National security letter

From Wikipedia, the free encyclopedia
Jump to: navigation, search
Green herb with a few tiny yellow-white flowers
Three small white and yellow flowers before green-leaf background
A National security letter issued to the Internet Archive demanding information about a user

A national security letter (NSL) is an administrative subpoena issued by the Federal Bureau of Investigation (FBI) in authorized national security investigations "to protect against international terrorism or clandestine intelligence activities" (i.e., spying).[1] The Stored Communications Act (18 U.S.C. § 2709), Fair Credit Reporting Act (15 U.S.C. §§ 1681u1681v), and Right to Financial Privacy Act (12 U.S.C. § 3414), authorize the FBI to seek such information that is "relevant" to an authorized national security investigation. By law, NSLs can request only non-content information, for example, transactional records and phone numbers dialed, but never the content of telephone calls or e-mails.[2]

NSLs may contain a nondisclosure requirement—preventing the recipient of an NSL from disclosing that the FBI had requested the information—only if the Director of the FBI (or his designee) authorizes the nondisclosure requirement. The Director may authorize a nondisclosure requirement only after certifying "that otherwise there may result a danger to the national security of the United States, interference with a criminal, counterterrorism, or counterintelligence investigation, interference with diplomatic relations, or danger to the life or physical safety of any person."[3] Even then, the recipient of the NSL may still challenge the nondisclosure requirement in federal court.[4]

Federal courts have issued contradictory rulings on the constitutionality of the nondisclosure requirement. The requirement was initially ruled to be unconstitutional as an infringement of free speech in the Doe v. Gonzales case, but that decision was later overturned in 2008 by the Second Circuit Court of Appeals after it held the USA PATRIOT Improvement and Reauthorization Act gave the recipient of an NSL that included a nondisclosure provision the right to challenge the nondisclosure requirement in federal court. In March 2013, district court judge Susan Illston of Federal District Court in San Francisco struck down the law, writing that the prohibition on disclosure of receipt of an NSL made the entire statute "impermissibly overbroad" under the First Amendment. Judge Illston then stayed her ruling pending the outcome of In re: National Security Letter, Under Seal v. Lynch, a consolidated appeal by the United States Department of Justice in the United States Court of Appeals for the Ninth Circuit.[5][6]


The oldest NSL provisions were created in 1978 as a little-used investigative tool in terrorism and espionage investigations to obtain financial records. Under the Right to Financial Privacy Act (RFPA), part of the Financial Institutions Regulatory and Interest Rate Control Act of 1978), the FBI could obtain the records only if the FBI could first demonstrate the person was a foreign power or an agent of a foreign power. Compliance by the recipient of the NSL was voluntary, and states' consumer privacy laws often allowed financial institutions to decline the requests.[7] In 1986, Congress amended RFPA to allow the government to compel disclosure of the requested information. In 1986, Congress also passed the Stored Communications Act (SCA), part of the Electronic Communications Privacy Act of 1986), which created provisions similar to the RFPA that allowed the FBI to issue NSLs. Still, neither act included penalties for failing to comply with the NSL. A 1993 amendment relaxed the restriction regarding "foreign powers" and allowed the use of an NSL to obtain information about persons not under direct investigation. In 2001, section 505 of the USA PATRIOT Act expanded the use of the NSLs.

In March 2006, the USA PATRIOT Improvement and Reauthorization Act allowed for judicial review of an NSL. A federal judge could repeal or modify an NSL if the court found the request for information was "unreasonable, oppressive, or otherwise unlawful." The nondisclosure requirement was also weakened. The court could repeal the nondisclosure order only if it found that it was made in bad faith. Other amendments allowed the recipient of an NSL to inform their attorney about the request and the government had to rely on the courts to enforce compliance with an NSL.

Patriot Act[edit]

Main article: Patriot Act

Section 505 of the USA PATRIOT Act (2001) allowed the use of the NSLs when seeking information "relevant" in authorized national security investigations to protect against international terrorism or clandestine intelligence activities. The act also provided the Department of Defense the ability to issue NSLs when their use was necessary to conduct a law enforcement investigation, counterintelligence inquiry, or security determination. In January 2007, The New York Times reported the Pentagon and the CIA have issued NSLs, although that information was probably misreported because the federal statutes do not authorize the CIA to issue NSLs.[8] The Patriot Act reauthorization statutes passed during the 109th Congress added penalties for failure to comply with the request for information and for disclosing an NSL when the NSL included a nondisclosure provision.

Contentious aspects[edit]

Two contentious aspects of NSLs are the nondisclosure provision and judicial oversight when the FBI issues an NSL. When the Director of the FBI (or his designee) authorizes the inclusion of a nondisclosure provision in an NSL, the recipient may not reveal the contents of the NSL or that it was received. The nondisclosure provision is intended to prevent the recipient of an NSL from compromising both the current FBI investigation involving a specific person and future investigations as well, which would potentially fetter the Government's efforts to address national security threats.[9] An NSL recipient (later revealed to be Nicholas Merrill[10][11]) writing in The Washington Post said, "[L]iving under the gag order has been stressful and surreal. Under the threat of criminal prosecution, I must hide all aspects of my involvement in the case...from my colleagues, my family and my friends. When I meet with my attorneys I cannot tell my girlfriend where I am going or where I have been."[9] (Merrill probably meant to say that he could have told his girlfriend he was meeting with his attorney, but that he could not reveal to her what the meeting was about.)

Like other administrative subpoenas, no approval from a judge is required for the FBI to issue an NSL. A judge's approval is not needed because the U.S. Supreme Court has held the types of information the FBI obtains with NSLs provide no constitutionally protected reasonable expectation of privacy. Smith v. Maryland, 422 U.S. 735 (1979). Because the person (i.e., the subject of the FBI terrorism or counterintelligence investigation) has no reasonable expectation of privacy to the information, there is no Fourth Amendment requirement for the FBI to obtain a judge's approval to obtain the information. Nonetheless, the recipient of the NSL may still challenge the nondisclosure requirement in federal court. See 18 U.S.C. § 3511.

The media reported in 2007 that a government audit found the FBI had violated the rules more than 1,000 times in an audit of 10% of its national investigations between 2002 and 2007.[12] Twenty such incidents involved requests by agents for information that U.S. law did not permit them to obtain. A subsequent Justice Department Office of Inspector General report concluded the FBI had since corrected its practices and that NSLs complied with the federal statutes.

According to 2,500 pages of documents the FBI provided to the Electronic Frontier Foundation in response to a Freedom of Information Act lawsuit, the FBI had used NSLs to obtain information about individuals who are the subject of an FBI terrorism or counterintelligence investigation and information from telecommunications companies about individuals with whom the subject of the investigation has communicated. According to a September 9, 2007, New York Times report, "In many cases, the target of a[n FBI] national security letter whose records are being sought is not necessarily the actual subject of a terrorism investigation. Under the USA PATRIOT Act, the FBI must assert only that the records gathered through the letter are considered relevant to a terrorism investigation."[13]

In April 2008, the American Civil Liberties Union alleged that the military was using the FBI to skirt legal restrictions on domestic surveillance to obtain private records of Americans' Internet service providers, financial institutions, and telephone companies. The ACLU based its allegation on a review of more than 1,000 documents provided by the Defense Department. It turned out the Department of Defense (not the FBI) had lawfully obtained the information under the National Security Act of 1947, 50 U.S.C. §§ 436-438.

Doe v. Ashcroft[edit]

Main article: Doe v. Ashcroft
Letter in Doe v. Ashcroft case

The lack of judicial oversight and the Supreme Court ruling in Smith v. Maryland, 422 U.S. 735 (1979) was the core of Doe v. Ashcroft, a test case concerning the use of NSLs brought by the ACLU. The lawsuit was on behalf of an unnamed[14] Internet Service Provider[15] who had received an NSL. The ACLU challenged the constitutionality of NSLs, specifically the nondisclosure provision. At the district court, Judge Victor Marrero of the Southern District of New York held in September 2004 that NSLs violated the Fourth Amendment ("it has the effect of authorizing coercive searches effectively immune from any judicial process") and First Amendment. However, Judge Marrero issued a stay of his ruling while the case proceeded to the court of appeals.

Because of the New York district court ruling, while the case was still on appeal, Congress revised the USA PATRIOT Act to allow for even more judicial review of NSLs and clarified the NSL nondisclosure provision.[16] Based on the U.S. Supreme Court rulings, there is still no requirement to seek judicial approval prior to the FBI issuing an NSL.

The government appealed Judge Marrero's decision to the Second Circuit Court of Appeals, which heard arguments in May 2006. In March 2008, the Court of Appeals dismissed the appeal and returned the case to the district court based on the then-recently revised USA PATRIOT Act that Congress had adopted while the case had been on appeal. The revised USA PATRIOT Act had made the appeal moot. The Court of Appeals in its decision looked at the sufficiency of judicial review for the nondisclosure requirement and held that 18 U.S.C. § 2709(c) should be construed to permit nondisclosure only when the FBI certified that disclosure may result in certain enumerated harms, and when an action is brought, puts the burden on the Government to uphold nondisclosure under a strict scrutiny standard. Doe v. Mukasey, 549 F.3d 861 (2d Cir. 2008). In short, the Court of Appeals overturned Judge Marrero's earlier decision. Doe v. Gonzales, 500 F.Supp. 2d 379 (S.D.N.Y 2007).

Letter in the Doe v. Gonzales case

Another effect of Doe v. Ashcroft was increased congressional oversight. The revisions to the USA PATRIOT Act mentioned above included requirements for semiannual reporting to Congress. Although the report details are classified, a nonclassified account of how many NSLs are issued is also required. On April 28, 2006, the Department of Justice reported to the House and Senate that in calendar year 2005, "The Government made requests for certain information concerning 3,501 United States persons pursuant to NSLs. During this period, the total number of NSL requests ... for information concerning U.S. persons totaled 9,254."[17]

In 2010, the FBI agreed to partially lift the nondisclosure provision for John Doe (Nicholas Merrill). Merrill has since started a corporation for the purposes of educating and researching privacy issues.[18]

See also[edit]


  1. ^ 18 U.S.C. § 2709(b)
  2. ^ USA PATRIOT Improvement and Reauthorization Act of 2005: A Legal Analysis Congressional Research Service's report for Congress, Brian T. Yeh, Charles Doyle, December 21, 2006.
  3. ^ 18 U.S.C. § 2709(c)
  4. ^ 18 U.S.C. § 3511
  5. ^ Zetter, Kim (March 15, 2012). "Federal Judge Finds National Security Letters Unconstitutional, Bans Them". Wired News. 
  6. ^ Savage, Charlie (March 14, 2013). "California: Judge Strikes Down Law on National Security Letters". New York Times. 
  7. ^ Andrew E. Nieland, National Security Letters and the Amended Patriot Act, 92 Cornell L. Rev. 1201, 1207 (2007) [1]
  8. ^ Military Expands Intelligence Role in U.S.
  9. ^ a b My National Security Letter, The Washington Post, 2007 Mar 23
  10. ^ John Doe’ Who Fought FBI Spying Freed From Gag Order After 6 Years Kim Zetter,, 2010 8 10
  11. ^ "Doe v. Holder (Challenging Patriot Act’s National Security Letter provision and associated gag provision)". S.D.N.Y. 04 Civ. 2614 (VM) (direct). NYCLU (New York Civil Liberties Union). 
  12. ^ "FBI agents broke the rules 1,000 times". RTÉ News Online. 2007-06-14. Retrieved 2007-06-14. 
  13. ^ Lichtblau, Eric (2007-09-08). "F.B.I. Data Mining Reached Beyond Target Suspects". The New York Times. 
  14. ^ Statement – John Doe #2, Target of Illegal Spying
  15. ^ ACLU Sues Over Internet Privacy
  16. ^ HR 3199
  17. ^ Report of Foreign Intelligence Surveillance Act, United States Department of Justice
  18. ^ "National Security Letters and Gag Orders: Transcript". On the Media. 21 January 2011. Although you’re allowed to challenge the gag every year now under the new revised law, the last time I did it, the government presented secret evidence that only they and the judge could see, and my attorneys could not see, and therefore could not challenge. It does kind of add up to a lot of responsibility, and that’s part of what motivated me to start my nonprofit organization, the Calyx Institute. Part of it is to defend people who are gagged. Part of it is also to promote best practices among telecommunications companies in regards to the privacy of customer data.  Check date values in: |year= / |date= mismatch (help)

External links[edit]