Google Reveals Some Data About National Security Letters, May Have Exposed DOJ Duplicity

from the transparency... dept

We’ve talked for years about the government’s use of “national security letters” or NSLs, which are effectively a way for law enforcement types to seek information with less oversight than a subpoena, and which usually come with a very, very extreme gag order attached. Despite the fact that, by their own admission, law enforcement has regularly and systematically abused this tool, they are still widely used and there has been little effort to block the abuses. Google’s latest transparency report is seeking to reveal some data about the NSLs it has received, but without revealing too much. Rather than directly revealing how many NSLs it has received, it is posting ranges (in bunches of 1,000) — and apparently the company got at least some level of approval from the government to do this (“We’re thankful to U.S. government officials for working with us”).

By itself, the data doesn’t seem that enlightening.

However, there is some useful information you can pick out of there, and who better to pick out that info that Julian Sanchez, who has followed this issue closely. He’s found that you can actually tease out some useful info even with those broad ranges.

It’s illuminating to compare the minimum number of users affected by NSLs each year to the numbers we find in the government’s official annual reports. In 2011—the last year for which we have a tally—the Justice Department acknowledged issuing 16,511 NSLs seeking information about U.S. persons, with a total of 7,201 Americans’ information thus obtained. That’s actually down from a staggering 14,212 Americans whose information DOJ reported obtaining via NSL the previous year. Remember, this total includes National Security Letters issued not just to all telecommunications providers—including online services like Google, broadband Internet companies, and cell phone carriers—but also “financial institutions,” which are defined broadly to include a vast array of businesses beyond such obvious candidates as banks and credit card companies.

What ought to leap out at you here is the magnitude of Google’s tally relative to that total: They got requests affecting at least 1,000 users in a year when DOJ reports just over 7,000 Americans affected by all NSLs—and it seems impossible that Google could account for anywhere remotely near a seventh of all NSL requests. Google, of course, is not limiting their tally to requests for information about Americans, which may explain part of the gap—but we know that, at least of a few years ago, the substantial majority of NSLs targeted Americans, and the proportion of the total targeting Americans was increasing year after year. As of 2006, for instance, 57 percent of NSL requests were for information about U.S. persons. So even if we reduce Google’s minimum proportionately, that seems awfully high.

Sanchez wonders if the DOJ is effectively under-counting how many NSLs it uses by pretending that some of the NSLs they issue shouldn’t count towards its official tally of NSLs.

There’s a simple enough explanation for this apparent discrepancy: The numbers DOJ reports each year explicitly exclude NSL requests for “basic subscriber information,” meaning the “name, address, and length of service” associated with an account, and only count more expansive requests that also demand more detailed “electronic communications transactional records” that are “parallel to” the “toll billing records” maintained by traditional phone companies.

That would mean that the NSL number that the DOJ reports is not particularly accurate, and that the FBI really issues a hell of a lot more NSLs (not so). Shocking reveal of the day: the DOJ may not be entirely forthright about how often it’s spying on Americans using a widely abused process with little oversight.

Filed Under: doj, fbi, national security letters, nsls, privacy, transparency
Companies: google