nsls – Techdirt (original) (raw)

Ninth Circuit Tells Twitter It Can’t Reveal Exactly How Many National Security Letters It Receives Because The DOJ Showed It Some Scary Stuff

from the hey,-at-least-they-made-the-govt-show-them-something dept

In 2014, Twitter sued the DOJ over its National Security Letter (NSL) reporting restrictions, which limited the company from producing transparency reports with much transparency in them. NSLs were only allowed to be reported in bands. And what broad bands they were. If Twitter received 20 NSLs, it had to report it as 0-499. If it received 498, it had to use the same band. And the band started at zero, so even if Twitter didn’t receive any, it would still look like it did.

After a lot of litigation back-and-forth, the federal court finally dismissed Twitter’s First Amendment lawsuit in 2020, claiming the government had said enough things about national security to exit the lawsuit and continue to limit NSL reporting to bands of 500.

Twitter appealed. The Ninth Circuit Court of Appeals has now weighed in. It says basically the same thing: the government has a national security interest in restricting NSL reporting from NSL recipients. And that interest outweighs Twitter’s First Amendment interest in providing more detailed information in its annual transparency reports.

The factor in this decision [PDF] is the government’s ex parte presentations to the appellate judges. According to the court, the presentation made it very clear that smaller reporting bands would let terrorists and criminals gain the upper hand. [Cue ominous music.]

While we are not at liberty to disclose the contents of the classified materials that we reviewed, our analysis under the narrow tailoring prong depends principally on the knowledge we gleaned from our review of that material. The classified materials provided granular details regarding the threat landscape and national security concerns that animated the higher-level conclusions presented in the unclassified declarations. The classified declarations spell out in greater detail the importance of maintaining confidentiality regarding the type of matters as to which intelligence requests are made, as well as the frequency of these requests. Against the fuller backdrop of these explicit illustrations of the threats that exist and the ways in which the government can best protect its intelligence resources, we are able to appreciate why Twitter’s proposed disclosure would risk making our foreign adversaries aware of what is being surveilled and what is not being surveilled—if anything at all.

The thing about ex parte presentations is that they’re non-adversarial. It’s basically the government running the show, pointing out only the things that agree with their desired outcome, and presumably a bunch of jargon that makes things that may not actually be a threat to national security sound like a threat to national security.

That being said, I’m glad the Ninth Circuit actually forced the government to submit something in support of its national security claims. Most courts don’t. The mere invocation of the state secrets privilege is often all that’s needed to dismiss a lawsuit.

Part of the government’s argument is somewhat more amusing. Sounding like an exasperated middle-manager dealing with an last-minute time off request, the DOJ claims that if it lets Twitter do it (utilize narrower reporting bands) then it will have to let everyone do it. And that way lies madness.

Mr. Tabb also explained that if Twitter were allowed to make its granular disclosures, other recipients of national security process would seek to do the same. And the result would be an even greater exposure of U.S. intelligence capabilities and strategies.

Well, yeah. It probably would need to let others do it, too. But I doubt this would result in the sort of data mining by our nation’s enemies that will finally tip the War on Terror in their favor. Terrorists and criminals use social media services. They also know governments routinely request user info and other data/communications when performing investigations. Unless the transparency reports are linked to unredacted NSLs containing targeted account names, it unlikely that breaking these numbers down just a bit more would let investigation targets know something they don’t already know.

Twitter can ask the Supreme Court to review this case. But given that the Supreme Court has denied certification to two national security-related lawsuits in recent months, it seems unlikely this will be the case it decides it needs to review. The government wins. And the public will have to continue settling for its half-assed transparency.

Filed Under: 1st amendment, 9th circuit, doj, fbi, free speech, national security, national security letters, nsl reporting, nsls, transparency
Companies: twitter

Elon Musk’s First Move Is To Fire The Person Most Responsible For Twitter’s Strong Free Speech Stance

from the not-a-great-start dept

Last night, Elon Musk closed his on-again, off-again, on-again deal to buy Twitter, and his very first order of business was to fire a bunch of top executives. This was not necessarily unexpected. When new owners come in, they will often clean house, and the text messages revealed as part of the lawsuit while Musk was trying to get out of the deal made it clear that Musk could not stand CEO Parag Agrawal. So it seemed obvious that Agrawal would be gone immediately, but Musk also fired (at least) the other top executives who know how the company works: CFO Ned Segal, head of legal and policy Vijaya Gadde, and General Counsel Sean Edgett. That’s not a great sign for an orderly transition, as those are the executives who understood Twitter’s business the best.

And while it’s no surprise that he fired Gadde (he had criticized her in an extremely misleading way back in April, leading to a barrage of harassment that he did nothing to stop), it still should be noted that this is a huge loss for free speech. I said as much on Twitter last night, and had hordes of people calling me every name you can imagine, but this is a point worth defending, even if (especially if?) clueless people want to attack me for it. I just ask that if the premise of this post makes you mad, at least read all the details, and respond to the actual points — not whatever simplistic narrative you think is true.

Gadde did more for free speech on the internet than almost anyone else I can think of. It is difficult to overstate how important she has been in protecting free speech over the past decade. This post will only brush the surface of some of what she’s done.

But first, let’s respond to the main criticism I received for pointing this out. Lots of people insist that she was “chief censor” and that she “banned the sitting President” or that she “interfered in the election by blocking the Hunter Biden story!” and other such claims. Someone even told me she “banned half the US.” All of these complaints misunderstand the nature of free speech, and how it actually works.

First, it should be noted that of all the mainstream social media platforms out there, Twitter was by far the most permissive and the most resistant to rules that would shut down accounts. It had a significantly lighter touch on moderation than Facebook, Instagram, YouTube, Snapchat and TikTok. Some of this predated her role at the company, but once she took over legal, she continued to make sure the company was far more open to user speech than nearly every other platform (and that even includes the various MAGA platforms that pretend to be about free speech but are quick to ban critics).

On top of that, she made sure that when content moderation did happen, it was based on a set of principles and policies. You can disagree with where she came down on those policies (and I often did!) but she and others at the company worked hard to make sure that they weren’t making decisions in an arbitrary fashion, but based on a policy. Indeed, this is where the whole Hunter Biden laptop story went wrong. As we’ve written a bunch of times, links to the NY Post story were blocked because of a belief that the story violated Twitter’s “hacked materials” policy. That policy had been in place for a while before the laptop story came out, and in fact we had criticized that policy specifically because it seemed clear that it could interfere with journalism in the public interest (and that had happened when Twitter banned an account for linking to leaked law enforcement documents — i.e., info that was embarrassing to cops, who tend to be more right wing than left wing, countering the narrative that Twitter only blocks pro-right wing info). Twitter eventually changed that policy, which was the right call. But, again, it shows that the company had a policy and enforced it against content that favored different political viewpoints. Indeed, not enforcing the same policy against the NY Post would have been an example of Twitter giving more leeway to conservatives than liberals.

Gadde also spent a lot of time trying to think through ways to make the site welcoming for more users without banning or shutting down accounts. She recognized that every decision had serious tradeoffs. If you allow too much abuse, harassment, and rule breaking, then that can actually work against speech by driving it away, and causing people to stay silent (you know, what the “cancel culture” crowd claims is “self-censorship”); but there’s also value in diverse viewpoints and a wide variety of opinions. She tended to default more towards allowing more speech than less, but knew that a free-for-all on a single site did not actually lead to more overall speech (which is why the few “free-for-all” sites are not very large).

This is part of the reason Twitter kept on experimenting with new methods of handling trust & safety that were less restrictive than banning people entirely. It was among the first, for example, to introduce fact checks and “more information” boxes. Ridiculously, tons of people claimed that those information boxes were censorship, when they were actually a perfect example of the “more speech” approach that Twitter tried to default to in most cases, allowing the company to leave up more speech.

And, contrary to widespread belief, Twitter wasn’t in the business of “banning conservatives.” They were mostly focused on stopping jerks from harassing people. Multiple studies have showed that there’s no evidence that Twitter’s enforcement was actually biased against conservatives. It was biased against people being jerks and creating real-world harm.

That takes us to the eventual Presidential ban, which many of Trump’s fans insist is evidence of bias. But, the reality is that Twitter bent over backwards to leave Trump on the platform despite years of him violating its rules. The company really did everything to keep him on the platform (including the aforementioned fact checking bits, adding more speech) and only took this action after actual violence had broken out, and the company reasonably worried that Trump was agitating for more such violence. It was never about speech, but about not being complicit in encouraging violence. As we noted, and has proven true, Trump has never had any problem getting whatever message he wants out there. But that doesn’t mean that any individual private company needs to help him.

Indeed, this is the key point that I’ve been making for years, and that many people have trouble with: the ability of websites to moderate as they see fit, to create their own rules, and build their own communities (which can include taking enforcement action against those who break the rules) is actually essential for free speech online. Because, without it, websites wouldn’t be willing to host any third party speech at all. There would be many, many fewer places online where you could speak if websites couldn’t craft their own rules.

For all the talk of “the new public square,” as we’ve noted in the past, it’s the internet itself that is the new public square, and there are tons of different communities forming in that public square, each with their own rules. And it’s that diversity that enables so much speech online. Different places where different people can speak, and where there are different rules and norms and accepted behavior. It’s not all just one free for all, because that would just be pure noise and no signal. Twitter has been one key piece of all that. And much of that is because of Gadde’s leadership on these very issues.

And that’s not even getting to the ways in which Twitter has been a strong and true defender of actual free speech around the globe. First off, unlike Facebook and many, many other social media companies, Twitter from the beginning did not try to enforce any kind of “real names” policy, and not only allowed, but often encouraged people to use aliases and remain anonymous. This has been incredibly important in setting up Twitter as a tool for free speech, in that anonymity has enabled whistleblowers and critics to be able to express themselves without fear of direct reprisal.

But, even more importantly, unlike almost any other internet company I can think of, Twitter has embraced the fact that anonymity is protected by the 1st Amendment to fight in court over and over and over again against attempts to reveal anonymous users’ identity. It would even step into cases where it was not a party, and where most other companies would not just stand aside but simply cough up subpoenaed or government-requested data. Indeed, from early on Twitter was known to stand up against government demands for data back when most internet companies were happy to hand it over.

When it comes to pushing back against governments and their attempts to crack down on speech, Twitter’s record is undeniably stronger than just about any other company. When all the other big internet companies settled with the federal government regarding keeping secret how often it was demanding info on their users, Twitter filed and fought a First Amendment lawsuit to be able to reveal as much information as they could.

That’s supporting free speech, and much of that was driven by Gadde and her leadership.

And, that wasn’t just in the US. Twitter was among the most vocal companies pushing back on foreign governments and their demands for information or their demands to censor people. Just as one example, in India, the government demanded that Twitter remove users critical of the government, and Twitter fought back, even as the government threatened to jail Twitter employees. And when India passed a law to give the government more control over internet censorship, Twitter sued the Indian government. In fact, this lawsuit was something that Elon Musk complained about, suggesting that he’s way more willing to go along with government demands. Indeed, Musk also praised the EU’s new Digital Services Act, which is a highly censorial bill that demands all sorts of content takedowns and other censorial actions. Twitter, under Gadde’s leadership, was one of the most vocal companies in calling out how the Digital Services Act could harm speech online.

Even as we speak, one of the biggest free speech cases facing the Supreme Court this term has Twitter as a party. But Musk just fired the company’s two top legal executives who were responsible for filing the cert petition to get the Supreme Court to hear the case. I have no idea what that means, but I fear a potential shift in legal strategy.

There are many more examples, some public, many that are not public at all. But I can think of no other internet executive who has done as much for actual free speech online than Vijaya Gadde. Some people have said that whoever else Musk puts in place could just continue what she’s done, and I hope that’s the case. But, again, as hopefully some of this thread has highlighted, there has been no one at any other internet company who has been willing to do as much as she has done on these issues, so replacing her with anyone else is likely to be a downgrade. I would have said the exact same thing even if Musk hadn’t taken over and she’d left the company while it was still run by the old regime. Gadde leaving Twitter is a loss for free speech — and that seems especially true given Musk’s other comments about anonymity, about the case against India, and about the DSA.

No matter what narrative you believe, Twitter has been by far the biggest defender of free speech online over the past decade, doing way more than much larger companies, and much of that was driven by Gadde’s commitment to free speech. The firing is a loss for Twitter. It’s a loss for Musk. And it’s a loss for free speech for all of us.

Filed Under: 1st amendment, anonymity, content moderation, elon musk, free speech, nsls, vijaya gadde
Companies: twitter

There May Be A New Boss At The DOJ, But The Government Still Loves Its Indefinite Gag Orders

from the inalienable-right-to-STFU dept

Despite the DOJ recently drawing heat for its targeting of journalists during internal leak investigations, a lot still hasn’t changed about the way demands for data are handled by the feds. Over the past couple of decades, the DOJ and its components have been asking for and obtaining data from service providers, utilizing subpoenas and National Security Letters that come with indefinite gag orders attached.

These orders swear recipients like Microsoft and Google to secrecy, forbidding them from notifying targeted customers and users. (Even Techdirt has been hit with one.) Unlike regular search warrants, where the target is made aware of the rummaging by the physical presence of law enforcement officers, warrants, subpoenas, and NSLs allow the government to go about its rummaging unnoticed.

Reforms to surveillance powers by the USA Freedom Act have at least forced the government to perform periodic reviews of ongoing gag orders. It has also given companies a way to challenge gag orders and demands for data, but that’s only useful if the companies have some idea who is being targeted. As this report on the ongoing abuse of gag orders by Jay Greene and Drew Harwell for the Washington Post points out, it’s not always clear who the government is seeking information about. (Alternative link here.)

[T]ech company officials said it is often difficult to tell which orders are worth fighting. The orders are often vague — sometimes just email addresses — and the owner of the account isn’t always obvious.

Microsoft provided two secrecy orders to The Post with the names of the customers redacted. Each is only about four paragraphs long and declares that notifying the customer about the existence of the data request could lead to evidence tampering or flight from prosecution.

Neither order offers any support for those claims, or any details to indicate why secrecy is necessary. Microsoft complied with both orders and notified customers of the seizure only after the orders expired.

Even with those limitations, some companies are doing what they can to push back on these unreasonable restrictions.

Microsoft said it generally complies with secrecy orders because it is legally required to do so. At Google, director of law enforcement and information security Richard Salgado said the company will challenge nondisclosure orders if there are “external signals” that the orders lack merit.

But those are the exceptions, not the rule. Nearly 70% of the 62,000 government requests Facebook received during the last six months of 2020 came with gag orders attached. Microsoft receives far fewer requests, but still sees 7-10 requests with gag orders per day. Add in Google and Apple and the number of requests easily tops 100,000 per year. If Facebook is an outlier, it’s still probably safe to assume nearly half of those come with gag orders. That’s a lot of secrecy and it’s absolutely certain all of it isn’t justified.

The government claims the courts keep it honest, but given the dearth of challenges, it’s a claim the feds can make only because the pushback is so limited. And it’s deliberately limited. If a judge clears it, recipients have to assume the secrecy is warranted.

But agencies like the FBI issue their own paperwork and gag orders that don’t require any judicial oversight. NSLs begin and end inside agencies, reliant only on whatever internal oversight there is to ensure these aren’t abused. And history shows they are abused — something the FBI turns to when its demands for information or data are rejected by the judicial oversight the DOJ claims keeps its vast power in check.

Even when targets are finally notified, they aren’t given all the information. The Washington Post article details a former Defense Department contractor (Ryan Lackey) who was informed the government demanded data from Facebook, a platform he has used regularly for the last 15 years. Even though he was told the government sought his data, he was unable to find out what the government sought and for what time period. And that notification arrived nearly two years after Facebook had handed over his data.

The government won’t answer any questions about it. Neither will Facebook, which suggested he get a lawyer.

After receiving the March email, Lackey asked Facebook what information it had handed over and what time frame the request covered. In an emailed response reviewed by The Post, the tech giant wrote that it couldn’t give him “legal advice” and suggested that he “consult with an attorney.”

Lackey said he has been left with “low-level anxiety” and lots of unanswered questions.

“I’m not opposed to helping law enforcement with a legitimate investigation,” he said. “But if it’s a civil liberties violation or a fishing expedition, I don’t want to help them in that.”

Legislative efforts continue to rein in these powers and limit demands for indefinite secrecy. But the feds are fond of these 9/11-enabled powers and in no hurry to see them restricted. Claims about public safety and national security tend to be all that’s needed to convince certain legislators that the government’s business should continue as usual. Those pushing back have limited information to work with, thanks to years of deference in service to the never-ending War on Terror.

This shouldn’t be considered business as usual in a free country where citizens have inalienable rights that are supposed to protect them against unchecked snooping by the government, as well as grant them the ability to challenge unjustified demands for their possessions and papers. But a handful of wars engaged in by the government against its citizens (Terror, Drugs) have reduced these rights to privileges only very occasionally recognized by the agencies engaging in unwarranted seizures and only slightly more occasionally recognized by the courts, which have largely shrugged off their obligations to keep the government in check.

Filed Under: 1st amendment, doj, fbi, gag orders, journalism, national security letters, nsls
Companies: google, microsoft

The DOJ's Rules For Spying On Journalists Get A Bit Flimsy When It Reaches The FISA Court

from the the-first-amendment-matters dept

Back in the spring of 2013, just a month or so before Ed Snowden started revealing all sorts of surveillance shenanigans, there was another important revelation: the Obama DOJ had gone way overboard in spying on journalists, including grabbing the phone records of some AP reporters (without letting them know) and, even worse, telling a court that a Fox News reporter was a “co-conspirator” with a leaker in order to get his phone and email records.

The Obama administration’s war on the press has been well documented on this site, with many in the press highlighting how he was the most secretive — not to mention the most aggressive in abusing the Espionage Act to target leakers and journalists more times than every other President combined prior to him. Once those two stories above came out, the DOJ initially promised to create new guidelines, though, when those guidelines came out, they seemed pretty limited and left a lot of avenues open for the government to spy on journalists, including using National Security Letters — the meaningless “letters” the FBI/DOJ often hands out like post-it notes, demanding all sorts of info with zero due process, and frequently with an indefinite gag order.

Back in 2015, we noted that the Freedom of the Press Foundation was suing the DOJ demanding the details of the rules used around those national security letters, given that the DOJ didn’t want to release them. Earlier this week, the Freedom of the Press Foundation stated that (thanks to the lawsuit), the DOJ has now revealed its rules for seeking FISA Court orders spying on journalists, which are different than its rules for collecting general information from journalists (and different than the rules for the FBI to use NSLs, which is still secret).

As Trevor Timm, Freedom of the Press’s executive director, points out, the rules revealed here are “much less stringent” than the (already not that stringent) rules the DOJ came out with in 2015. Basically, the rules state that if the DOJ wants to get a FISC order on a journalist… it has to get approval from the Attorney General or Deputy Attorney General. That’s much less than the regular DOJ guidelines that involve a multi-part test to make sure that surveillance of the journalist is actually critical to the investigation and not simply a shortcut to info (or, worse, a way to harm journalistic sources).

If you can’t read that, it just says:

This memorandum directs the National Security Division (“NSD”) to implement the following procedures that are designed to ensure that the Attorney General (“AG”) or Deputy Attorney General (“DAG”) reviews those FISA applications targeting known media entities or known members of the media, so that review of such FISA applications occurs at even higher levels than otherwise permitted by FISA and existing AG orders.

And some may argue that having to escalate such FISA applications to the tippy-top of the DOJ represents some level of oversight, that oversight only goes as far as you can trust the Attorney General. And when’s the last time we had an Attorney General anyone actually trusted (I can’t ever remember having such an AG…). Indeed, our current AG, Jeff Sessions has publicly stated that he wants to prosecute more journalists and has suggested that he’s even less interested in balancing the careful interests and rights of journalists than his predecessors.

And, of course, we still have no idea what rules the FBI uses for its NSLs. However, as Timm points out, it’s pretty ridiculous that the FISC rules have now been declassified but the FBI’s NSL rules remain secret:

If these rules can now be released to the public, why are the FBI?s very similar rules for targeting journalists with due process-free National Security Letters still considered classified? And is the Justice Department targeting journalists with NSLs and FISA court orders to get around the stricter ?media guidelines??

Filed Under: doj, fbi, fisa, fisa court, fisc, guidelines, journalists, national security letters, nsls, privacy, surveillance

Cloud Communications Service Twilio Releases Two NSLs Sprung From Their Gag Order Cages

from the all-purpose-paperwork dept

Another communications platform has published National Security Letters it has received from the FBI. Twilio — a San Francisco-based cloud communications platform — has published two NSLs freed from the confines of their accompanying gag orders.

When Twilio receives requests that are issued without the review of a court, such as National Security Letters, Twilio will ask the agent to instead produce a court order or withdraw the nondisclosure component of the request.

Twilio requested judicial review of the nondisclosure requirement, and as a result, received permission from the U.S. Department of Justice to publish two National Security Letters, in addition to the letters authorizing Twilio to do so.

Twilio was also permitted to count the two National Security Letters in our semi-annual transparency report for the second half of 2017. Therefore, Twilio indicates receiving between 2 and 999 National Security Letters in the time range of July 1, 2017 through December 31, 2017.

Twilio says it will continue to challenge the gag orders attached by default to FBI NSLs, which should result in more published NSLs in the future. The two posted by Twilio are fairly recent. Both were received in May of last year. Both also contain the FBI’s response letter letting Twilio know the gag orders had been lifted.

The first [PDF] of the two published lets Twilio know the FBI has agreed to lift the gag order. It also states the FBI is withdrawing its request for subscriber info. The second [PDF] is a little more interesting. The FBI agreed to lift the gag order, but requested Twilio give it a ring before notifying the affected customer.

Please be advised that the FBI has reviewed the nondisclosure requirement imposed in connection with the NSL at issue and determined that the facts and circumstances supporting nondislosure under 18 USC 2709(c) no longer continue to exist. Consequently, the government is lifting the nondisclosure requirement imposed in connection with the NSL at issue… [T]he FBI also asks that Twilio notify Special Agent [redacted] of the FBI Cincinnati Field Office, in the event Twilio chooses to inform the subscriber of the account at issue regarding the NSL request or any of the information set forth in that request…

This sounds like “assessment” stuff — where the FBI rounds up everything it can obtain without a warrant to start building towards a preliminary investigation and possibly even the probable cause needed to continue pursuing a suspect. But the FBI office is seemingly willing to spook a subject in exchange for whatever minimal account info Twilio has on hand. That’s a little strange, considering the gag order was lifted within a few months of the NSL being sent. The two published by Twilio are unlike the NSLs published elsewhere, some of which are closer to a decade old at this point.

Whatever the case, it’s more transparency from another service provider, adding to the body of public knowledge on the FBI’s use of NSLs.

Filed Under: gag orders, nsls, surveillance, transparency reports
Companies: twilio

Google Publishes Another Batch Of National Security Letters, Updates Its Transparency Report

from the post-Snowden-landscape dept

Google has released what appears to be its entire collection of National Security Letters to date. Well, at least the entire collection approved for release by the DOJ, which still falls far short of the number received by the search giant.

Liam Tung of ZDNet points to a recent Transparency Report-related blog post by Google, which shows the company is still working to improve its dissemination of materials related to government demands for data and communications.

Since 2010, we’ve shared regular updates in our Transparency Report about the effects of government and corporate policies on users’ data and content. Our goal has always been to make this information as accessible as possible, and to continue expanding this report with new and relevant data.

Today, we’re announcing three updates to our Transparency Report. We’re expanding the National Security Letters (NSL) section, releasing new data on requests from governments to remove content from services like YouTube and Blogger, and making it easier for people to share select data and charts from the Transparency Report.

A new subsection of Google’s Transparency Report contains NSLs it’s been cleared to publish. This will presumably be updated as gag orders are lifted. Judging from what’s published, it’s still taking awhile to get gag orders removed. Most of what’s contained in Google’s NSL document dump was received by the company three to four years ago. Of course, much of this delay can be attributed to a lack of challenge options available to service providers — something that has improved remarkably since the passage of the USA Freedom Act in 2015.

At this point, challenging gag orders is probably an automated process. If the government continues to hand these out thousands of times a year, it will be forced to review thousands of NSL gag orders within a month of their issuance. Sure, job security is a nice thing, but it seems the DOJ might be better off freeing up some of these resources by issuing NSLs without indefinite gag orders. If the notification ban were limited to 90-180 days on most requests, companies would be unlikely to immediately challenge gag orders, freeing the DOJ from spending time responding to each challenge.

In any event, more transparency is better, especially in Google’s case, as it has had very little to say previously about the NSLs it receives.

Filed Under: nastional security letters, nsls, transparency, transparency report
Companies: google

Some Thoughts On Gag Rules And Government Unmasking Demands

from the dissent-dies-in-the-dark dept

The news about the DOJ trying to subpoena Twitter calls to mind an another egregious example of the government trying to unmask an anonymous speaker earlier this year. Remember when the federal government tried to compel Twitter to divulge the identity of a user who had been critical of the Trump administration? This incident was troubling enough on its face: there?s no place in a free society for a government to come after a critic of it. But largely overlooked in the worthy outrage over the bald-faced attempt to punish a dissenting voice was the government?s simultaneous attempt to prevent Twitter from telling anyone that the government was demanding this information. Because Twitter refused to comply with that demand, the affected user was able to get counsel and the world was able to know how the government was abusing its authority. As the saying goes, sunlight is the best disinfectant, and by shining a light on the government’s abusive behavior it was able to be stopped.

That storm may have blown over, but the general issues raised by the incident continue to affect Internet platforms ? and by extension their users and their speech. A significant problem we keep having to contend with is not only what happens when the government demands information about users from platforms, but what happens when it then compels the same platforms to keep those demands a secret. These secrecy demands are often called different things and are born from separate statutory mechanisms, but they all boil down to being some form of gag over the platform?s ability to speak, with the same equally troubling implications. We’ve talked before about how important it is that platforms be able to protect their users’ right to speak anonymously. That right is part and parcel of the First Amendment because there are many people who would not be able to speak if they were forced to reveal their identities in order to do so. Public discourse, and the benefit the public gets from it, would then suffer in the absence of their contributions. But it’s one thing to say that people have the right to speak anonymously; it’s another to make that right meaningful. If civil plaintiffs, or, worse, the government, can too easily force anonymous speakers to be unmasked then the right to speak anonymously will only be illusory. For it to be something speakers can depend on to enable them to speak freely there have to be effective barriers preventing that anonymity from too casually being stripped by unjust demands.

One key way to prevent illegitimate unmasking demands is to fight back against them. But no one can fight back against what they are unaware of. Platforms are thus increasingly pushing back against the gags preventing them from disclosing that they have received discovery demands as a way to protect their communities of users.

While each type of demand varies in its particulars (for instance a civil subpoena is different from a grand jury subpoena, which is different than an NSL, which is different from the 19 USC Section 1509 summons that was used against Twitter in the quest to discover the Trump critic), as well as the rationale for why the demanding party might have sought to preserve the secrecy around the demand with some sort of gag, all of these unmasking demands still ultimately challenge the durability of an online speaker’s right to remain anonymous. Which is why rulings that preserve, or, worse, even strengthen, gag rules are so troubling because they make it all the more difficult, if not outright impossible, to protect legitimate speech from illegitimate unmasking demands.

And that matters. Returning to the example about the fishing expedition to unmask a critic, while it’s great that in this particular case the government quickly dropped its demand on Twitter, questions remain. Was Twitter the only platform the government went after? Perhaps, but how would we know? How would we know if this was the only speech it had chosen to investigate, or the 1509 summons the only unmasking instrument it had used to try to identify the speaker? If the other platforms it demanded information from were, quite reasonably, cowed by an accompanying demand for secrecy (the sanctions for violating such an order can be serious), we might never know the answers to these questions. The government could be continuing its attacks on its apparently no-longer-anonymous critics unabated, and speakers who depended on anonymity would unknowingly be putting themselves at risk when they continued to speak.

This state of affairs is an affront to the First Amendment. The First Amendment was intended in large part to enable people to speak truth to power, but when we make it too hard for platforms to be partners in protecting that right it entrenches that power. There are a lot of ways that platforms should have the ability to be that partner, but one of them must be the basic ability to tell us when that right is under threat.

Filed Under: anonymity, free speech, gag orders, gag rules, governments, nsls, subpoenas, unmasking, warrants

Automattic Releases Five Un-Gagged National Security Letters

from the ask-and-you-have-slightly-better-chance-of-receiving dept

Another batch of FBI National Security Letters has been released, thanks to the expedited review process instituted by the USA Freedom Act. Automattic, the company behind WordPress, has released five NSLs dating back to 2010, as the result of successful nondisclosure challenges.

Each of the NSLs that we are publishing initially included an indefinite nondisclosure requirement that prohibited us from sharing any information about the letter or publicly acknowledging that we received an NSL.

We recently requested that these nondisclosure requirements be lifted, under the “reciprocal notice” procedures of the USA FREEDOM Act. More detail on the procedures that we followed is below.

In response to our requests, the FBI lifted the gag orders with respect to all information in each of the NSLs we are making available today. Before publishing the letters publicly, however, we decided to redact the following information from each letter: (1) the site URL about which the government requested information, (2) names of Automattic personnel to whom the request was addressed, and (3) name and contact information for the FBI personnel involved in making the information request.

We made these limited redactions in order to protect privacy interests. The NSLs are otherwise what we received when they were served onto us.

The five NSLs are identical. (PDF links included at the bottom of the Automattic post.) Automattic responded to four of those, but had none of the information requested for the fifth. After the gag orders were lifted by the FBI, Automattic informed the targeted users.

The boilerplate NSLs ask for far more info than the FBI’s own legal guidance suggests it should be able to request. A 2008 DOJ legal memo says NSLs should be constrained to “phone billing records.” The FBI has apparently decided to interpret this as any and all electronic transactional records when it comes to internet service providers. Here’s what’s requested in the Automattic NSLs:

This is where the FBI starts digging, apparently. By demanding all this info from a single service provider, the FBI can issue NSLs and subpoenas to a large number of additional third parties, even though the DOJ’s legal guidance suggests the FBI’s NSL requests should be far more constrained.

The recently-instituted challenge options are better than what was in place previously, but Automattic points out there’s still plenty of room for improvement.

We also continue to believe that NSLs pose serious constitutional concerns, particularly because they indefinitely prevent companies like us from speaking about them, and informing our users or the public about the NSLs that we receive. The procedures used to lift nondisclosure requirements are flawed because they put the burden of seeking an end to secrecy almost entirely on the companies, like Automattic, who receive NSLs.

The FBI has almost zero legal obligation to perform proactive reviews of issued NSL gag orders. Recipients must spend their time and money challenging them. Fortunately, the challenge process now requires much less of these scarce resources. Automattic has its own boilerplate form for challenging boilerplate NSL gag orders — one it’s willing to share with any NSL recipient — so we should be seeing more of these released in the near future.

Filed Under: fbi, gag orders, national security letter, nsl, nsls, secrecy, transparency, wordpress

Appeals Court Agrees Government Can Tell NSL Recipients To STFU Indefinitely

from the cram-that-in-your-gag-hole,-transparency-activists dept

The Ninth Circuit Court of Appeals has just handed down a terrible decision in a fight against National Security Letter gag orders. The EFF has been working with plaintiffs Cloudflare and Credo Mobile to have these indefinite gag orders found unconstitutional.

Unfortunately, there’s still nothing hopeful on the horizon in terms of government transparency. The Appeals Court has upheld the lower court’s decision, finding this form of prior restraint somehow Constitutional. From the decision [PDF]:

The panel held that § 2709(c)’s nondisclosure requirement imposes a content-based restriction that is subject to, and withstands, strict scrutiny. The panel further held that, assuming the nondisclosure requirement was the type of prior restraint for which the procedural safeguards set forth in Freedman v. Maryland, 380 U.S. 51 (1965) were required, the National Security Letters law provided those safeguards. The panel concluded that the nondisclosure requirement does not run afoul of the First Amendment.

The panel notes the statutory framework for NSLs allows the government to ask for secrecy for an indefinite period of time to ensure investigations aren’t interfered with or suspects prematurely notified of the government’s interest in their activities. The statutes say the government “may” ask for secrecy. However, the FBI — in the thousands of NSLs it issues every year — reads this as “will.” No one receives an NSL without a gag order attached.

Challenging gag orders is easier than it used to be, but it’s still far from ideal. Rather than limited-time gag orders or stiffer requirements for the FBI to meet before deploying them, recipients have been given modestly-improved avenues of recourse. That may help going forward, but it’s doing very little to address NSLs/gag orders sent out before the USA Freedom Act reforms in 2015. Old NSL gag orders are still mostly unassailable. At the center of this case are NSLs dating back to 2011 and 2012. For reasons only known to the government, these half-decade-old gag orders are still in place.

The court recognizes gag orders are content-based restrictions of speech. This means the government has to hit a higher bar to justify this control of citizens’ speech. But the Appeals Court agrees with the lower court: to meet this high bar, the government just needs to deploy national security mantras.

As a threshold matter, we readily conclude that national security is a compelling government interest. Indeed, the Court has recognized that “[e]veryone agrees that the Government’s interest in combating terrorism is an urgent objective of the highest order.” “It is ‘obvious and unarguable’ that no governmental interest is more compelling than the security of the Nation.”

By the same token, keeping sensitive information confidential in order to protect national security is a compelling government interest. See Dep’t of the Navy v. Egan, 484 U.S. 518, 527 (1988) (recognizing “the Government’s compelling interest in withholding national security information from unauthorized persons in the course of executive business” (internal quotation marks omitted)); Snepp v. United States, 444 U.S. 507, 509 n.3 (1980) (“The Government has a compelling interest in protecting both the secrecy of information important to our national security and the appearance of confidentiality so essential to the effective operation of our foreign intelligence service.”).

The plaintiffs pointed out that while the USA Freedom Act gave them new tools to challenge NSL gag orders, it also lowered the standards governing the attaching of gag orders. Instead of nondisclosure demands being approved only by the FBI Director, any number of designees could perform approvals. The court responds by saying “Trust the FBI.”

[T]he new 2015 provision allowing disclosures to “other persons as permitted by the [FBI] Director” or the Director’s designee, id. § 2709(c)(2)(A)(iii), merely provides the FBI with more flexibility to tailor the scope of the nondisclosure provision. We reject the recipients’ argument that this provision gives the government unfettered discretion and therefore creates a system of insufficiently cabined prior restraints. Even if the NSL law is determined to be the type of regulation for which procedural safeguards are required (see section V, infra), the law as a whole imposes narrow, objective, and definite standards on the government before it can issue a nondisclosure requirement…

The fact that the statute also gives the FBI Director or a designee discretion to make additional exceptions to the nondisclosure requirement does not lessen the adequacy of the clear standards imposed on these officials before issuing a nondisclosure requirement in the first place.

The court also says this isn’t a case of prior restraint, even though each NSL arrives with some legal language preventing recipients from even acknowledging the NSL’s existence. The panel declares NSL recipients have no “intent” to speak, so telling them not to talk somehow doesn’t damage their First Amendment rights.

[N]SL law prohibits the disclosure of a single, specific piece of information that was generated by the government: the fact that the government has requested information to assist in an investigation addressing sensitive national security concerns, i.e., “to protect against international terrorism or clandestine intelligence activities.” 18 U.S.C. § 2709(b)(1). As the Second Circuit noted, “[u]nlike an exhibitor of movies,” the recipient of a nondisclosure requirement “did not intend to speak and was not subject to any administrative restraint on speaking prior to the Government’s issuance of an NSL.”

So, I guess it’s not prior restraint because companies could talk vaguely and non-specifically about NSLs they might receive, but aren’t allowed to talk about any NSLs they have received until the government says it’s ok. Seems legit.

The next step for the EFF and a number of NSL recipients is the Supreme Court. Given the ongoing deference to anything national security-related, it would be a surprise if the nation’s top court reversed two lower court decisions. It may decide it’s not even worth reviewing if petitioned. As it stands now, the government can demand indefinite silence from service providers thousands of times a year… all supposedly without violating the Constitution.

Filed Under: 9th circuit, first amendment, free speech, gag orders, national security, national security letters, nsl, nsls
Companies: cloudflare, credo mobile, eff

Just Prior To Hearing Over NSL Gag Orders, Court Allows Cloudflare & CREDO Mobile To Be Named As Plaintiffs

from the about-time dept

In December, we wrote about how (thanks to EFF’s lawyering) mobile phone provider CREDO Mobile was finally (after many years) allowed to reveal the National Security Letter (NSL) it had received from the DOJ back in 2013. As per usual, the NSL had a complete gag order, barring the company from admitting it had received such a letter. Then, just about a month later, Cloudflare was similarly ungagged over an NSL it had received in 2013 as well.

On Wednesday, EFF will be back in the 9th Circuit appeals court arguing that these NSLs are First Amendment violations, but for the first time, it can actually name those two companies as its clients. Even though those NSLs were finally allowed to become public in the last few months, the case itself still did not include their names, until Monday, when the court was told by the DOJ, that since the FBI had concluded the various investigations, and because it had enabled each of the companies to reveal those specific NSLs they had received, that it no longer required the plaintiffs’ names in the case to be sealed. Of course, we don’t know how many other NSLs are still gagged (possibly even with these two companies). Indeed, the EFF’s announcement certainly hints at more:

On Wednesday, EFF Staff Attorney Andrew Crocker will tell the United States Court of Appeals for the Ninth Circuit that these gags are unconstitutional restrictions on CREDO and Cloudflare?s free speech and that the FBI?s belated decision to lift some of the gags only underscores why judicial oversight is needed in every case. The gag orders barred these companies from participating in discussion and debate about government use of NSLs?even as Congress was debating changes to the NSL statute in 2015.

Hopefully, the appeals court recognizes the serious First Amendment issues at play here.

Filed Under: doj, fbi, first amendment, free speech, gag order, national security letters, nsl, nsls
Companies: cloudflare, credo mobile, eff