Freed by security reforms adopted by Congress last year, Google yesterday published the redacted contents of eight National Security Letters (NSLs) it received from the Federal Bureau of Investigation between 2010 and 2015 requesting information on 21 user accounts.
U.S. government agencies can use NSLs to request certain types of information about the activities of users of Internet services and other communication services. Until the USA Freedom Act was passed in June 2015, agencies issuing NSLs could also impose indefinite gag orders to prevent recipients from ever publicizing those letters or even stating they had received any.
In June of this year, Yahoo became the first tech company to publicly disclose three NSLs it had received from the FBI. Google also published one NSL in its October Transparency Report and the Internet Archive published one earlier this month.
Publication To ‘Shed Light on Nature of NSLs’
Over the years, a number of companies have challenged the use of indefinite gag orders to prevent them from releasing information related to NSLs; however, even with the passage of the USA Freedom Act, some gag orders remain in place. Some firms have also attempted to bypass those gag limitations by publishing so-called “warrant canaries,” stating that they have not received NSLs or noting when they have received anywhere between 0 and 999 NSLs.
Google published the eight NSLs recently freed from gag orders to “shed more light on the nature and scope of NSLs,” Richard Salgado, Google’s director of law enforcement and information security, wrote yesterday in a blog post. He added that the letters had minimal redactions “to protect privacy interests, but the content of the NSLs remain as they were when served.”
For example, an NSL from the FBI’s North Carolina division dated Sept. 23, 2014, directed Google to provide the agency with the names, addresses, account information and length of service for 11 Gmail accounts. However, the actual Gmail addresses are obscured in the document, as is the name and phone number of the Google employee to whom the NSL was directed.
‘We Will Remain Vigilant’
“While we are encouraged by this development, we will remain vigilant in opposing legislation that would significantly expand the universe of information that can be obtained with an NSL,” Salgado noted at the close of his blog post.
Salgado’s post included a link to a letter sent to U.S. senators in June urging them to oppose future efforts to expand the government’s NSL authority. The so-called Electronic Communication Transactional Records letter was signed by more than three dozen organizations, including the American Civil Liberties Union, the Center for Democracy & Technology, the Electronic Frontier Foundation, Facebook, Google, Human Rights Watch and Yahoo.
Earlier this month, the Internet Archive published an NSL it had successfully challenged on the basis of the letter’s misinformation about how recipients could challenge gag orders. Since the USA Freedom Act was passed, the FBI is believed to have sent thousands of such letters providing recipients with incorrect information about how frequently they could challenge nondisclosure requirements.
“[T]hat secrecy helped conceal that the FBI was giving all NSL recipients bad information about their rights,” Internet Archive founder and digital librarian Brewster Kahle said in a Dec. 1 announcement released by the Electronic Frontier Foundation that helped Kahle’s organization challenge the error.
The FBI subsequently has had to re-issue NSLs to recipients who had been incorrectly told they could challenge gag orders only once a year rather than multiple times, as is now allowed under the USA Freedom Act.