A month after the publication of its first Transparency Report mentioning National Security Letters (NSLs), Google filed a motion before the Northern District of California to “set aside”–or in plain language, defer–this controversial form of request. Google’s action follows in the courageous legal footsteps of a handful of service providers–including the ACLU’s defense of the Calyx Institute and EFF’s successful petition on behalf of an unnamed client–raising hopes that Google’s suit may finally expose the worldwide reach of NSLs.
NSLs in action
National Security Letters are letters directly issued by the FBI to internet companies and financial institutions demanding information about their customers. They are issued using a simple administrative request, without judicial oversight or intervention, essentially bypassing constitutional due process. Citing “relevant” national security concerns, the FBI can request information about a subscriber’s identity, address, length of service, and billing records, all without a judge’s approval. Furthermore, these letters almost always prohibit the service providers in question from informing their client–or even their lawyer–that the government has made the request.
Because of this secrecy and absence of oversight, NSLs are ripe for abuse by law enforcement agents. Indeed, in an internal audit of merely 10% of the FBI’s total national security investigations between 2002 and 2007, it was found that the Bureau violated the law more than 1,000 times–suggesting that the actual number of violations associated with the full scope of the FBI’s domestic surveillance efforts probably numbers at least in the several thousands.
The motion’s prospects are encouraging–Google filed in the chambers of the same judge who just last month ruled favorably for the EFF, finding that NSLs were unconstitutional in their entirety (though offering an immediate 90-day stay of her decision in anticipation of a federal appeal). Judge Illston’s reasoning rested in large part on the fact that NSLs don’t follow the protections of due process. Should Google succeed, it would set a bold precedent, and hopefully cast some light on the global reach of of NSLs.
NSLs violate due process of internet users worldwide
As there are no restrictions on who can be impacted by NSLs, NSL subjects may include people located outside of the United States. Such international reach violates the right to procedural fairness guaranteed in most international instruments. Such laws dictate that access to personal information may not be arbitrary and or broad, and requires that such a guarantee be monitored by an independent, impartial, and competent judicial authority. NSLs need only cite that their requests may concern “relevant” national security concerns, without specifying a specific motive: they are both arbitrary and overbroad. Furthermore, they are approved and overseen by the executive branch, rather than any judicial authority.
To make matters worse, 97 percent of those who receive NSLs are constrained by a gag order that prohibits them from notifying anyone that they received the letter, including the owners of the personal information. These restrictions and secrecy obligations are so comprehensive that the telecommunications providers and banks who receive them seldomly challenge the letters. In the rare chance when an NSL recipient does object, there are no guarantees that their challenge will be heard or evaluated–making Google’s motion unique among their peers.
What Google’s motion may reveal
With Google’s suit, we may learn more about the real impact of NSLs worldwide. As one of the largest consumer internet platforms in the world, we may learn the scope and geographic breadth of NSLs. Until now, the company’s ability to disclose any information at all has been limited–it wasn’t until March that the company was able to disclose that it had received a report at all. Even then, the company was only able to reveal that it received between 0 to 999 requests every year since 2009, as part of a compromise it reached with the U.S. government on public disclosure.
A favorable ruling may offer more precise numbers and specifics about who has been impacted. In 2011, close to 17,000 NSL requests were sent by the FBI, while the U.S. Department of Justice has confirmed that in only three years (2003-2006) approximately 200,000 NSL requests were delivered to providers and banks. As of now, Google’s NSL disclosures have only concerned the use of NSLs with regards to US persons, even though Google has a reach of more than 1 billion unique visitors per month from all over the world. Should their suit be successful, it is possible that their reporting on the number of requests received is likely to rise dramatically.
Next in the fight
As articulated by Judge Illston, the current use of NSLs are at the heart of why we need specific policies that advance the right to judicial protections when the government has access to our communications: the numbers revealed by the Justice Department and others demonstrate the vast and unchecked intrusion of users’ privacy.
Although Access recognizes that there are moments when information needs to be acquired for security purposes in an expeditious way, current mechanisms allow indiscriminate access to thousands of accounts, without oversight by independent authority, and with prohibitions on disclosure about violations of fundamental rights. Domestic and international laws specifically provide that any interference with a person’s correspondence must not be arbitrary: but with 200,000 NSL requests being delivered over only three years, it is highly doubtful that such a large amount of requests have been narrowly tailored.
Fortunately, the fight against NSLs has scored some key victories in the last couple of months. In addition to Google’s Transparency Report and recent motion, Microsoft too has released aggregate numbers of NSLs in its transparency report. We call on other companies to step up and release their own reports to give us a better grasp of the vast reach of NSLs worldwide. Access will continue to monitor the outcome of Google’s motion and the likely appeal of the EFF suit and post updates here.
(Full disclosure: Google has been a long time supporter of Access and its activities, and contributes to our overall budget).