national security letters – Techdirt (original) (raw)

Stories filed under: "national security letters"

Ninth Circuit Tells Twitter It Can’t Reveal Exactly How Many National Security Letters It Receives Because The DOJ Showed It Some Scary Stuff

from the hey,-at-least-they-made-the-govt-show-them-something dept

In 2014, Twitter sued the DOJ over its National Security Letter (NSL) reporting restrictions, which limited the company from producing transparency reports with much transparency in them. NSLs were only allowed to be reported in bands. And what broad bands they were. If Twitter received 20 NSLs, it had to report it as 0-499. If it received 498, it had to use the same band. And the band started at zero, so even if Twitter didn’t receive any, it would still look like it did.

After a lot of litigation back-and-forth, the federal court finally dismissed Twitter’s First Amendment lawsuit in 2020, claiming the government had said enough things about national security to exit the lawsuit and continue to limit NSL reporting to bands of 500.

Twitter appealed. The Ninth Circuit Court of Appeals has now weighed in. It says basically the same thing: the government has a national security interest in restricting NSL reporting from NSL recipients. And that interest outweighs Twitter’s First Amendment interest in providing more detailed information in its annual transparency reports.

The factor in this decision [PDF] is the government’s ex parte presentations to the appellate judges. According to the court, the presentation made it very clear that smaller reporting bands would let terrorists and criminals gain the upper hand. [Cue ominous music.]

While we are not at liberty to disclose the contents of the classified materials that we reviewed, our analysis under the narrow tailoring prong depends principally on the knowledge we gleaned from our review of that material. The classified materials provided granular details regarding the threat landscape and national security concerns that animated the higher-level conclusions presented in the unclassified declarations. The classified declarations spell out in greater detail the importance of maintaining confidentiality regarding the type of matters as to which intelligence requests are made, as well as the frequency of these requests. Against the fuller backdrop of these explicit illustrations of the threats that exist and the ways in which the government can best protect its intelligence resources, we are able to appreciate why Twitter’s proposed disclosure would risk making our foreign adversaries aware of what is being surveilled and what is not being surveilled—if anything at all.

The thing about ex parte presentations is that they’re non-adversarial. It’s basically the government running the show, pointing out only the things that agree with their desired outcome, and presumably a bunch of jargon that makes things that may not actually be a threat to national security sound like a threat to national security.

That being said, I’m glad the Ninth Circuit actually forced the government to submit something in support of its national security claims. Most courts don’t. The mere invocation of the state secrets privilege is often all that’s needed to dismiss a lawsuit.

Part of the government’s argument is somewhat more amusing. Sounding like an exasperated middle-manager dealing with an last-minute time off request, the DOJ claims that if it lets Twitter do it (utilize narrower reporting bands) then it will have to let everyone do it. And that way lies madness.

Mr. Tabb also explained that if Twitter were allowed to make its granular disclosures, other recipients of national security process would seek to do the same. And the result would be an even greater exposure of U.S. intelligence capabilities and strategies.

Well, yeah. It probably would need to let others do it, too. But I doubt this would result in the sort of data mining by our nation’s enemies that will finally tip the War on Terror in their favor. Terrorists and criminals use social media services. They also know governments routinely request user info and other data/communications when performing investigations. Unless the transparency reports are linked to unredacted NSLs containing targeted account names, it unlikely that breaking these numbers down just a bit more would let investigation targets know something they don’t already know.

Twitter can ask the Supreme Court to review this case. But given that the Supreme Court has denied certification to two national security-related lawsuits in recent months, it seems unlikely this will be the case it decides it needs to review. The government wins. And the public will have to continue settling for its half-assed transparency.

Filed Under: 1st amendment, 9th circuit, doj, fbi, free speech, national security, national security letters, nsl reporting, nsls, transparency
Companies: twitter

There May Be A New Boss At The DOJ, But The Government Still Loves Its Indefinite Gag Orders

from the inalienable-right-to-STFU dept

Despite the DOJ recently drawing heat for its targeting of journalists during internal leak investigations, a lot still hasn’t changed about the way demands for data are handled by the feds. Over the past couple of decades, the DOJ and its components have been asking for and obtaining data from service providers, utilizing subpoenas and National Security Letters that come with indefinite gag orders attached.

These orders swear recipients like Microsoft and Google to secrecy, forbidding them from notifying targeted customers and users. (Even Techdirt has been hit with one.) Unlike regular search warrants, where the target is made aware of the rummaging by the physical presence of law enforcement officers, warrants, subpoenas, and NSLs allow the government to go about its rummaging unnoticed.

Reforms to surveillance powers by the USA Freedom Act have at least forced the government to perform periodic reviews of ongoing gag orders. It has also given companies a way to challenge gag orders and demands for data, but that’s only useful if the companies have some idea who is being targeted. As this report on the ongoing abuse of gag orders by Jay Greene and Drew Harwell for the Washington Post points out, it’s not always clear who the government is seeking information about. (Alternative link here.)

[T]ech company officials said it is often difficult to tell which orders are worth fighting. The orders are often vague — sometimes just email addresses — and the owner of the account isn’t always obvious.

Microsoft provided two secrecy orders to The Post with the names of the customers redacted. Each is only about four paragraphs long and declares that notifying the customer about the existence of the data request could lead to evidence tampering or flight from prosecution.

Neither order offers any support for those claims, or any details to indicate why secrecy is necessary. Microsoft complied with both orders and notified customers of the seizure only after the orders expired.

Even with those limitations, some companies are doing what they can to push back on these unreasonable restrictions.

Microsoft said it generally complies with secrecy orders because it is legally required to do so. At Google, director of law enforcement and information security Richard Salgado said the company will challenge nondisclosure orders if there are “external signals” that the orders lack merit.

But those are the exceptions, not the rule. Nearly 70% of the 62,000 government requests Facebook received during the last six months of 2020 came with gag orders attached. Microsoft receives far fewer requests, but still sees 7-10 requests with gag orders per day. Add in Google and Apple and the number of requests easily tops 100,000 per year. If Facebook is an outlier, it’s still probably safe to assume nearly half of those come with gag orders. That’s a lot of secrecy and it’s absolutely certain all of it isn’t justified.

The government claims the courts keep it honest, but given the dearth of challenges, it’s a claim the feds can make only because the pushback is so limited. And it’s deliberately limited. If a judge clears it, recipients have to assume the secrecy is warranted.

But agencies like the FBI issue their own paperwork and gag orders that don’t require any judicial oversight. NSLs begin and end inside agencies, reliant only on whatever internal oversight there is to ensure these aren’t abused. And history shows they are abused — something the FBI turns to when its demands for information or data are rejected by the judicial oversight the DOJ claims keeps its vast power in check.

Even when targets are finally notified, they aren’t given all the information. The Washington Post article details a former Defense Department contractor (Ryan Lackey) who was informed the government demanded data from Facebook, a platform he has used regularly for the last 15 years. Even though he was told the government sought his data, he was unable to find out what the government sought and for what time period. And that notification arrived nearly two years after Facebook had handed over his data.

The government won’t answer any questions about it. Neither will Facebook, which suggested he get a lawyer.

After receiving the March email, Lackey asked Facebook what information it had handed over and what time frame the request covered. In an emailed response reviewed by The Post, the tech giant wrote that it couldn’t give him “legal advice” and suggested that he “consult with an attorney.”

Lackey said he has been left with “low-level anxiety” and lots of unanswered questions.

“I’m not opposed to helping law enforcement with a legitimate investigation,” he said. “But if it’s a civil liberties violation or a fishing expedition, I don’t want to help them in that.”

Legislative efforts continue to rein in these powers and limit demands for indefinite secrecy. But the feds are fond of these 9/11-enabled powers and in no hurry to see them restricted. Claims about public safety and national security tend to be all that’s needed to convince certain legislators that the government’s business should continue as usual. Those pushing back have limited information to work with, thanks to years of deference in service to the never-ending War on Terror.

This shouldn’t be considered business as usual in a free country where citizens have inalienable rights that are supposed to protect them against unchecked snooping by the government, as well as grant them the ability to challenge unjustified demands for their possessions and papers. But a handful of wars engaged in by the government against its citizens (Terror, Drugs) have reduced these rights to privileges only very occasionally recognized by the agencies engaging in unwarranted seizures and only slightly more occasionally recognized by the courts, which have largely shrugged off their obligations to keep the government in check.

Filed Under: 1st amendment, doj, fbi, gag orders, journalism, national security letters, nsls
Companies: google, microsoft

Documents Show The FBI Is Targeting Financial Institutions, Credit Reporting Agencies, And Universities With NSLs

from the third-parties-are-the-best-parties dept

We’ve written several times before about the FBI and its unnatural love for National Security Letters. NSLs make the FBI tick. They’re super handy, too. The FBI issues them to itself and then hands them to a variety of third parties, eliminating any judicial oversight. The fact that third parties are recipients make the Fourth Amendment (mostly) irrelevant. These work so well the FBI has used NSLs to get info the FISA court has already said it can’t have.

Thanks to some modifications to NSLs by the USA Freedom Act, we’re finally seeing recipients posting NSLs they’ve received. NSLs used to come with “forever” gag orders, preventing recipients from discussing them, much less posting the documents themselves. The new law, along with a decision from the DC Circuit Court, requires the FBI to periodically review its NSLs and decide whether the gag orders are still justified. Companies are also now allowed to demand gag order reviews themselves, rather than wait three years for the FBI to get around to it.

The end result has been the release of several un-gagged NSLs by tech companies like Facebook, Google, Yahoo, and Automattic. A FOIA lawsuit by the EFF has resulted in the largest NSL document dump to date. The released files were shared with the New York Times (which, in turn, is sharing the documents with everyone else), showing that NSLs are not just limited to tech companies and service providers. They also target any entity that might conceivably have third-party records on hand.

T_he F.B.I. has used secret subpoenas to obtain personal data from far more companies than previously disclosed, newly released documents show._

The requests, which the F.B.I. says are critical to its counterterrorism efforts, have raised privacy concerns for years but have been associated mainly with tech companies. Now, records show how far beyond Silicon Valley the practice extends — encompassing scores of banks, credit agencies, cellphone carriers and even universities.

While many tech companies are proactively posting un-gagged NSLs, most of the other recipients listed here haven’t felt obligated to engage in transparency. Banks, credit agencies (Equifax, TransUnion, etc.), universities, and cable providers have not been publishing the NSLs green-lighted by the FBI’s review process. What’s included in the 1,000+ pages released to the EFF is hundreds of letters from the FBI to third party NSL recipients informing them they can publish the cleared NSLs. Many of these entities haven’t.

What isn’t in this stack of PDF pages are the NSLs themselves. The FBI may have cleared them for publication, but it’s up to the recipients to actually publish them. If these entities aren’t going to take this step, it really doesn’t matter that gag orders have been lifted. Maybe the targeted customers have been informed of the FBI’s interest in them. Maybe not. But the general public isn’t being served by entities that are more than happy to gather voluminous amounts of information about their customers (and students) but unwilling to discuss how often they turn over that information to the federal government.

The documents also show that the FBI’s review process isn’t really resulting in that much more transparency. Roughly 750 letters were released to the EFF. That’s a very small percentage of the NSLs whose gag orders were reviewed by the agency.

According to the new documents, the F.B.I. evaluated 11,874 orders between early 2016, when the rules went into effect, and September 2017, when the Electronic Frontier Foundation, a digital rights group, requested the information.

The release looks like a generous document dump by the FBI, but only if all context is removed. That’s some of it right there: the 6% rate of return. The letters stating the FBI is fine with recipients discussing NSLs was only turned over to the EFF after a FOIA lawsuit. Finally, the NSLs we’ve seen published to date are the result of law that was passed in response to leaked documents that exposed the NSA and FBI’s incredible surveillance powers… and how often they’ve abused these authorities. The government isn’t being any more transparent. It’s just unable to avail itself of as much opacity as it used to.

Filed Under: credit agencies, fbi, financial firms, gag order, national security letters, nsl, secrecy, universities

Court Rejects FBI's Argument That Discussing NSLs With Lifted Gag Orders Would Threaten National Security

from the national-obtusity dept

The FBI uses National Security Letters like regular people use copy paper. It issues thousands of these every year. It works out great for the FBI because it gets to bypass judicial review. If it wants some identifying info, it just writes out its own subpoena, signs it itself, and slaps on an indefinite gag order preventing the company receiving the NSL from informing the targeted users, much less the rest of its customers that the FBI is poking around in its innards.

The passage of the USA Freedom Act made things a bit more difficult for the FBI. It now has to review its gag orders periodically to make sure they’re still necessary. Of course, the FBI more often than not decides they are and recipients must ask a court to make the final determination.

When this happens, the FBI likes to rely on its national security arguments. These arguments also tend to bypass judicial review as many courts are willing to grant the agency deference on these issues, assuming the FBI knows more about the national security implications of lifting a gag order than the courts do.

But it doesn’t always work. Some courts are probably just tired of the FBI shouting “National security!” every time someone wants to talk about its NSLs. The federal court in the northern district of California is one of these courts. It likely sees far more challenges than any other court in the land, thanks to its coverage of the Silicon Valley. As Nicholas Iovino reports for Courthouse News Service, this FBI request for indefinite silence has been shot down.

The Department of Justice must unmask the names of companies cleared to disclose details of the FBI’s warrantless demands for customers’ private information, a federal judge ruled Tuesday.

U.S. District Judge Vince Chhabria found the government failed to show how revealing the names of companies freed from gag orders that accompany national security letters (NSLs), or secret government demands for customer records, would harm national security.

Chhabria rejected arguments that releasing “this seemingly stale and harmless information” would help criminals avoid FBI detection.

The opinion [PDF] may only be three pages long, but it’s more than sufficient to dismiss the FBI’s weak arguments. In this case, the EFF is seeking disclosure of the companies the FBI has issued “termination letters” to. These letters end gag orders and allow companies to discuss (if they want to) the NSLs publicly. The FBI claimed this information was subject to an FOIA exemption [specifically (b)(7)(e)] — one that protects info that would “disclose techniques and procedures for law enforcement investigations.”

According to the FBI’s twisted thinking, even revealing the names of companies no longer subject to gag orders would prevent the agency from doing its important national security work. After all, these are National Security Letters we’re talking about. Ignored by the FBI was the obvious fact that if the recipients were now allowed to discuss un-gagged NSLs, it stands to reason anyone armed with an FOIA request should be able to access this now-public information.

First, the court points out the FBI is still engaging in plenty of secrecy with its NSLs. A very small percentage of these are no longer subject to gag orders. It stands to reason discussing this minute subset would not render this program unusable and threaten the security of the nation.

As an initial matter, the number of termination letters is minute compared to the overall number of national security letters. From 2015 to 2017, the FBI issued over 37,000 national security letters, but issued termination letters lifting nondisclosure requirements for only 750 national security letters. See Seidel Decl. ¶ 9, Dkt. No. 32-2. This alone casts doubt on whether disclosure of the terminations will reveal any sort of technique or procedure – at least beyond the already well-known technique of using national security letters.

Additionally, the FOIA request only targets NSLs for which the FBI has terminated a gag order. If it was a request for all companies the FBI has approached, it might be a problem. But the EFF is only seeking the subset where the FBI has declared — via termination letters — national security is no longer affected by public disclosure.

Perhaps if the terminations were issued for a random sampling of national security letters, such a small sample size could still shed light on the overall universe. But these are particular investigations, of particular people, for which the FBI has determined it is not a problem to lift the nondisclosure requirement. There’s no reason to expect that company usage patterns for that unique subset of people would reflect the company usage patterns for everyone being investigated, either now or in the future.

The court also points out releasing this information would only shed light on what the FBI has already done, not what it’s currently engaged in. Presumably, termination letters accompany the closing of investigations, so there’s nothing in this list of companies that would threaten ongoing investigative efforts.

In a world where technology and communication methods are changing rapidly, there’s no basis for assuming that a tiny sampling of decisions the FBI made several years prior will shed meaningful light on the decisions it’s making today.

If the FBI wants to make breathless declarations of threatened national security, it had better bring evidence to back these claims up. As the judge notes, the FBI gave the court nothing to work with.

Because the government’s allegation that aggregate disclosure of termination letters would reveal a law enforcement trend is so dubious, it was incumbent on the government to illustrate in a classified document – perhaps using specific examples – how requiring the government to turn over this seemingly stale and harmless information would constitute disclosure of a law enforcement technique or procedure, or why it would risk assisting criminals in avoiding FBI detection. But the declaration of Alan Kohler, which the Court reviewed in camera, does not accomplish that.

With that, the FBI will have to hand over the list of companies it said could go public with received NSLs — the same list it says will wreak havoc on national security by:

A. Publicizing public information

B. Inform the public about already-known facts related to its NSL use

The court is being nice when it calls the FBI’s arguments “dubious.” They’re patently ridiculous.

Filed Under: data, fbi, gag order, national security, national security letters, nsl

The DOJ's Rules For Spying On Journalists Get A Bit Flimsy When It Reaches The FISA Court

from the the-first-amendment-matters dept

Back in the spring of 2013, just a month or so before Ed Snowden started revealing all sorts of surveillance shenanigans, there was another important revelation: the Obama DOJ had gone way overboard in spying on journalists, including grabbing the phone records of some AP reporters (without letting them know) and, even worse, telling a court that a Fox News reporter was a “co-conspirator” with a leaker in order to get his phone and email records.

The Obama administration’s war on the press has been well documented on this site, with many in the press highlighting how he was the most secretive — not to mention the most aggressive in abusing the Espionage Act to target leakers and journalists more times than every other President combined prior to him. Once those two stories above came out, the DOJ initially promised to create new guidelines, though, when those guidelines came out, they seemed pretty limited and left a lot of avenues open for the government to spy on journalists, including using National Security Letters — the meaningless “letters” the FBI/DOJ often hands out like post-it notes, demanding all sorts of info with zero due process, and frequently with an indefinite gag order.

Back in 2015, we noted that the Freedom of the Press Foundation was suing the DOJ demanding the details of the rules used around those national security letters, given that the DOJ didn’t want to release them. Earlier this week, the Freedom of the Press Foundation stated that (thanks to the lawsuit), the DOJ has now revealed its rules for seeking FISA Court orders spying on journalists, which are different than its rules for collecting general information from journalists (and different than the rules for the FBI to use NSLs, which is still secret).

As Trevor Timm, Freedom of the Press’s executive director, points out, the rules revealed here are “much less stringent” than the (already not that stringent) rules the DOJ came out with in 2015. Basically, the rules state that if the DOJ wants to get a FISC order on a journalist… it has to get approval from the Attorney General or Deputy Attorney General. That’s much less than the regular DOJ guidelines that involve a multi-part test to make sure that surveillance of the journalist is actually critical to the investigation and not simply a shortcut to info (or, worse, a way to harm journalistic sources).

If you can’t read that, it just says:

This memorandum directs the National Security Division (“NSD”) to implement the following procedures that are designed to ensure that the Attorney General (“AG”) or Deputy Attorney General (“DAG”) reviews those FISA applications targeting known media entities or known members of the media, so that review of such FISA applications occurs at even higher levels than otherwise permitted by FISA and existing AG orders.

And some may argue that having to escalate such FISA applications to the tippy-top of the DOJ represents some level of oversight, that oversight only goes as far as you can trust the Attorney General. And when’s the last time we had an Attorney General anyone actually trusted (I can’t ever remember having such an AG…). Indeed, our current AG, Jeff Sessions has publicly stated that he wants to prosecute more journalists and has suggested that he’s even less interested in balancing the careful interests and rights of journalists than his predecessors.

And, of course, we still have no idea what rules the FBI uses for its NSLs. However, as Timm points out, it’s pretty ridiculous that the FISC rules have now been declassified but the FBI’s NSL rules remain secret:

If these rules can now be released to the public, why are the FBI?s very similar rules for targeting journalists with due process-free National Security Letters still considered classified? And is the Justice Department targeting journalists with NSLs and FISA court orders to get around the stricter ?media guidelines??

Filed Under: doj, fbi, fisa, fisa court, fisc, guidelines, journalists, national security letters, nsls, privacy, surveillance

Appeals Court Agrees Government Can Tell NSL Recipients To STFU Indefinitely

from the cram-that-in-your-gag-hole,-transparency-activists dept

The Ninth Circuit Court of Appeals has just handed down a terrible decision in a fight against National Security Letter gag orders. The EFF has been working with plaintiffs Cloudflare and Credo Mobile to have these indefinite gag orders found unconstitutional.

Unfortunately, there’s still nothing hopeful on the horizon in terms of government transparency. The Appeals Court has upheld the lower court’s decision, finding this form of prior restraint somehow Constitutional. From the decision [PDF]:

The panel held that § 2709(c)’s nondisclosure requirement imposes a content-based restriction that is subject to, and withstands, strict scrutiny. The panel further held that, assuming the nondisclosure requirement was the type of prior restraint for which the procedural safeguards set forth in Freedman v. Maryland, 380 U.S. 51 (1965) were required, the National Security Letters law provided those safeguards. The panel concluded that the nondisclosure requirement does not run afoul of the First Amendment.

The panel notes the statutory framework for NSLs allows the government to ask for secrecy for an indefinite period of time to ensure investigations aren’t interfered with or suspects prematurely notified of the government’s interest in their activities. The statutes say the government “may” ask for secrecy. However, the FBI — in the thousands of NSLs it issues every year — reads this as “will.” No one receives an NSL without a gag order attached.

Challenging gag orders is easier than it used to be, but it’s still far from ideal. Rather than limited-time gag orders or stiffer requirements for the FBI to meet before deploying them, recipients have been given modestly-improved avenues of recourse. That may help going forward, but it’s doing very little to address NSLs/gag orders sent out before the USA Freedom Act reforms in 2015. Old NSL gag orders are still mostly unassailable. At the center of this case are NSLs dating back to 2011 and 2012. For reasons only known to the government, these half-decade-old gag orders are still in place.

The court recognizes gag orders are content-based restrictions of speech. This means the government has to hit a higher bar to justify this control of citizens’ speech. But the Appeals Court agrees with the lower court: to meet this high bar, the government just needs to deploy national security mantras.

As a threshold matter, we readily conclude that national security is a compelling government interest. Indeed, the Court has recognized that “[e]veryone agrees that the Government’s interest in combating terrorism is an urgent objective of the highest order.” “It is ‘obvious and unarguable’ that no governmental interest is more compelling than the security of the Nation.”

By the same token, keeping sensitive information confidential in order to protect national security is a compelling government interest. See Dep’t of the Navy v. Egan, 484 U.S. 518, 527 (1988) (recognizing “the Government’s compelling interest in withholding national security information from unauthorized persons in the course of executive business” (internal quotation marks omitted)); Snepp v. United States, 444 U.S. 507, 509 n.3 (1980) (“The Government has a compelling interest in protecting both the secrecy of information important to our national security and the appearance of confidentiality so essential to the effective operation of our foreign intelligence service.”).

The plaintiffs pointed out that while the USA Freedom Act gave them new tools to challenge NSL gag orders, it also lowered the standards governing the attaching of gag orders. Instead of nondisclosure demands being approved only by the FBI Director, any number of designees could perform approvals. The court responds by saying “Trust the FBI.”

[T]he new 2015 provision allowing disclosures to “other persons as permitted by the [FBI] Director” or the Director’s designee, id. § 2709(c)(2)(A)(iii), merely provides the FBI with more flexibility to tailor the scope of the nondisclosure provision. We reject the recipients’ argument that this provision gives the government unfettered discretion and therefore creates a system of insufficiently cabined prior restraints. Even if the NSL law is determined to be the type of regulation for which procedural safeguards are required (see section V, infra), the law as a whole imposes narrow, objective, and definite standards on the government before it can issue a nondisclosure requirement…

The fact that the statute also gives the FBI Director or a designee discretion to make additional exceptions to the nondisclosure requirement does not lessen the adequacy of the clear standards imposed on these officials before issuing a nondisclosure requirement in the first place.

The court also says this isn’t a case of prior restraint, even though each NSL arrives with some legal language preventing recipients from even acknowledging the NSL’s existence. The panel declares NSL recipients have no “intent” to speak, so telling them not to talk somehow doesn’t damage their First Amendment rights.

[N]SL law prohibits the disclosure of a single, specific piece of information that was generated by the government: the fact that the government has requested information to assist in an investigation addressing sensitive national security concerns, i.e., “to protect against international terrorism or clandestine intelligence activities.” 18 U.S.C. § 2709(b)(1). As the Second Circuit noted, “[u]nlike an exhibitor of movies,” the recipient of a nondisclosure requirement “did not intend to speak and was not subject to any administrative restraint on speaking prior to the Government’s issuance of an NSL.”

So, I guess it’s not prior restraint because companies could talk vaguely and non-specifically about NSLs they might receive, but aren’t allowed to talk about any NSLs they have received until the government says it’s ok. Seems legit.

The next step for the EFF and a number of NSL recipients is the Supreme Court. Given the ongoing deference to anything national security-related, it would be a surprise if the nation’s top court reversed two lower court decisions. It may decide it’s not even worth reviewing if petitioned. As it stands now, the government can demand indefinite silence from service providers thousands of times a year… all supposedly without violating the Constitution.

Filed Under: 9th circuit, first amendment, free speech, gag orders, national security, national security letters, nsl, nsls
Companies: cloudflare, credo mobile, eff

Judge Says Twitter Can Move Forward With First Amendment Lawsuit Over NSL Reporting Limitations

from the granular-reporting-sinks-ships dept

Twitter’s First Amendment lawsuit against the government for limitations on National Security Letter reporting will be allowed to continue. This is good news for Twitter — and the general public — although it’s somewhat disheartening to see things have only moved this far in the three years since the lawsuit was filed.

Reporting on NSLs is limited to “bands.” A social media service receiving three NSLs has to report it as “0-499.” The same goes for a service that receives 300 NSLs over the same period. Twitter is fighting to have these “bands” removed, in order to more accurately report the number of NSLs it receives.

So far, the government’s arguments for leaving the bands in place have been as vague as the information tech companies are allowed to release. It asserts — without evidence — that reporting the actual number of NSLs (or FISA orders) will harm national security. The fact that NSLs are accompanied by indefinite gag orders grants the government an insane amount of opacity relative to the level of oversight these NSLs receive. NSLs are administrative documents the FBI (and other agencies) can issue themselves, which receive no impartial scrutiny from judges or anyone outside the issuing agency.

The government’s attempt to dismiss this lawsuit has failed, so Twitter will be allowed to move forward with its First Amendment lawsuit. The opening of the opinion [PDF] makes it clear the DOJ going to need to come up with a better argument if it hopes to keep this banded opacity in place. (via Ars Technica)

The Court finds the Government has not met its high burden to overcome the strong presumption of unconstitutionality on the record before the Court. The Government’s restrictions on Twitter’s speech are content-based prior restraints subject to the highest level of scrutiny under the First Amendment. The restrictions are not narrowly tailored to prohibit only speech that would pose a clear and present danger or imminent harm to national security. The Government argues that the limitations imposed on Twitter are necessary because disclosure of data concerning the number and type of national security legal process that it received in a time period would impair national security interests and is properly classified. However, the Government has not presented evidence, beyond a generalized explanation, to demonstrate that disclosure of the information in the Draft Transparency Report would present such a grave and serious threat of damage to national security as to meet the applicable strict scrutiny standard.

An unclassified declaration by the director of the FBI’s national security branch appears to form the basis for the assertions the court finds lacking. It’s basically what’s covered above: the information is “properly classified” and releasing it would do damage to national security. Other arguments along the same lines are applied to granular disclosure of received FISA orders. The DOJ points out the First Amendment does not allow possessors of classified information to share it freely.

The court says this bare assertion isn’t enough to overcome Twitter’s valid First Amendment complaint:

[T]he Court does not agree with the Government’s position that simply determining information meets the requirements for classification under Executive Order 13526 ends the Constitutional analysis. That the information is classified is not, in itself, a sufficient basis for the Government’s prohibition on its disclosure…

The First Amendment requires strict scrutiny of content-based restrictions and prior restraints, regardless of the Government’s basis for nondisclosure.

It’s not just the DOJ’s public arguments that suck. The court points assertions made behind closed doors have also done nothing to justify the prior restraint.

Here, the declarations of Steinbach, both in camera and public, fail to provide sufficient details indicating that the decision to classify the information in the Draft Transparency Report was based on anything more specific than the reporting bands in section 1874 and the FBI’s position that more granular information “could be expected to harm national security.” The declarations do not provide an indication of grave or imminent harm arising from the disclosures in the Draft Transparency Report. Rather, the concerns raised to relate to the overall concern from one or more of any electronic communication service regardless of the specific provider or circumstance. Merely declaring a view that more granular reporting would create an unacceptable risk does not make it so, especially in light of the Government’s acknowledgement of the strong public interest in the information.

The government is apparently so used to receiving judicial deference it didn’t bother to do much more than recite its national security mantras.

Rather, the declaration largely relies on a generic, and seemingly boilerplate, description of the mosaic theory and a broad brush concern that the information at issue will make more difficult the complications associated with intelligence gathering in the internet age.

If the DOJ has an actual, articulable reason for forbidding more precise transparency reporting, it has yet to deliver this argument to the court. However, it’s had three years to do so and hasn’t produced anything yet. It appears to feel the court should make with the NATSEC deference and toss the case. Now, it’s actually going to need to produce some evidence that granular reporting will harm intelligence gathering or harm the nation.

Filed Under: doj, first amendment, free speech, gag order, national security letters, nsl, transparency
Companies: twitter

Just Prior To Hearing Over NSL Gag Orders, Court Allows Cloudflare & CREDO Mobile To Be Named As Plaintiffs

from the about-time dept

In December, we wrote about how (thanks to EFF’s lawyering) mobile phone provider CREDO Mobile was finally (after many years) allowed to reveal the National Security Letter (NSL) it had received from the DOJ back in 2013. As per usual, the NSL had a complete gag order, barring the company from admitting it had received such a letter. Then, just about a month later, Cloudflare was similarly ungagged over an NSL it had received in 2013 as well.

On Wednesday, EFF will be back in the 9th Circuit appeals court arguing that these NSLs are First Amendment violations, but for the first time, it can actually name those two companies as its clients. Even though those NSLs were finally allowed to become public in the last few months, the case itself still did not include their names, until Monday, when the court was told by the DOJ, that since the FBI had concluded the various investigations, and because it had enabled each of the companies to reveal those specific NSLs they had received, that it no longer required the plaintiffs’ names in the case to be sealed. Of course, we don’t know how many other NSLs are still gagged (possibly even with these two companies). Indeed, the EFF’s announcement certainly hints at more:

On Wednesday, EFF Staff Attorney Andrew Crocker will tell the United States Court of Appeals for the Ninth Circuit that these gags are unconstitutional restrictions on CREDO and Cloudflare?s free speech and that the FBI?s belated decision to lift some of the gags only underscores why judicial oversight is needed in every case. The gag orders barred these companies from participating in discussion and debate about government use of NSLs?even as Congress was debating changes to the NSL statute in 2015.

Hopefully, the appeals court recognizes the serious First Amendment issues at play here.

Filed Under: doj, fbi, first amendment, free speech, gag order, national security letters, nsl, nsls
Companies: cloudflare, credo mobile, eff

FBI Continues To Demand Far More Info Than It's Supposed To With Its National Security Letters

from the YOU-CAN-TRUST-US dept

Mike covered Twitter’s release of two FBI NSLs it had received in the last few years — more evidence that the USA Freedom Act, if nothing else, has made review of NSL gag orders more timely and the orders themselves more easily challenged.

Not that there hasn’t been significant pushback from Twitter along the way. The social media platform sued the government in 2014, claiming that the de facto government-imposed secrecy was a violation of the company’s First Amendment rights.

It can discuss two of the NSLs it received now, and it’s revealing that the FBI is still asking for far more than it should when issuing these.

Each of the two new orders, known as national security letters (NSLs), specifically request a type of data known as electronic communication transaction records, which can include some email header data and browsing history, among other information.

In doing so, the orders bolster the belief among privacy advocates that the FBI has routinely used NSLs to seek internet records beyond the limitations set down in a 2008 Justice Department legal memo, which concluded such orders should be constrained to phone billing records.

Twitter’s counsel says it only hands out what the DOJ’s legal guidance says it’s supposed to hand out. The FBI, on the other hand, says nothing, which is pretty much how it handles all requests for comments on NSLs/ignoring DOJ legal guidance. What the agency has said — not directly but via its oversight — is that it doesn’t believe the DOJ can interpret NSL statutes for it.

An FBI inspector general report from 2014 indicated that it disagreed with the memo’s guidance.

The DOJ’s interpretation was issued nine years ago. To this day, the FBI continues to ask for more than the DOJ says it can. And the DOJ doesn’t appear to be stepping in to iron out the disagreement, much less reiterate its “phone billing only” policy.

We’ve seen overbroad requests before, starting with the first NSL ever released publicly. One of the NSLs sent to Yahoo asked for all of the following:

If the DOJ isn’t going to do anything about this, the FBI will continue to issue thousands of letters a year asking for more than it should and hoping recipients aren’t aware they don’t have to hand all of this information over. It’s also hoping recipients don’t know they’re allowed to challenge the accompanying gag orders — or at least it was until the Internet Archive (which isn’t the proper target for NSLs to begin with) publicly pointed out the FBI was still using outdated boilerplate in its demand letters.

This is, unfortunately, how law enforcement agencies tend to handle things: blow past legal guidance and civil liberties until forced to do otherwise — whether by a court or a policy change. And when forced to do so, engage in foot-dragging and inconsistent internal communications so as to lessen the “damage” of playing by the rules. The FBI may be at the top of the law enforcement food chain, but it often operates as though it’s heading up Hazzard County.

Filed Under: 4th amendment, fbi, national security letters, nsls, warrants
Companies: twitter

Google Publishes Eight National Security Letters That Have Been Freed From Their Gag Orders

from the legislatively-enforced-transparency dept

Google has managed to lift gag orders on eight of the National Security Letters it’s received from the FBI over the last five years. In a blog post that thankfully provides more details than its last NSL “release,” Google notes that last year’s surveillance reform bill has a lot to do with it even being able to do this.

In 2015, Congress passed the USA Freedom Act, which allowed companies like Google to make more granular disclosures about National Security Letters they receive. In addition, the Act restricts the use of indefinite gag restrictions that prevent providers from ever notifying customers or talking about the demands. The Department of Justice (DOJ) must now regularly review disclosure restrictions in NSLs and lift those that are no longer needed.

The last NSL announcement Google made wasn’t much of an announcement. The NSL wasn’t released and the company had very little to say about the single NSL, other than that the gag order had been lifted.

This release is better, in that there’s an actual release involved. All eight of the NSLs have been published. Most ask for name, address, and length of service for the targeted account holders. Two of them (here [PDF] and here [PDF]), however, also ask for “electronic communications transactional records for all accounts” — presumably email metadata, but could also cover records generated by other Google services, like Hangouts.

Google notes that the DOJ has published new guidelines for the handling of NSL gag orders, which mostly involves agents having the right boilerplate on hand when issuing one. The DOJ also gives itself a three-year window for gag order reviews, basically reflecting suggestions made by a DC federal judge presiding over a NSL gag order case. Fortunately, the USA Freedom Act allows recipients to challenge these orders every year, so no one really has to restrict themselves to the DOJ’s extended timetable.

NSLs are still the FBI’s favorite way to obtain identifying information from service providers. It issues thousands of NSLs every year and even uses the self-issued demand letters to route around rejections by the FISA court. That the agency issues so many is likely due to its ability to open investigations that aren’t officially termed “investigations.” It’s able to open “threat assessments” and “preliminary investigations” without providing any substantive reason for doing so. During these preliminary stages, the FBI grabs every third-party record it can — anything collectible without leaving a judicial paper trail. Add to that the fact that these pieces of paper come with federally-enforced silence by default, and they’re the perfect storm of opacity and unaccountability.

Filed Under: doj, fbi, national security letters, nsls, transparency, usa freedom act
Companies: google