Microsoft Latest Service Provider To Pry A National Security Letter Free From Its Gag Order
from the slow-drip-transparency dept
Microsoft is the latest to publish a National Security Letter, following Google, Yahoo, Twitter, Calyx, Cloudflare, and… the Internet Archive. Microsoft's NSL [PDF] was issued by the FBI (of course) and demanded the usual subscriber info.
In the post accompanying the disclosure, Microsoft points out the USA Freedom Act is the only reason it's been able to release the NSL. This is one of the benefits of the recent law: a better, faster way to compel review of NSL gag orders, which used to take place almost never.
In addition, Microsoft notes FISA orders are on the rise. Of course, its reporting is limited to useless "bands," so the only thing that can definitely be determined is Microsoft's FISA interactions have at least doubled.
For the latest Foreign Intelligence Surveillance Act (FISA) data reported, Microsoft received 1,000-1,499 FISA orders seeking content disclosures affecting 12,000-12,499 accounts, compared to the 0-499 FISA orders seeking disclosure of content impacting 17,500-17,999 accounts reported for the previous period.
What's included in the NSL is more of the same: demands for subscriber info backed solely by the authority of the FBI agent who typed it up. No judicial approval needed. What isn't in there are demands for a bunch of info the FBI has no business asking for, like in those served to Yahoo. In one of Yahoo's NSLs, the government demanded the service provider go above and beyond statutory requirements and hand over everything from subscriber phone numbers to "upstream providers" associated with the named account.
It also contains the old, pre-USA Freedom Act boilerplate about challenging the gag order -- something the FBI continued to append to post-USA Freedom Act NSLs until the Internet Archive shamed it into admitting it was using outdated language.
Going forward, the government should expect the challenges to continue. Microsoft notes it's currently in court contesting the feds' increasing use of gag orders -- something it justifies using a law meant to protect the privacy of electronic communications: the ECPA.
The trickle of un-gagged NSLs is encouraging. Even if the releases trail far behind issuances (both in number and elapsed time), the fact that we're seeing any at all remains a small miracle. If service providers are enjoying these very occasional forays out from under gag orders, they might want to consider sending a few fruit baskets Snowden's way.