National security letter
A national security letter (NSL) is an administrative subpoena issued by the United States federal government to gather information for national security purposes. NSLs do not require prior approval from a judge. The Stored Communications Act, Fair Credit Reporting Act, and Right to Financial Privacy Act authorize the United States federal government to seek such information that is "relevant" to authorized national security investigations. By law, NSLs can request only non-content information, for example, transactional records and phone numbers dialed, but never the content of telephone calls or e-mails.
NSLs typically contain a nondisclosure requirement, frequently called a ''gag order,'' preventing the recipient of an NSL from disclosing that the FBI had requested the information. The nondisclosure order must be authorized by the Director of the FBI, and only after he or she certifies "that otherwise there may result a danger to the national security of the United States, interference with a criminal, counterterrorism, or counterintelligence investigation, interference with diplomatic relations, or danger to the life or physical safety of any person." Even then, the recipient of the NSL may still challenge the nondisclosure order in federal court.
The constitutionality of such nondisclosure orders has been repeatedly challenged. The requirement was initially ruled to be unconstitutional as an infringement of free speech in the Doe v. Gonzales case, but that decision was later vacated in 2008 by the Second Circuit Court of Appeals after it held the USA PATRIOT Improvement and Reauthorization Act gave the recipient of an NSL that included a nondisclosure order the right to challenge the nondisclosure order in federal court. In March 2013, district court judge Susan Illston of Federal District Court in San Francisco struck down the law, writing that the prohibition on disclosure of receipt of an NSL made the entire statute impermissibly overbroad under the First Amendment. On August 24, 2015, the Ninth Circuit Court of Appeals vacated the district court's decision and remanded the case back to the district court for further proceedings.
The oldest NSL provisions were created in 1978 as a little-used investigative tool in terrorism and espionage investigations to obtain financial records. Under the Right to Financial Privacy Act (RFPA), part of the Financial Institutions Regulatory and Interest Rate Control Act of 1978), the FBI could obtain the records only if the FBI could first demonstrate the person was a foreign power or an agent of a foreign power. Compliance by the recipient of the NSL was voluntary, and states' consumer privacy laws often allowed financial institutions to decline the requests. In 1986, Congress amended RFPA to allow the government to request disclosure of the requested information. In 1986, Congress passed the Stored Communications Act (SCA), part of the Electronic Communications Privacy Act of 1986), which created provisions similar to the RFPA that allowed the FBI to issue NSLs. Still, neither act included penalties for failing to comply with the NSL. A 1993 amendment relaxed the restriction regarding "foreign powers" and allowed the use of an NSL to request information about persons not under direct investigation. In 2001, section 505 of the USA PATRIOT Act expanded the use of the NSLs.
In March 2006, the USA PATRIOT Improvement and Reauthorization Act allowed for judicial review of an NSL. A federal judge could repeal or modify an NSL if the court found the request for information was "unreasonable, oppressive, or otherwise unlawful." The nondisclosure order the government could include in an NSL was also weakened. The court could repeal the nondisclosure order if it found it had been made in bad faith. Other amendments also allowed the recipient of an NSL to inform their attorney about the request and the government had to rely on the courts to enforce compliance with an NSL.
Section 505 of the USA PATRIOT Act (2001) allowed the use of the NSLs when seeking information "relevant" in authorized national security investigations to protect against international terrorism or clandestine intelligence activities. The act also provided the Department of Defense the ability to issue NSLs when their use was necessary to conduct a law enforcement investigation, counterintelligence inquiry, or security determination. The Pentagon and the Central Intelligence Agency have also allegedly issued NSLs. The Patriot Act reauthorization statutes passed during the 109th Congress added penalties for failure to comply with the request for information and for disclosing an NSL when the NSL included a nondisclosure order.
Two contentious aspects of NSLs are the nondisclosure order and judicial oversight when the FBI issues an NSL. When the Director of the FBI (or his designee) authorizes the inclusion of a nondisclosure order in an NSL, the recipient may not reveal the contents of the NSL or that it was received. The nondisclosure order is to prevent the recipient of an NSL from compromising both the current FBI investigation involving a specific person and future investigations as well, which would potentially fetter the Government's efforts to address national security threats. An NSL recipient (later revealed to be Nicholas Merrill) writing in The Washington Post said, "[L]iving under the gag order has been stressful and surreal. Under the threat of criminal prosecution, I must hide all aspects of my involvement in the case...from my colleagues, my family and my friends. When I meet with my attorneys I cannot tell my girlfriend where I am going or where I have been."
Like other administrative subpoenas, judicial approval is not required before the FBI issues an NSL. A judge's approval is not needed because the U.S. Supreme Court has held the types of information the FBI obtains with NSLs provide no constitutionally protected reasonable expectation of privacy. Because the person (i.e., the subject of the FBI terrorism or counterintelligence investigation) has no reasonable expectation of privacy to the information, there is no Fourth Amendment requirement for the FBI to obtain a judge's approval to obtain the information. Nonetheless, the recipient of the NSL may still challenge the gag order in federal court.
The media reported in 2007 that a government audit found the FBI had violated the rules more than 1,000 times in an audit of 10% of its national investigations between 2002 and 2007. Twenty such incidents involved requests by agents for information that U.S. law did not permit. A subsequent Justice Department Office of Inspector General Report concluded the FBI had since corrected its practices and that NSLs complied with the federal statutes.
According to 2,500 pages of documents the FBI provided to the Electronic Frontier Foundation in response to a Freedom of Information Act lawsuit, the FBI had used NSLs to obtain information about individuals who were the subject of an FBI terrorism or counterintelligence investigation and information from telecommunications companies about individuals with whom the subject of the investigation has communicated. According to a September 9, 2007, New York Times report, "In many cases, the target of a[n FBI] national security letter whose records are being sought is not necessarily the actual subject of a terrorism investigation. Under the USA PATRIOT Act, the FBI must assert only that the records gathered through the letter are considered relevant to a terrorism investigation."
In April 2008, the American Civil Liberties Union alleged that the military was using the FBI to skirt legal restrictions on domestic surveillance to obtain private records of Americans' Internet service providers, financial institutions, and telephone companies. The ACLU based its allegation on a review of more than 1,000 documents provided by the Defense Department. It turned out the Department of Defense (not the FBI) had lawfully obtained the information under the National Security Act of 1947.
Doe v. Ashcroft
The lack of judicial oversight and the Supreme Court ruling in Smith v. Maryland was the core of Doe v. Ashcroft, a test case brought by the ACLU concerning the use of NSLs. The lawsuit was on behalf of "John Doe" plaintiff Nicholas Merrill, founder of Calyx Internet Access, who had received an NSL. The ACLU challenged the constitutionality of NSLs, specifically the nondisclosure order. At the district court, Judge Victor Marrero of the Southern District of New York held in September 2004 that NSLs violated the Fourth Amendment ("it has the effect of authorizing coercive searches effectively immune from any judicial process") and First Amendment. However, Judge Marrero issued a stay of his ruling while the case proceeded to the court of appeals.
Because of the New York district court ruling, while the case was still on appeal, Congress amended the USA PATRIOT Act to allow for even more judicial review of NSLs and clarified the NSL nondisclosure order. Based on the U.S. Supreme Court rulings, there is still no requirement to seek judicial approval for the FBI issuing an NSL.
The government appealed Judge Marrero's decision to the Second Circuit Court of Appeals, which heard arguments in May 2006. In March 2008, the Second Circuit ruled that nondisclosure orders were permissible only when the FBI certified that disclosure may result in certain enumerated harms, and required the government to nondisclosure order under a strict scrutiny standard. The Second Circuit then returned the case to the district court based on amendments to the USA PATRIOT Act that Congress had enacted while the case had been on appeal.
Another effect of Doe v. Ashcroft was increased congressional oversight. The amendments to the USA PATRIOT Act mentioned above included requirements for semiannual reporting to Congress. Although the report details are classified, a nonclassified account of how many NSLs are issued is also required. On April 28, 2006, the Department of Justice reported to the House and Senate that in calendar year 2005, "The Government made requests for certain information concerning 3,501 United States persons pursuant to NSLs. During this period, the total number of NSL requests ... for information concerning U.S. persons totaled 9,254."
In 2010, the FBI agreed to lift partially the nondisclosure order and allowed Merrill to reveal his identity. Merrill since started a corporation for the purposes of educating and researching privacy issues.
On August 28, 2015, Judge Marrero rescinded the nondisclosure order associated with the NSL Merrill had received, allowing him to speak freely about the contents of the NSL. The court's decision will go into effect after 90 days, unless the government appeals.
- Bustillos, Maria (June 27, 2013). "What It’s Like to Get a National-Security Letter". The New Yorker.
- USA PATRIOT Improvement and Reauthorization Act of 2005: A Legal Analysis Congressional Research Service's report for Congress, Brian T. Yeh, Charles Doyle, December 21, 2006.
- 18 U.S.C. § 2709(c)
- 18 U.S.C. § 3511
- Andrew E. Nieland, National Security Letters and the Amended Patriot Act, 92 Cornell L. Rev. 1201, 1207 (2007) 
- Lichtblau, Eric; Mezzetti, Mark (January 14, 2007). Military Expands Intelligence Role in U.S. "Military Expands Intelligence Role in U.S." Check
|url=scheme (help). The New York Times.
- My National Security Letter, The Washington Post, 2007 Mar 23
- John Doe’ Who Fought FBI Spying Freed From Gag Order After 6 Years Kim Zetter, Wired.com, 2010 8 10
- "Doe v. Holder (Challenging Patriot Act’s National Security Letter provision and associated gag provision)". S.D.N.Y. 04 Civ. 2614 (VM) (direct). NYCLU (New York Civil Liberties Union).
- Smith v. Maryland, 442 U.S. 735 (1979); Fourth Admendment, U.S. Const.
- 18 U.S.C. § 3511
- "FBI agents broke the rules 1,000 times". RTÉ News Online. 2007-06-14. Retrieved 2007-06-14.
- Lichtblau, Eric (2007-09-08). "F.B.I. Data Mining Reached Beyond Target Suspects". The New York Times.
- ACLU Sues Over Internet Privacy
- HR 3199
- Report of Foreign Intelligence Surveillance Act, United States Department of Justice
- McLaughlin, Jenna (14 September 2015). "Federal Court Lifts National Security Letter Gag Order; First Time in 14 Years". The Intercept. Retrieved 16 September 2015.
- "National Security Letters and Gag Orders: Transcript". On the Media. January 21, 2011.
Although you’re allowed to challenge the gag every year now under the new [amended] law, the last time I did it, the government presented secret evidence that only they and the judge could see, and my attorneys could not see, and therefore could not challenge. It does kind of add up to a lot of responsibility, and that’s part of what motivated me to start my nonprofit organization, the Calyx Institute. Part of it is to defend people who are gagged. Part of it is also to promote best practices among telecommunications companies in regards to the privacy of customer data.
- National Security Letters in Foreign Intelligence Investigations: A Glimpse of the Legal Background and Recent Amendments (PDF)
- Doe v. Ashcroft decision (PDF)
- Decision of the United States Court of Appeals for the Second Circuit in re: John Doe I et al. v. Alberto Gonzales et al. (PDF)
- Documentary film : FBI Unbound: How National Security Letters Violate Our Privacy
- Thousands of Declassified National Security Letters from various government agencies