Google Reveals Some Data About National Security Letters, May Have Exposed DOJ Duplicity
from the transparency... dept
By itself, the data doesn't seem that enlightening.
Sanchez wonders if the DOJ is effectively under-counting how many NSLs it uses by pretending that some of the NSLs they issue shouldn't count towards its official tally of NSLs.
It's illuminating to compare the minimum number of users affected by NSLs each year to the numbers we find in the government's official annual reports. In 2011—the last year for which we have a tally—the Justice Department acknowledged issuing 16,511 NSLs seeking information about U.S. persons, with a total of 7,201 Americans' information thus obtained. That's actually down from a staggering 14,212 Americans whose information DOJ reported obtaining via NSL the previous year. Remember, this total includes National Security Letters issued not just to all telecommunications providers—including online services like Google, broadband Internet companies, and cell phone carriers—but also "financial institutions," which are defined broadly to include a vast array of businesses beyond such obvious candidates as banks and credit card companies.
What ought to leap out at you here is the magnitude of Google's tally relative to that total: They got requests affecting at least 1,000 users in a year when DOJ reports just over 7,000 Americans affected by all NSLs—and it seems impossible that Google could account for anywhere remotely near a seventh of all NSL requests. Google, of course, is not limiting their tally to requests for information about Americans, which may explain part of the gap—but we know that, at least of a few years ago, the substantial majority of NSLs targeted Americans, and the proportion of the total targeting Americans was increasing year after year. As of 2006, for instance, 57 percent of NSL requests were for information about U.S. persons. So even if we reduce Google's minimum proportionately, that seems awfully high.
There's a simple enough explanation for this apparent discrepancy: The numbers DOJ reports each year explicitly exclude NSL requests for “basic subscriber information,” meaning the “name, address, and length of service” associated with an account, and only count more expansive requests that also demand more detailed “electronic communications transactional records” that are “parallel to” the “toll billing records” maintained by traditional phone companies.That would mean that the NSL number that the DOJ reports is not particularly accurate, and that the FBI really issues a hell of a lot more NSLs (not so). Shocking reveal of the day: the DOJ may not be entirely forthright about how often it's spying on Americans using a widely abused process with little oversight.