Recipient Of FBI National Security Letter Can Finally Reveal Details, 11 Years Later

from the and-it's-just-as-messed-up-as-expected dept

Back in October, we followed up on a much older story concerning Nicholas Merrill, the owner of Calyx Internet Access, who back in 2004 had received one of the FBI's infamous National Security Letters (NSLs) complete with a total gag order on it. NSLs have long been widely abused by the FBI to (unconstitutionally) get around the 4th Amendment, demanding all sorts of information from private parties and then putting a perpetual gag order on the request, which also would seem to violate the 1st Amendment. Merrill fought back against the NSL -- at first anonymously because he wasn't even allowed to admit to anyone that he'd received one. In 2010, Merrill was finally granted the right to admit that he had received an NSL and that he was fighting it. But he still couldn't reveal much more than that.

The October ruling said that the entire gag order needed to be lifted, and that Merrill should be able to finally reveal the actual NSL -- and that has now happened. You can see the ridiculously broad list of information that was demanded from Merrill.

Merrill is now able to reveal that the FBI believes it can force online companies to turn over the following information simply by sending an NSL demanding it: an individual’s complete web browsing history; the IP addresses of everyone a person has corresponded with; and records of all online purchases. The FBI also claims authority to obtain cell-site location information with an NSL, which effectively turns a cell phone into a location tracking device. In court filings, the FBI said that at some point it stopped gathering location data as a matter of policy, but that it could secretly choose to resume the practice under existing authority.

“For more than a decade, the FBI has been demanding extremely sensitive personal information about private citizens just by issuing letters to online companies like mine,” said Mr. Merrill.   “The FBI has interpreted its NSL authority to encompass the websites we read, the web searches we conduct, the people we contact, and the places we go. This kind of data reveals the most intimate details of our lives, including our political activities, religious affiliations, private relationships, and even our private thoughts and beliefs,” he explained.

As Marcy Wheeler notes, the depth of information that the NSL was getting willy nilly with no oversight at all through NSLs is rather astounding.
This is what the government means when it does “connection” chaining: gluing together every fragment of your online life together to see it all.
The ACLU has also helpfully created a graphic showing the gradual revealing of this NSL, with each part of the legal fight unmasking a bit more over the course of this decade-plus battle:
Along with the NSL details, Merrill was also able to release an unredacted version of October's ruling -- and we'll deal with that in a separate post, so stay tuned.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: censorship, doj, fbi, first amendment, fourth amendment, gag order, national security letters, nicholas merrill, nsl
Companies: calyx


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. identicon
    Anonymous Coward, 1 Dec 2015 @ 9:37am

    that was 2004,
    skynet is stronger now

    link to this | view in thread ]

  2. identicon
    Anonymous Coward, 1 Dec 2015 @ 9:41am

    or is that the Red queen (Umbrella corp)

    link to this | view in thread ]

  3. identicon
    Anonymous Coward, 1 Dec 2015 @ 9:45am

    Today they just ask for the keys of your servers
    (the digital and the physical ones)
    or we will send a hot girl to scopolamine the info out off your sysadmin at the bar

    link to this | view in thread ]

  4. identicon
    Anonymous Coward, 1 Dec 2015 @ 9:46am

    link to this | view in thread ]

  5. icon
    Whatever (profile), 1 Dec 2015 @ 9:55am

    Reading the request, it seems much more straightforward and not at all as sinister as it's made out to be.

    The requests all seem to be related to what the ISP / Hosting company was providing as services. The request for purchases, as an example, seems to be in relation to services offered by the company, and not ALL online purchases made.

    There is also (from the list you posted) no indication that they expect a list of URLs visited, rather a request for any URLs related to the subscriber account (domains hosted).

    There is nothing that says "the IP addresses of everyone a person has corresponded with" rather a request for screen names / IDs and email addresses associated with the subscriber's account (most ISPs allow for multiple Emails, and may also require a screen name to log in).

    It would seem that (at least based on the unredacted list) that Merrill may have been either over reacting or taking certain requests in an odd manner. It seems everything on that list pertains to transactions and setups between the ISP and their customer, and not anything else.

    link to this | view in thread ]

  6. identicon
    Anonymous Coward, 1 Dec 2015 @ 9:58am

    Re:

    I'm glad that your rose colored glasses give the government so much credit. Here I thought we had to rely on action rights and law for things like this to be revealed. We have warrants for a reason and anything that gets the same information without the same legal requirements is not in the interest of the people.

    link to this | view in thread ]

  7. identicon
    Yowzaa, 1 Dec 2015 @ 10:00am

    NSC (Nat'l Security Comment)

    The contents of this comment will be revealed in 2026

    link to this | view in thread ]

  8. identicon
    Anonymous Coward, 1 Dec 2015 @ 10:07am

    Re:

    or we will send a hot girl to scopolamine the info out off your sysadmin at the bar
    I'm not entirely sure whether you're kidding, or referencing something that the NSA actually claimed legal authority to do in a leaked document.

    link to this | view in thread ]

  9. icon
    Whatever (profile), 1 Dec 2015 @ 10:25am

    Re: Re:

    I am really not debating NSL versus warrants here - rather that what Merrill claims and what is on the unredacted list just don't seem to match. Everything on the list seems to pertain to the relationship between the ISP and the client, with no mention of surfing history or a list of all people they have sent email to...

    link to this | view in thread ]

  10. This comment has been flagged by the community. Click here to show it
    identicon
    PRMan, 1 Dec 2015 @ 10:34am

    Re: Re: Re:

    TechDirt has overblown something to get ratings?

    No way!

    link to this | view in thread ]

  11. identicon
    Anonymous Coward, 1 Dec 2015 @ 10:40am

    Re: Re: Re:

    You are overlooking the incredibly broad last item,
    Any other information that you consider to be an electronic communication transactional record.

    Which covers all sorts of activities carried out by the person.

    link to this | view in thread ]

  12. identicon
    Anonymous Coward, 1 Dec 2015 @ 10:46am

    Though I usually disagree with Whatever, I have to say [he|she|it] seems to be correct on this. The information requested appears to be limited to details about the account - with the notable exception of the last point ("Any other information..."). However, that does not in any way take away from the unconstitutional nature of an NSL.

    link to this | view in thread ]

  13. identicon
    Anonymous Coward, 1 Dec 2015 @ 10:58am

    Re:

    That last item is the kicker, communications transactional records, that is anything that has been logged about the accounts activities, i.e. connections made, emails sent etc.

    link to this | view in thread ]

  14. identicon
    Anonymous Coward, 1 Dec 2015 @ 11:12am

    Re: Re:

    ...electronic communication transactional record...

    Wow.

    That could mean any connection, whether or not one did anything with said connection. Including unwanted pop-ups and redirects.

    OR

    That could mean only those connections that resulted in money (or other consideration(s), like Bitcoin) to change hands. Think about it: you don't need the word transactional in that phrase to get connection/email/etc. records.

    Problem is one has to go to court to find out what the court considers this to be.

    link to this | view in thread ]

  15. identicon
    Anonymous Coward, 1 Dec 2015 @ 11:18am

    Re: Re: Re:

    Problem is one has to go to court to find out what the court considers this to be.

    Oh boy are your wrong there, no court involved in the NSL and gag order, and because of the gag order one can only ask the FBI what they mean.

    link to this | view in thread ]

  16. icon
    Whatever (profile), 1 Dec 2015 @ 3:25pm

    Re: Re: Re: Re:

    I didn't overlook it. Rather, I considered that an ISP generally won't have a "transaction record" that includes all of the email contacts, the websites you visit, etc., unless they specifically have set it up to do so.

    Perhaps Mr Merill's bigger issue is that, as an ISP, he may have been collecting this information without any legal requirement or need. ISPs don't generally track user activity beyond sheer volume (to charge for bandwidth). Perhaps the problem here is in how Merrill operated? I doubt we will ever know.

    link to this | view in thread ]

  17. identicon
    Anonymous Coward, 2 Dec 2015 @ 12:33am

    Re: Re: Re: Re: Re:

    There are things called log files, which record this information, and are often kept for several months.

    link to this | view in thread ]

  18. identicon
    Anonymous Coward, 2 Dec 2015 @ 12:37am

    Re: Re: Re: Re: Re:

    How disingenuous of you, the data probably does not exist, therefore asking for it is O.K.

    link to this | view in thread ]

  19. identicon
    Anonymous Coward, 2 Dec 2015 @ 8:38am

    Re:

    Reading the request, it seems much more straightforward and not at all as sinister as it's made out to be.

    All the more reason to ask yourself why such a straightforward request would need to be shrouded in secrecy, no?

    If it's just SOP, and there's nothing to see, then surely court oversight shouldn't be an issue.

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.