It’s not clear how frequently the FBI has issued secret orders to obtain information on people from communication companies without court authorization. But now Google is helping shed light on the controversial practice, releasing new data that reveals how the government has gleaned data on thousands of its users in recent years.
So-called “national security letters” were created in the 1970s to help the feds covertly obtain and scrutinize information about suspects suspected of being foreign spies. But their use was expanded under the Patriot Act following 9/11, and they can now be used to order companies to provide data on Americans. A company that receives a NSL is forbidden from talking about it publicly and can discuss it only with a lawyer, or else potentially face years in prison.
Yesterday, Google took the important step of releasing a small amount of information about the NSLs it has received since 2009. A transparency report gives ballpark figures showing that since 2009 it has received anywhere between zero and 999 NSLs each year. Because each NSL can cover more than one person, Google was ordered to hand over data on between 1,000 and 1,999 user accounts in 2009, 2011, and 2012. In 2010, that figure rose to between 2,000 and 2,999 users.
Why couldn’t Google disclose precise numbers? “To address concerns raised by the FBI, Justice Department and other agencies that releasing exact numbers might reveal information about investigations,” Richard Salgado, Google’s legal director, wrote in a blog post. I asked the FBI to explain how revealing specifics could possibly undermine investigations, but the agency said it was “not commenting.”
The information that the FBI can obtain using an NSL includes the name, address, and billing records of a subscriber. NSLs can’t be used, Google says, to force it to hand over Gmail content or IP addresses. But because the feds can use the letters to bypass courts and exert extreme secrecy over communication providers, civil rights groups like the Electronic Frontier Foundation have contended that they represent one of the most “frightening and invasive” excesses of post-9/11 national security efforts.
It was previously revealed that between 2003 and 2006, nearly 200,000 NSLs were used by the FBI to obtain information on people, with the bureau in some cases abusing them to “obtain vast quantities of telephone numbers or other records with a single request.” In late 2003, the feds reportedly issued a number of NSLs in an attempt to build “a real-time census of every visitor” to Las Vegas while pursuing an apparent terror investigation.
One of the few people to have challenged the legality of the gag orders is entrepreneur Nicholas Merrill, whom I spoke to last year about his plans to launch a surveillance-resistant Internet provider. Merrill received an NSL in 2004 while running a New York hosting service and successfully challenged it as unconstitutional in the courts. He couldn’t talk about receiving the letter with his colleagues, family, or his girlfriend—and is today still is unable to reveal certain details, as he explained in a 2011 talk.
Few others have spoken publicly about receiving an NSL, no doubt in part due to fears over legal consequences. But by releasing albeit limited data on the letters yesterday, Google has made a small step toward chipping away at the excessive secrecy that surrounds them. Let’s hope other companies will be inspired to follow suit in the future.