National security letter
A national security letter (NSL) is an administrative subpoena issued by the Federal Bureau of Investigation (FBI) in authorized national security investigations "to protect against international terrorism or clandestine intelligence activities" (i.e., spying). The Stored Communications Act (18 U.S.C. § 2709), Fair Credit Reporting Act (15 U.S.C. §§ 1681u–1681v), and Right to Financial Privacy Act (12 U.S.C. § 3414), authorize the FBI to seek such information that is "relevant" to an authorized national security investigation. By law, NSLs can request only non-content information, for example, transactional records and phone numbers dialed. NSLs may contain a nondisclosure provision—preventing the recipient of an NSL from disclosing that the FBI had requested the information—only if the Director of the FBI (or his designee) authorizes the nondisclosure requirement. The Director may authorize a nondisclosure requirement only after certifying "that otherwise there may result a danger to the national security of the United States, interference with a criminal, counterterrorism, or counterintelligence investigation, interference with diplomatic relations, or danger to the life or physical safety of any person." Even then, the recipient of the NSL can still challenge the nondisclosure requirement in federal court. The nondisclosure requirement was initially ruled to be unconstitutional as an infringement of free speech in the Doe v. Gonzales case, but that decision was later overturned in 2008 by the Second Circuit Court of Appeals after it held the USA PATRIOT Improvement and Reauthorization Act gave the recipient of an NSL that included a nondisclosure provision the right to challenge the nondisclosure requirement in federal court. In March 2013, district court judge Susan Illston of Federal District Court in San Francisco struck down the law authorizing the FBI to issue NSLs, writing that the prohibition on disclosure of receipt of an NSL made the entire statute "impermissibly overbroad" under the First Amendment. Judge Illston then stayed her ruling to allow the United States Department of Justice to appeal the decision to the United States Court of Appeals for Ninth Circuit.
The oldest NSL provisions were created in 1978 as a little-used investigative tool in terrorism and espionage investigations to obtain financial records. Under the Right to Financial Privacy Act (RFPA, part of the Financial Institutions Regulatory and Interest Rate Control Act of 1978), the FBI could obtain the records only if the FBI could first demonstrate the person was a foreign power or an agent of a foreign power. Compliance by the recipient of the NSL was voluntary, and states' consumer privacy laws often allowed financial institutions to decline the requests. In 1986, Congress amended RFPA to allow the government to compel disclosure of the requested information. Also in 1986, Congress passed the Stored Communications Act (SCA, part of the Electronic Communications Privacy Act of 1986), which created provisions similar to the RFPA that allowed the FBI to issue NSLs. Still, neither act included penalties for failing to comply with the NSL.
A 1993 amendment relaxed the restriction regarding "foreign powers" and allowed the use of an NSL to obtain information on persons not under direct investigation.
In 2001, section 505 of the USA PATRIOT Act expanded the use of the NSLs.
Following that, in March 2006 the USA PATRIOT Improvement and Reauthorization Act allowed for judicial review of an NSL. A federal judge could repeal or modify an NSL if it found the request for information was "unreasonable, oppressive, or otherwise unlawful." The nondisclosure requirement was also weakened. The judiciary could repeal the gag order only if the court found that it was made in "bad faith." Other amendments allowed the recipient of an NSL to inform their attorney about the request and the government had to rely on the judiciary to enforce compliance with an NSL.
Section 505 of the USA PATRIOT Act (2001) allowed the use of the NSLs when seeking information "relevant" in authorized national security investigations to protect against international terrorism or clandestine intelligence activities. The act also provided the Department of Defense the ability to issue NSLs when their use was necessary to conduct a law enforcement investigation, counterintelligence inquiry, or security determination. In January 2007, The New York Times reported the Pentagon and the CIA have issued NSLs, although it was probably misreported because the federal statutes do not authorize the CIA to issue "national security letters." The Patriot Act reauthorization statutes passed during the 109th Congress added penalties for failure to comply with the request for information and for disclosing an NSL when the NSL included a nondisclosure provision.
Two contentious aspects of NSLs are the nondisclosure provision and judicial oversight when the FBI issues an NSL. When the Director of the FBI (or his designee) authorizes the inclusion of a nondisclosure provision in an NSL, the recipient may not reveal the contents of the NSL or that it was received. The nondisclosure provision is intended to prevent the recipient of an NSL from compromising not only the current FBI investigation involving a specific person but future investigations as well, which would potentially hamper the Government's efforts to address national security threats. An NSL recipient (later revealed to be Nicholas Merrill) writing in The Washington Post said, "living under the gag order has been stressful and surreal. Under the threat of criminal prosecution, I must hide all aspects of my involvement in the case...from my colleagues, my family and my friends. When I meet with my attorneys I cannot tell my girlfriend where I am going or where I have been."
Like other administrative subpoenas, no approval from a judge is required for the FBI to issue an NSL. That is because the U.S. Supreme Court has held the types of information the FBI can obtain with an NSL carry no constitutionally protected reasonable expectation of privacy. Smith v. Maryland, 422 U.S. 735 (1979). Because the person (i.e., the subject of the FBI terrorism or counterintelligence investigation) has no reasonable expectation of privacy to the information, there is no Fourth Amendment requirement for the FBI to obtain a judge's approval to obtain the information. Nonetheless, the recipient of the NSL can still challenge the nondisclosure requirement in federal court. See 18 U.S.C. § 3511.
The media reported in 2007 that a government audit found the FBI had violated the rules more than 1,000 times in an audit of 10% of its national investigations between 2002 and 2007. Twenty such incidents involved requests by agents for information that U.S. law did not permit them to obtain. A subsequent report issued by the Justice Department's Office of Inspector General concluded that the FBI had since corrected its practices so that NSLs complied with the federal statutes.
According to 2,500 pages of documents the FBI provided to the Electronic Frontier Foundation in response to a Freedom of Information Act lawsuit, the FBI had used NSLs to obtain information about individuals who are the subject of an FBI terrorism or counterintelligence investigation and information from telecommunications companies about individuals with whom the subject of the investigation has communicated. According to a September 9, 2007, New York Times report, "[i]n many cases, the target of a[n FBI] national security letter whose records are being sought is not necessarily the actual subject of a terrorism investigation. Under the USA PATRIOT Act, the FBI must assert only that the records gathered through the letter are considered relevant to a terrorism investigation."
In April 2008, the American Civil Liberties Union alleged that the military was using the FBI to skirt legal restrictions on domestic surveillance to obtain private records of Americans' Internet service providers, financial institutions, and telephone companies. The ACLU based its allegation on a review of more than 1,000 documents provided by the Defense Department in response to a suit filed in 2007 related to national security letters. As it turned out, it was actually the National Security Act of 1947, 50 U.S.C. §§ 436-438, that allows the Department of Defense to obtain the information.
Doe v. Ashcroft
The lack of judicial oversight and the Supreme Court ruling in Smith v. Maryland, 422 U.S. 735 (1979) was the core of Doe v. Ashcroft, a test case concerning the use of NSLs brought by the ACLU. The lawsuit was on behalf of an unnamed Internet Service Provider who had received an NSL. The ACLU challenged the constitutionality of NSLs, specifically the nondisclosure provision. At the district court, Judge Victor Marrero of the Southern District of New York held in September 2004 that NSLs violated the Fourth Amendment ("it has the effect of authorizing coercive searches effectively immune from any judicial process") and First Amendment. However, Judge Marrero issued a stay of his ruling while the case proceeded to the court of appeals.
Because of the New York district court ruling, while the case was still on appeal, Congress revised the USA PATRIOT Act to allow for even greater judicial review and clarified the nondisclosure provision. Based on the U.S. Supreme Court rulings, there is still no requirement to seek judicial approval prior to the FBI issuing an NSL.
The government appealed Judge Marrero's decision to the Second Circuit Court of Appeals, which heard arguments in May 2006. In March 2008, the Court of Appeals dismissed the appeal and returned the case to the district court because the then-recently revised USA PATRIOT Act that Congress had adopted while the case had been on appeal had made the issues moot. The Court of Appeals in its decision looked at the sufficiency of judicial review for the nondisclosure requirement and held that 18 U.S.C. § 2709(c) should be construed to permit nondisclosure only when the FBI certified that disclosure may result in certain enumerated harms, and when an action is brought, requires the burden to be placed on the Government to uphold, under a strict scrutiny standard, nondisclosure Doe v. Mukasey, 549 F.3d 861 (2d Cir. 2008). The decision overturned Judge Marrero's earlier decision. Doe v. Gonzales, 500 F.Supp. 2d 379 (S.D.N.Y 2007).
Another effect of Doe v. Ashcroft was increased congressional oversight. The revisions to the PATRIOT Act mentioned above included requirements for semiannual reporting to Congress. Although the report details are classified, a nonclassified count of how many NSLs are issued is also required. On April 28, 2006, the Department of Justice reported to the House and Senate that in calendar year 2005, "the Government made requests for certain information concerning 3,501 United States persons pursuant to NSLs. During this period, the total number of NSL requests ... for information concerning U.S. persons totaled 9,254."
In 2010, the FBI agreed to partially lift the nondisclosure provision for John Doe (Nicholas Merrill). Merrill has since started a corporation for the purposes of educating and researching privacy issues.
- 18 U.S.C. § 2709(b)
- USA PATRIOT Improvement and Reauthorization Act of 2005: A Legal Analysis Congressional Research Service's report for Congress, Brian T. Yeh, Charles Doyle, December 21, 2006.
- 18 U.S.C. § 2709(c)
- 18 U.S.C. § 3511
- Zetter, Kim (March 15, 2012). "Federal Judge Finds National Security Letters Unconstitutional, Bans Them". Wired News.
- Savage, Charlie (March 14, 2013). "California: Judge Strikes Down Law on National Security Letters". New York Times.
- Andrew E. Nieland, National Security Letters and the Amended Patriot Act, 92 Cornell L. Rev. 1201, 1207 (2007) 
- Military Expands Intelligence Role in U.S.
- My National Security Letter, The Washington Post, 2007 Mar 23
- "FBI agents broke the rules 1,000 times". RTÉ News Online. 2007-06-14. Retrieved 2007-06-14.
- Lichtblau, Eric (2007-09-08). "F.B.I. Data Mining Reached Beyond Target Suspects". The New York Times.
- Neumeister, Larry (2008-04-01). "ACLU: Military Skirting Law to Spy". Associated Press. Retrieved 2008-04-11.
- Statement – John Doe #2, Target of Illegal Spying
- ACLU Sues Over Internet Privacy
- HR 3199
- Report of Foreign Intelligence Surveillance Act, United States Department of Justice
- John Doe’ Who Fought FBI Spying Freed From Gag Order After 6 Years Kim Zetter, Wired.com, 2010 8 10
- "National Security Letters and Gag Orders: Transcript". On the Media. 21 January 2011. "Although you’re allowed to challenge the gag every year now under the new revised law, the last time I did it, the government presented secret evidence that only they and the judge could see, and my attorneys could not see, and therefore could not challenge. It does kind of add up to a lot of responsibility, and that’s part of what motivated me to start my nonprofit organization, the Calyx Institute. Part of it is to defend people who are gagged. Part of it is also to promote best practices among telecommunications companies in regards to the privacy of customer data."
- National Security Letters in Foreign Intelligence Investigations: A Glimpse of the Legal Background and Recent Amendments (PDF)
- Doe v. Ashcroft decision (PDF)
- Decision of the United States Court of Appeals for the Second Circuit in re: John Doe I et al. v. Alberto Gonzales et al. (PDF)
- Documentary film : FBI Unbound: How National Security Letters Violate Our Privacy
- Thousands of Declassified National Security Letters from various government agencies
- Nick Merrill Speaks Out on Landmark Court Struggle Against FBI’s National Security Letters – video report by Democracy Now!