Two months after securing legal permission to do so, Google Inc. published eight National Security Letters (NSLs) online this week that had previously been subject to controversial gag orders.
The Federal Bureau of Investigation, which issued the secret subpoena-like requests for digital records between 2010 and 2015, gave the company permission in October to make the records public, lifting nondisclosure requirements that had legally prevented Google from even acknowledging publicly that the letters exist. Privacy advocates praised the news as a positive, albeit modest, step toward protecting free speech by reining in government surveillance.
"It’s a small amount of progress," Andrew Crocker, staff attorney for the Electronic Frontier Foundation (EFF), tells The Christian Science Monitor in a phone interview. "It’s only eight out of tens of thousands, really hundreds of thousands over the course of the years that FBI has been using these in this way."
"But they’re so rare," he adds. "I mean, there are really so few that have been published that any attention on NSLs is progress because they really are this sort of secret, little-understood tool."
The FBI uses NSLs to order technology companies, banks, and other firms to furnish information about customers who are under investigation by the government. The letters are legally binding, but unlike traditional search warrants, they do not require judicial approval.
Under the statute most commonly used to justify an NSL, the FBI must certify that the records are "relevant to an authorized investigation to protect against international terrorism or clandestine intelligence activities," according to the EFF, which is challenging the practice in court and arguing the law should be rewritten to require judicial oversight of the FBI's requests.
It was unclear for awhile if companies could even discuss the letters with an attorney, but the FBI's updated letters explicitly state this as a permitted activity. And the FBI is now legally required to review its gag orders at the conclusion of its investigation or three years after the date it was sent, as The Intercept reported.
Richard Salgado, director of law enforcement and information security for Google, wrote in a blog post Tuesday that the company decided to publish the letters as part of its ongoing efforts to "increase transparency around government demands for user data" and that publishing these letters is only the beginning.
"While we are encouraged by this development, we will remain vigilant in opposing legislation that would significantly expand the universe of information that can be obtained with an NSL," Mr. Salgado wrote.
Earlier this year, the US Senate rejected a proposal by Armed Services Committee Chairman Sen. John McCain (R) of Arizona and Intelligence Committee Chairman Sen. Richard Burr (R) of North Carolina that sought to expand the FBI's authority to issue NSLs, as the Monitor reported in June.
Companies are prohibited from reporting the precise number of NSLs they receive, but they are permitted to publish broad ranges to give the public a general sense of how many letters the FBI has sent them. Since 2009, Google has typically reported receiving fewer than 500 NSLs per six-month period, but that figure exceeded 500 during four periods in recent years – meaning Google alone has received no fewer than 2,000 such letters.
Max Kaufman, staff attorney for the American Civil Liberties Union (ACLU), says Google's decision to publish eight NSLs is encouraging and should become the industry standard.
"But the handful of NSLs we have seen are a drop in the government’s bucket, and their release reminds us that the secrecy and lack of judicial oversight over NSLs mean that they continue to be subject to the kinds of gross abuses to constitutional rights that have made them so notorious," Mr. Kaufman wrote in an email to the Monitor.
Marc Rotenberg, president of the Electronic Privacy Information Center (EPIC), similarly praises Google's decision and critiques the government's process of sidestepping the judicial review process required for most other searches.
"But the larger problem is that Google continues to retain far too much user data," Mr. Rotenberg added in an email. "As long as Google continues its current practices, Internet users will remain at risk, regardless of improvements in the NSL procedures."
For its part, Google – which had been praised, even before Tuesday's publication, as an industry leader in pushing for government transparency – contends that it challenges information requests from the United States and other governments if it sees a problem in the legal basis for the request.
"As we have noted in the past, when we receive a request for user information, we review it carefully and only provide information within the scope and authority of the request," Salgado wrote in October. "The privacy and security of the data that users store with Google is central to our approach."