Caamano pleaded guilty to seven counts, including trafficking in a counterfeit drug, distribution of a controlled substance, and money laundering, according to court records.

"In general, electronic data sent to an Evernote subscriber is stored in the subscriber's account information or Evernote forums on Evernote servers until the subscriber deletes the electronic data," the search warrant application, signed by DEA Special Agent Todd M. Emery, reads. "If the subscriber does not delete the data, the data can remain on Evernote Corporation servers indefinitely. Even if the subscriber deletes the data, it may continue to be available on Evernote's servers for a certain period of time." The DEA also sent Evernote a preservation request on May 29 2018, which asks the company to keep a copy of all related data from that date onwards.

Evernote provided multiple folders of data, according to the executed search warrant. These folders included "Stephan's Notebook" with 61 documents, "expat plan" with 2, and "depressiion [sic]" with 6.

Evernote did not respond to a request for comment.

Subscribe to our cybersecurity podcast, CYBER.