from the legislatively-enforced-transparency dept
Google has managed to lift gag orders on eight of the National Security Letters it's received from the FBI over the last five years. In a blog post that thankfully provides more details than its last NSL "release," Google notes that last year's surveillance reform bill has a lot to do with it even being able to do this.
In 2015, Congress passed the USA Freedom Act, which allowed companies like Google to make more granular disclosures about National Security Letters they receive. In addition, the Act restricts the use of indefinite gag restrictions that prevent providers from ever notifying customers or talking about the demands. The Department of Justice (DOJ) must now regularly review disclosure restrictions in NSLs and lift those that are no longer needed.
The last NSL announcement Google made wasn't much of an announcement. The NSL wasn't released and the company had very little to say about the single NSL, other than that the gag order had been lifted.
This release is better, in that there's an actual release involved. All eight of the NSLs have been published. Most ask for name, address, and length of service for the targeted account holders. Two of them (here [PDF] and here [PDF]), however, also ask for "electronic communications transactional records for all accounts" -- presumably email metadata, but could also cover records generated by other Google services, like Hangouts.
Google notes that the DOJ has published new guidelines for the handling of NSL gag orders, which mostly involves agents having the right boilerplate on hand when issuing one. The DOJ also gives itself a three-year window for gag order reviews, basically reflecting suggestions made by a DC federal judge presiding over a NSL gag order case. Fortunately, the USA Freedom Act allows recipients to challenge these orders every year, so no one really has to restrict themselves to the DOJ's extended timetable.
NSLs are still the FBI's favorite way to obtain identifying information from service providers. It issues thousands of NSLs every year and even uses the self-issued demand letters to route around rejections by the FISA court. That the agency issues so many is likely due to its ability to open investigations that aren't officially termed "investigations." It's able to open "threat assessments" and "preliminary investigations" without providing any substantive reason for doing so. During these preliminary stages, the FBI grabs every third-party record it can -- anything collectible without leaving a judicial paper trail. Add to that the fact that these pieces of paper come with federally-enforced silence by default, and they're the perfect storm of opacity and unaccountability.