Cloudflare Finally Able To Reveal FBI Gag Order That Congress Told Cloudflare Couldn't Possibly Exist

from the letter-that-dare-not-speak-its-[REDACTED-IN-FULL] dept

Another one of the FBI’s thousands of National Security Letters has been made public — along with its recipient. Cloudflare’s latest transparency report (its seventh to date) contains a bonus: a 2013 NSL [PDF] the FBI felt no longer needed to kept secret.

This NSL was received in 2013, and was challenged by Cloudflare and the EFF. It’s only now being made public, and that’s largely due to litigation and the USA Freedom Act’s changes to NSL review policies. Rather than review them every three years-to-never, the FBI must now review them more frequently. Better still, recipients are now allowed to challenge NSL gag orders within one year of receiving them. This places the burden back on the government to prove ongoing secrecy is needed.

Shortly before the new year, Cloudflare received a letter from the FBI rescinding the NSL’s gag order.

The letter withdrew the nondisclosure provisions (the “gag order”) contained in NSL-12-358696, which had constrained Cloudflare since the NSL was served in February 2013. At that time, Cloudflare objected to the NSL. The Electronic Frontier Foundation agreed to take our case, and with their assistance, we brought a lawsuit under seal to protect its customers’ rights.

In this particular case, the NSL itself was pulled by the FBI as a result of the lawsuit.

Early in the litigation, the FBI rescinded the NSL in July 2013 and withdrew the request for information. So no customer information was ever disclosed by Cloudflare pursuant to this NSL.

So much secrecy surrounds NSLs — by default — that Ken Carter of Cloudflare wasn’t even able to correct a Senate staffer who told him things that were completely untrue.

In early 2014, I met with a key Capitol Hill staffer who worked on issues related to counter-terrorism, homeland security, and the judiciary. I had a conversation where I explained how Cloudflare values transparency, due process of law, and expressed concerns that NSLs are unconstitutional tools of convenience rather than necessity. The staffer dismissed my concerns and expressed that Cloudflare’s position on NSLs was a product of needless worrying, speculation, and misinformation. The staffer noted it would be impossible for an NSL to issue against Cloudflare, since the services our company provides expressly did not fall within the jurisdiction of the NSL statute. The staffer went so far as to open a copy of the U.S. Code and read from the statutory language to make her point.

That’s what a gag order does: allows misinformation to go uncorrected. The staffer’s interpretation of US Code may have been more to the letter of the law, but Cloudflare’s Carter knew — from personal experience — that the FBI’s interpretation was different.

Because of the gag order, I had to sit in silence, implicitly confirming the point in the mind of the staffer. At the time, I knew for a certainty that the FBI’s interpretation of the statute diverged from hers (and presumably that of her boss).

Not only does the default secrecy allow the FBI to continue to pursue questionable requests with NSLs, but it also allows it to deploy them in apparent violation of US law, right under the nose of its Congressional oversight.

Congratulations to both the EFF and Cloudflare, which worked together to protect a user’s privacy against the FBI’s self-issued NSL. Apparently the demand for information couldn’t hold up when scrutinized by a judge for the first time. The fact that the USA Freedom Act only recently went into effect likely explains the three year-plus gap between the NSL’s withdrawal and the lifting of the gag order.

While the USA Freedom Act’s NSL-handling changes are an improvement, they’re far from perfect. The burden of proof has been shifted to the government, but there’s very little compelling it to respond to gag order challenges quickly, as the EFF points out.

Under the USA FREEDOM Act of 2015, the FBI is required to periodically review outstanding NSLs and lift gag orders on its own accord if circumstances no longer support a need for secrecy. As we’ve seen, this periodic review process has recently resulted in some very selective transparency by the FBI, which has nearly complete control over the handful of NSL gags it retracts, not to mention the hundreds of thousands it leaves in place. Make no mistake: this process is irredeemably flawed. It fails to place on the FBI the burden of justifying NSL gag orders in a timely fashion to a neutral third party, namely a federal court.

The EFF’s legal battle against NSLs continues. We’ve seen incremental lifting of secrecy as a result of its multiple NSL challenges, but the EFF is hoping to see a court find the whole NSL scheme — warrantless demands for user data and identifying information the FBI often uses to route around judicial rejection — to be unconstitutional.

Filed Under: , , ,
Companies: cloudflare, eff

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Cloudflare Finally Able To Reveal FBI Gag Order That Congress Told Cloudflare Couldn't Possibly Exist”

Subscribe: RSS Leave a comment
Anonymous Coward says:

Re: Naming the staffer

They should name and shame the staffer.

Nothing in the quoted story indicates the staffer was willfully ignorant of the FBI’s misconduct in this case or knowingly protecting the FBI’s unconstitutional activities. Rather, it appears that this staffer had far too much faith that the FBI would interpret the law as Congress had intended it be interpreted. Certainly, that staffer, her superiors, and the colleagues of both ought to be contacted and pointed to the news about this as evidence that they were wrong.

That One Guy (profile) says:

Re: Re:

Besides sounding like they were just a wee bit condescending the staffer’s only ‘crime’ was that they were under the (hilarious if it wasn’t so dangerous) mistaken belief that the FBI actually cares about what the law says when it might limit what they can do.

‘Believing that a major government agency cares one bit about the laws they are tasked to uphold’ may be more than a little naive these days, but I wouldn’t say it reaches the point where a name and shame is appropriate.

That One Guy (profile) says:

Boiling down the absurdity

Getting to the root of the matter, I’d say that the most important take-away from this is that via a gag order a company in general, and one of the people from it was legally bound from telling the truth to a government representative’.

They were put in a position where it would be illegal for them to tell the truth of what was happening, or even correct a mistaken belief about what couldn’t possibly be happening, all because of the gag order.

Lawmakers can only fix problems that they are aware of, and cases like this demonstrate that gag orders can prevent that from happening, leaving lawmakers thinking one thing is happening when that is very much not the case. While I know that ‘that’s a feature, not a bug’ as far as those issuing the gag orders are concerned, it should be all that’s needed to find the practice unconstitutional and flat out dangerous, and prohibited for good.

Anonymous Coward says:

Re: Boiling down the absurdity

“Lawmakers can only fix problems that they are aware of”

You seriously sit there and think this is true? The so call “lawmakers” already know that this shit is happening. Hell, the knew that their new law would create this fucking mess. Not only that, they don’t give a flying fuck about it either, or at least not enough of them.

This game is so fucking old hat it has been going on for longer than the child that is America has been around. It is the order of the day for elected politicians to allow evil agents to bend their ears to word laws is such a way as to allow government to recklessly abuse the fuck out of its power.

This is so pervasive that no one seems to recognize these things. We are so accustomed to corruption in government that we notice nothing when it occurs right in front of our eyes with our complete and undivided attention.

So get with the program, there is a constant pressure to write law in such a way as to look like they are serving the American people while just exactly doing the opposite. It’s not like this shit is some secret!

Thad (user link) says:

Re: Re: Boiling down the absurdity

I’m a Hanlon’s Razor guy. While there are some people in the government that are willfully evil (Cheney’s "work the Dark Side" comment comes to mind), I think most legitimately believe they’re doing what they’re doing for the good of the American people.

And you’ll find a lot of folks, not just in Congress but out of it, are more trusting and deferential to authority and law enforcement than they reasonably should be. All you need to do to see any evidence of that is go to the comments section of any story about police brutality.

Thinking that the FBI wouldn’t abuse its power is naive. But a lot of people do think that.

Anonymous Coward says:

Re: Re: Re: Boiling down the absurdity

I think most legitimately believe they’re doing what they’re doing for the good of the American people.

The road to hell is ordered by the righteous, planned by the well meaning, cemented with ignorance, and paved with their good intentions.

Or, as one of Jim Butcher’s characters put it:

"Hell son, I’ll take evil any day. It only gets uppity now and again. Stupid is all the time."

or words to that effect. The quote isn’t exactly right. I don’t disagree with your point that they believe they are serving the people, only that one needs must be very careful with the club that is governance. While it is good to keep people from harming themselves, most wish to seek their hell in a manner of their own choosing. They seldom thank you for saving themselves from themselves.

Thad (user link) says:

Re: Re: Re:2 Boiling down the absurdity

I think we’re getting off track here. (Could be my fault; I’m the one who brought up Cheney, who has absolutely nothing to do with this story.) We’re specifically talking about a staffer who explained (correctly) that the gag order did not fit the statutory requirements and therefore (incorrectly) couldn’t exist. Such a person is naive, perhaps, but likely well-meaning. Importantly, it’s quite possible that, once someone like that finds out that he was wrong, he can adjust and do better in the future.

That One Guy (profile) says:

Re: Re: Boiling down the absurdity

The staffer noted it would be impossible for an NSL to issue against Cloudflare, since the services our company provides expressly did not fall within the jurisdiction of the NSL statute. The staffer went so far as to open a copy of the U.S. Code and read from the statutory language to make her point.

Unless you want to say that the staffer was just making a fool of themself by going through that whole song and dance, it seems pretty clear that no, that individual, and likely several others at least did not ‘know that this shit was happening’. They, and likely several others, staff and lawmakers ‘thought’ the law applied one way, the FBI ‘disagreed’, and thanks to the gag order the company was prohibited from telling the lawmakers that the FBI’s ‘interpretation’ differed notably from their’s.

Now, I’ll fully agree that some lawmakers likely do know about this sort of thing, I distinctly remember a story a few years back when the Snowden stuff started coming out about one of the members of the ‘oversight’ groups deliberately withholding information from the others. They knew, they didn’t want the others to know because what was differed from what was presented.

Later on, when it became harder to just ignore the leaks some of them came forward claiming that they had no idea this sort of thing was happening, and while I’m sure some of them were just putting into play their ‘I’m shocked, shocked I say!’ practice it’s quite likely that at least a few didn’t actually know, because they’d been kept in the dark.

Sometimes it is malicious intent(and while in politics ‘assuming malicious intent’ is a pretty safe bet, you need to be careful with it), but sometimes it really is incompetence and/or thinking one thing is perfectly clear, while someone else thinks that there’s ‘room for a different interpretation’ and running with their ‘interpretation’.

At the same time though, even assuming that every single lawmaker involved knew exactly how the law would really be used, making it public forces them to scramble and pretend that their actual intent matches their professed intent, possibly closing the ‘accidental loophole’.

Ninja (profile) says:

Re: Boiling down the absurdity

I dunno but it seems to me that the legislative knows better than the executive about laws and takes precedence over less important tools like NSLs. It seems to me that the correct approach would be to tell her that Cloudflare had received an NSL with a gag order that he would only be able to discuss directly with the representative given he was under oath to tell the truth but the NSL had a gag order. Then if said representative wanted HE/SHE could make it public because the NSLs are not above laws. Or at the very least make the Congress and the Senate aware and challenge the order if it’s improper.

It’s a matter of degrees of importance. The NSLs are subject to a law created by the Congress. And speaking under oath to the Congress seems to trump any other mechanism.

David says:

We need at least one limit on a gag order

Congress has oversight, and especially legislative oversight, over the Executive. In Cloudflare’s case, the Executive mis-read a statute from Congress and the Judicial failed to act properly. As part of the government, and integrally part of the check-and-balances of the system, and such Gag Order should not apply if the party directly addresses an office of a Senator or Representative, so they can take action or address it with the proper oversight committee.

Richard (profile) says:

Huzzah (a vast improvement?)!?

“Better still, recipients are now allowed to challenge NSL gag orders within one year of receiving them.”

This statement alone most perfectly limns the current picture. To interpret: in America, you’re now required to wait ONLY a year to appeal suppressions of civil rights without terror of reprisals by the secret police.

Who knows but that soon (nay, even possibly within a few generations!) one might not need to be a major corporation assisted by a major, public policy interest group to accomplish the enforcement of fundamental, Constitutional rights?

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...