Thanks to our clients and friends at CREDO Mobile and the Internet Archive, EFF was able to shine a rare light on national security letters (NSLs) this week. The FBI uses NSLs to force Internet providers and telecommunications companies to turn over the names, addresses, and other records about their customers. NSLs almost always come with a secrecy provision that bars the companies—in violation of the Constitution—from publicly disclosing the requests. Worse still, NSL gags generally last forever and are imposed by the FBI without any mandatory court oversight.
The FBI has issued hundreds of thousands of NSLs since 9/11, and because of their secrecy, NSLs have become a totemic representation of the government’s overreaching surveillance powers.
EFF has been litigating the constitutionality of NSLs on behalf of unnamed clients in a total of three related court cases beginning in 2011. This week, telecom provider CREDO confirmed that it was the company involved in one of these long-running cases, and published the letters it received three years ago.
CREDO, represented by EFF, challenged the gag orders associated with these NSLs in 2013, and in March of this year, a district court found that the FBI had failed to demonstrate the need for the gags. The court struck down the gags, but its order was put on hold while the government went to an appeals court to overturn that ruling. This month the government decided to drop that cross-appeal, so CREDO is finally free to talk about its courageous decision to fight for the right to go public and let the world, and importantly, its customers, know that the government was accessing customers’ private communications.
Along with EFF’s two other NSL lawsuits, CREDO’s case remains on appeal in the U.S. Court of Appeals for the Ninth Circuit, where EFF is continuing to fight unconstitutional NSL gags. The identity of EFF’s clients in the other cases remains secret, but their position is clear: the Constitution doesn’t allow the government to outlaw discussion and debate about FBI surveillance and the use of NSLs by gagging recipients merely on the FBI’s own say-so.
Separately, the FBI in August sent an NSL to EFF’s client the Internet Archive that contained legally erroneous information about what the Archive could do to challenge the secrecy provisions. The FBI told the Internet Archive—a digital library that has archived millions of web sites, books and videos—that it could make one request annually to challenge the nondisclosure requirement. That was wrong. In fact, Congress updated the law last year to allow NSL recipients to make more than one request annually so that they could try to speak out and let their customers know about the government’s request as soon as possible.
Represented by EFF, the Archive told the FBI that it was a library and therefore under the terms of the statute couldn’t be the target of an NSL in the first place, and it didn’t have the information the agency was seeking. We also pointed out the erroneous legal information the agency had provided. In a victory for our client, the FBI dropped the gag order without litigation and allowed the Archive to publish the NSL. We can’t know exactly how or why the FBI gave the Archive bad information about challenging the gag order. But we do know that the Archive wasn’t the only NSL recipient that was misled. In a letter withdrawing the gag order, the FBI acknowledged that it had given the same bad information to other NSL recipients. Given that the FBI issued nearly 13,000 NSLs in 2015 alone, this means that potentially tens of thousands of providers that received NSLs between June 2015 and November 2016 may have been deterred from petitioning a court for the right to go public.
The publication of NSLs in these two instances may be only a few drops in the bucket in light of the hundreds of thousands that remain secret, but they are important victories for transparency nonetheless. The disclosures remind us how difficult yet important it is to push back on NSL gag orders, especially now. For years, the FBI has been pushing to expand the scope of NSLs so it can use them to obtain Internet browsing history and other sensitive records. These efforts are likely to resurface next year after the Trump administration begins. We believe, and many technology companies agree, that users have a right to know when the government is getting access to their private communications.