National security letter

A national security letter (NSL) is a demand letter, which differs from a subpoena. It is issued to a particular entity or organization to turn over various record and data pertaining to individuals. NSLs can only request non-content information, such as transactional records, phone numbers dialed or email addresses mailed to and from. They also contain a gag order, preventing the recipient of the letter from disclosing that the letter was ever issued. The gag order was ruled unconstitutional as an infringement of free speech in the Doe v. Gonzales case, but this decision was superseded by the Second Circuit Court after the USA PATRIOT Improvement and Reauthorization Act gave recipients of NSL gag orders recourse in court. From 2003 to 2006 the bureau issued 192,499 national security letter requests.

History
The oldest NSL provisions were created in 1978 as a little-used method of circumventing the Right to Financial Privacy Act. Used in terrorism and espionage investigations, it was limited to foreign powers or persons who the FBI had reasonable cause to believe were agents of a foreign power. Compliance was voluntary, and states' consumer privacy laws often allowed institutions to decline these requests.

In 1986, the Act was amended to compel disclosure, and the Electronic Communications Privacy Act was created with similar provisions in place. Still, neither act identified any penalties for failing to comply with the letter.

A 1993 amendment relaxed the restriction regarding "foreign powers" and allowed the use of an NSL to obtain information on persons not under direct investigation.

In 2001, section 505 of the USA PATRIOT Act greatly expanded the use of the NSL. See below.

On March 9, 2006 the USA PATRIOT Improvement and Reauthorization Act was signed into law, which allowed for judicial review of an NSL after it was received. It could be repealed or modified if it was found that a request for information was "unreasonable, oppressive, or otherwise unlawful". The nondisclosure requirement was not weakened as much. The judiciary could only repeal the gag order if the court found that it was made in "bad faith". Otherwise the court had to take the government request for nondisclosure as conclusive. Other amendments included that the recipient of an NSL was allowed to explicitly inform their attorney about the request and the government had to specifically rely on the judiciary for enforcing noncompliance with an NSL. These amendments were done in light of the 2004 Doe v. Ashcroft ruling.

In 2008, Congress considered proposals to place new controls on the FBI's use of NSLs. A House bill would tighten the language governing when national security letters could be used, by requiring that they clearly pertain to investigations of a foreign power or an agent instead of just being considered "relevant" to such investigations. It would also require that the FBI destroy information that had been illegally obtained, which existing rules do not require, and it would allow the recipient of a letter to file a civil lawsuit if the missive is found to be illegal or without sufficient factual justification. A Senate bill would require the FBI to track its use of the letters more carefully and would narrow the types of records that can be obtained with a letter to those that are least sensitive.

Patriot Act
Once passed in 2001, section 505 of the USA PATRIOT Act greatly expanded the use of the NSL, allowing their use in seeking any information relevant to an investigation of terrorism or clandestine intelligence activity. It also granted the privilege to other federal agencies, presumably to allow the department of Homeland Security the same ability to use NSLs. In January 2007 The New York Times reported that both the Pentagon and the CIA have been issuing national security letters. The Patriot Act reauthorization statutes passed during the 109th Congress added specific penalties for non-compliance or disclosure.

Contentious aspects
Two of the more contentious aspects of the NSL are non-disclosure provisions and a lack of judicial oversight. As it has since its creation in 1978, the NSL contains a clause which forbids the recipient from revealing the contents of the NSL, or even its receipt. The non-disclosure rules have helped prevent the full extent of the NSL program from becoming known, as the FBI has systematically underreported to Congress the number of letters sent. An NSL recipient (later revealed to be Nicholas Merrill) writing in The Washington Post says "living under the gag order has been stressful and surreal. Under the threat of criminal prosecution, I must hide all aspects of my involvement in the case...from my colleagues, my family and my friends. When I meet with my attorneys I cannot tell my girlfriend where I am going or where I have been."

Unlike other subpoenas and warrants, no approval from the judicial branch is required to issue an NSL, as NSLs request information which carries no constitutionally protected reasonable expectation of privacy as indicated by Smith v. Maryland. An NSL may be issued by "the Director of the Federal Bureau of Investigation, or his designee in a position not lower than Deputy Assistant Director at Bureau headquarters or a Special Agent in Charge in a Bureau field office designated by the Director", but after it is received its recipient may challenge it in court.

An internal FBI audit found that the bureau violated the rules more than 1000 times in an audit of 10% of its national investigations between 2002 and 2007. Over 20 of these involved requests by agents for information that US law did not permit them to have.

According to 2,500 pages of documents that the FBI turned over to the Electronic Frontier Foundation in response to a Freedom of Information Act lawsuit that the EFF had brought against the government, the FBI used national security letters to obtain data not only on individuals that it saw as targets of an investigation, but also to demand details from telecommunications companies on their “community of interest” — the network of people that the target in turn was in contact with. The bureau's NSL community of interest requests, which it recently discontinued, are part of an ongoing investigation by Justice Department inspector general Glenn A. Fine's office into the misuse of national security letters. Such "community of interest" record gathering is part of a data-mining technique intelligence officials call link analysis, believed to have been used by other intelligence agencies such as the National Security Agency. According to the September 9, 2007 The New York Times report on the FBI's use of NSLs to obtain broader information for data mining purposes, "In many cases, the target of a national security letter whose records are being sought is not necessarily the actual subject of a terrorism investigation and may not be suspected at all. Under the USA PATRIOT Act, the F.B.I. must assert only that the records gathered through the letter are considered relevant to a terrorism investigation."

In April, 2008, the American Civil Liberties Union alleged that the military was using the FBI to skirt legal restrictions on domestic surveillance to obtain private records of Americans' Internet service providers, financial institutions and telephone companies. The ACLU based its allegation on a review of more than 1,000 documents turned over to it by the Defense Department in response to a suit the rights group filed in 2007 for documents related to national security letters. The same month, the Electronic Frontier Foundation alleged that documents obtained from the FBI in response to its own Freedom of Information Act lawsuit showed that top FBI officials were aware of the bureau's misuse of national security letters for nearly two years before the misuse was reported.

In May, 2008, the FBI reached a legal settlement with the Internet Archive, which had challenged a national security letter served on it in November 2007. The FBI withdrew the NSL and agreed to lift a portion of the gag order that accompanied it.

Doe v. Ashcroft
This lack of judicial oversight was at the core of Doe v. Ashcroft, a high-profile test of the usage of NSLs. Brought forward by an unnamed Internet Service Provider who had been served with NSLs, it challenged the constitutionality of the letters, specifically the non-disclosure provisions. Judge Victor Marrero of the Southern District of New York found on 28 September 2004, that NSLs violate the Fourth ("it has the effect of authorizing coercive searches effectively immune from any judicial process") and First Amendments. However, Judge Marrero issued a stay on his ruling pending the outcome of an appeal of his decision by the government.

In his ruling Judge Marrero wrote "All but the most mettlesome and undaunted NSL recipients would consider themselves effectively barred from consulting an attorney or anyone else who might advise them otherwise," and concluded, "as well as bound to absolute silence about the existence of the NSL...For the reasonable NSL recipient confronted with the NSL's mandatory language and the FBI's conduct related to the NSL, resistance is not a viable option."

Compelled by these findings, subsequent revisions to the USA PATRIOT Act have allowed for greater judicial review, as well as clarification and limitation to the non-disclosure clause. There remains no requirement to seek judicial review or approval prior to issuance of an NSL.

The government appealed Judge Marrero's decision in the 2nd circuit court of appeals which heard arguments from both sides and on 24 May 2006 issued a ruling dismissing the case as moot – returning it to the lower court due to subsequent changes in the USA PATRIOT Act enacted by Congress after the case was filed. In a concurring opinion, Judge Richard Cardamone of the 2nd U.S. Circuit Court of Appeals wrote that he suspected "a perpetual gag on citizen speech of the type advocated so strenuously by the government may likely be unconstitutional." and that a ban on speech and an unending shroud of secrecy concerning government actions "do not fit comfortably with the fundamental rights guaranteed American citizens" and could serve as a cover for official misconduct.

After having the case returned to his court for reconsideration in light of the revisions made to the USA PATRIOT Act, on September 6, 2007, Judge Victor Marrero struck down the parts of the law that allowed the FBI to compel companies to provide customer records without court authorization and forbade the companies from telling the customers or anyone else what they had done. In his 103-page opinion, Judge Marrero wrote that the law permitting such NSLs was “the legislative equivalent of breaking and entering, with an ominous free pass to the hijacking of constitutional values.” Marrero said the indefinite gag order associated with NSLs violated the First Amendment, the lack of judicial oversight or review was contrary to the separation of powers guarantee, and that the secrecy requirement was so intertwined with the rest of the provision regarding NSLs that the entire provision was unconstitutional. Judge Marrero delayed enforcing his decision ordering the FBI to desist with further NSLs for 90 days pending an appeal by the government. The government appealed the decision and oral argument was heard on August 27, 2008. The case, now known as Doe v. Holder (the current Attorney General). On Monday, December 15, 2008, the appeals court supported the lower court's ruling.

Another effect of Doe v. Ashcroft has been greater congressional oversight. The above mentioned revisions to the PATRIOT Act also included requirements for semi-annual reporting to Congress. Although the details are classified, a non-classified count of NSLs issued is also required. On April 28, 2006, the Department of Justice reported to the House and Senate that in calendar year 2005, "the Government made requests for certain information concerning 3,501 United States persons pursuant to NSLs. During this time frame, the total number of NSL requests… for information concerning U.S. persons totalled 9,254." A 2007 DOJ audit of the FBI's use of the National Security Letter found that the FBI actually issued 39,346 requests on 10,232 non-U.S. plus 6,519 U.S. persons in 2003, 56,507 requests for 2004 (8,494 non-U.S., 8,943 U.S. persons), and 47,221 requests in 2005 (8,536 non-U.S., 9,475 U.S. persons). Moreover, review of a sample of NSLs in that DOJ report found that twenty-two percent of reviewed NSLs were not included in these higher estimates, suggesting that the true numbers are even higher.

In 2010 a partial lift of the gag order was given, and John Doe was revealed as Nicholas Merrill, of Calyx Internet Access. He has since started a nonprofit for the purposes of educating and researching privacy issues.