Cloudflare Finally Able To Reveal FBI Gag Order That Congress Told Cloudflare Couldn't Possibly Exist
from the letter-that-dare-not-speak-its-[REDACTED-IN-FULL] dept
Another one of the FBI's thousands of National Security Letters has been made public -- along with its recipient. Cloudflare's latest transparency report (its seventh to date) contains a bonus: a 2013 NSL [PDF] the FBI felt no longer needed to kept secret.
This NSL was received in 2013, and was challenged by Cloudflare and the EFF. It's only now being made public, and that's largely due to litigation and the USA Freedom Act's changes to NSL review policies. Rather than review them every three years-to-never, the FBI must now review them more frequently. Better still, recipients are now allowed to challenge NSL gag orders within one year of receiving them. This places the burden back on the government to prove ongoing secrecy is needed.
Shortly before the new year, Cloudflare received a letter from the FBI rescinding the NSL's gag order.
The letter withdrew the nondisclosure provisions (the “gag order”) contained in NSL-12-358696, which had constrained Cloudflare since the NSL was served in February 2013. At that time, Cloudflare objected to the NSL. The Electronic Frontier Foundation agreed to take our case, and with their assistance, we brought a lawsuit under seal to protect its customers' rights.
In this particular case, the NSL itself was pulled by the FBI as a result of the lawsuit.
Early in the litigation, the FBI rescinded the NSL in July 2013 and withdrew the request for information. So no customer information was ever disclosed by Cloudflare pursuant to this NSL.
So much secrecy surrounds NSLs -- by default -- that Ken Carter of Cloudflare wasn't even able to correct a Senate staffer who told him things that were completely untrue.
In early 2014, I met with a key Capitol Hill staffer who worked on issues related to counter-terrorism, homeland security, and the judiciary. I had a conversation where I explained how Cloudflare values transparency, due process of law, and expressed concerns that NSLs are unconstitutional tools of convenience rather than necessity. The staffer dismissed my concerns and expressed that Cloudflare’s position on NSLs was a product of needless worrying, speculation, and misinformation. The staffer noted it would be impossible for an NSL to issue against Cloudflare, since the services our company provides expressly did not fall within the jurisdiction of the NSL statute. The staffer went so far as to open a copy of the U.S. Code and read from the statutory language to make her point.
That's what a gag order does: allows misinformation to go uncorrected. The staffer's interpretation of US Code may have been more to the letter of the law, but Cloudflare's Carter knew -- from personal experience -- that the FBI's interpretation was different.
Because of the gag order, I had to sit in silence, implicitly confirming the point in the mind of the staffer. At the time, I knew for a certainty that the FBI’s interpretation of the statute diverged from hers (and presumably that of her boss).
Not only does the default secrecy allow the FBI to continue to pursue questionable requests with NSLs, but it also allows it to deploy them in apparent violation of US law, right under the nose of its Congressional oversight.
Congratulations to both the EFF and Cloudflare, which worked together to protect a user's privacy against the FBI's self-issued NSL. Apparently the demand for information couldn't hold up when scrutinized by a judge for the first time. The fact that the USA Freedom Act only recently went into effect likely explains the three year-plus gap between the NSL's withdrawal and the lifting of the gag order.
While the USA Freedom Act's NSL-handling changes are an improvement, they're far from perfect. The burden of proof has been shifted to the government, but there's very little compelling it to respond to gag order challenges quickly, as the EFF points out.
Under the USA FREEDOM Act of 2015, the FBI is required to periodically review outstanding NSLs and lift gag orders on its own accord if circumstances no longer support a need for secrecy. As we’ve seen, this periodic review process has recently resulted in some very selective transparency by the FBI, which has nearly complete control over the handful of NSL gags it retracts, not to mention the hundreds of thousands it leaves in place. Make no mistake: this process is irredeemably flawed. It fails to place on the FBI the burden of justifying NSL gag orders in a timely fashion to a neutral third party, namely a federal court.
The EFF's legal battle against NSLs continues. We've seen incremental lifting of secrecy as a result of its multiple NSL challenges, but the EFF is hoping to see a court find the whole NSL scheme -- warrantless demands for user data and identifying information the FBI often uses to route around judicial rejection -- to be unconstitutional.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: congress, fbi, gag order, nsl
Companies: cloudflare, eff
Reader Comments
Subscribe: RSS
View by: Time | Thread
Anything else I'm wrong on?
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re: Naming the staffer
Nothing in the quoted story indicates the staffer was willfully ignorant of the FBI's misconduct in this case or knowingly protecting the FBI's unconstitutional activities. Rather, it appears that this staffer had far too much faith that the FBI would interpret the law as Congress had intended it be interpreted. Certainly, that staffer, her superiors, and the colleagues of both ought to be contacted and pointed to the news about this as evidence that they were wrong.
[ link to this | view in chronology ]
Re:
Besides sounding like they were just a wee bit condescending the staffer's only 'crime' was that they were under the (hilarious if it wasn't so dangerous) mistaken belief that the FBI actually cares about what the law says when it might limit what they can do.
'Believing that a major government agency cares one bit about the laws they are tasked to uphold' may be more than a little naive these days, but I wouldn't say it reaches the point where a name and shame is appropriate.
[ link to this | view in chronology ]
Boiling down the absurdity
Getting to the root of the matter, I'd say that the most important take-away from this is that via a gag order a company in general, and one of the people from it was legally bound from telling the truth to a government representative'.
They were put in a position where it would be illegal for them to tell the truth of what was happening, or even correct a mistaken belief about what couldn't possibly be happening, all because of the gag order.
Lawmakers can only fix problems that they are aware of, and cases like this demonstrate that gag orders can prevent that from happening, leaving lawmakers thinking one thing is happening when that is very much not the case. While I know that 'that's a feature, not a bug' as far as those issuing the gag orders are concerned, it should be all that's needed to find the practice unconstitutional and flat out dangerous, and prohibited for good.
[ link to this | view in chronology ]
Re: Boiling down the absurdity
You seriously sit there and think this is true? The so call "lawmakers" already know that this shit is happening. Hell, the knew that their new law would create this fucking mess. Not only that, they don't give a flying fuck about it either, or at least not enough of them.
This game is so fucking old hat it has been going on for longer than the child that is America has been around. It is the order of the day for elected politicians to allow evil agents to bend their ears to word laws is such a way as to allow government to recklessly abuse the fuck out of its power.
This is so pervasive that no one seems to recognize these things. We are so accustomed to corruption in government that we notice nothing when it occurs right in front of our eyes with our complete and undivided attention.
So get with the program, there is a constant pressure to write law in such a way as to look like they are serving the American people while just exactly doing the opposite. It's not like this shit is some secret!
[ link to this | view in chronology ]
Re: Re: Boiling down the absurdity
I'm a Hanlon's Razor guy. While there are some people in the government that are willfully evil (Cheney's "work the Dark Side" comment comes to mind), I think most legitimately believe they're doing what they're doing for the good of the American people.
And you'll find a lot of folks, not just in Congress but out of it, are more trusting and deferential to authority and law enforcement than they reasonably should be. All you need to do to see any evidence of that is go to the comments section of any story about police brutality.
Thinking that the FBI wouldn't abuse its power is naive. But a lot of people do think that.
[ link to this | view in chronology ]
Re: Re: Re: Boiling down the absurdity
I think most legitimately believe they're doing what they're doing for the good of the American people.
The road to hell is ordered by the righteous, planned by the well meaning, cemented with ignorance, and paved with their good intentions.
Or, as one of Jim Butcher's characters put it:
"Hell son, I'll take evil any day. It only gets uppity now and again. Stupid is all the time."
or words to that effect. The quote isn't exactly right. I don't disagree with your point that they believe they are serving the people, only that one needs must be very careful with the club that is governance. While it is good to keep people from harming themselves, most wish to seek their hell in a manner of their own choosing. They seldom thank you for saving themselves from themselves.
[ link to this | view in chronology ]
Re: Re: Re: Re: Boiling down the absurdity
[ link to this | view in chronology ]
Butcher quote
[ link to this | view in chronology ]
Re: Re: Boiling down the absurdity
The staffer noted it would be impossible for an NSL to issue against Cloudflare, since the services our company provides expressly did not fall within the jurisdiction of the NSL statute. The staffer went so far as to open a copy of the U.S. Code and read from the statutory language to make her point.
Unless you want to say that the staffer was just making a fool of themself by going through that whole song and dance, it seems pretty clear that no, that individual, and likely several others at least did not 'know that this shit was happening'. They, and likely several others, staff and lawmakers 'thought' the law applied one way, the FBI 'disagreed', and thanks to the gag order the company was prohibited from telling the lawmakers that the FBI's 'interpretation' differed notably from their's.
Now, I'll fully agree that some lawmakers likely do know about this sort of thing, I distinctly remember a story a few years back when the Snowden stuff started coming out about one of the members of the 'oversight' groups deliberately withholding information from the others. They knew, they didn't want the others to know because what was differed from what was presented.
Later on, when it became harder to just ignore the leaks some of them came forward claiming that they had no idea this sort of thing was happening, and while I'm sure some of them were just putting into play their 'I'm shocked, shocked I say!' practice it's quite likely that at least a few didn't actually know, because they'd been kept in the dark.
Sometimes it is malicious intent(and while in politics 'assuming malicious intent' is a pretty safe bet, you need to be careful with it), but sometimes it really is incompetence and/or thinking one thing is perfectly clear, while someone else thinks that there's 'room for a different interpretation' and running with their 'interpretation'.
At the same time though, even assuming that every single lawmaker involved knew exactly how the law would really be used, making it public forces them to scramble and pretend that their actual intent matches their professed intent, possibly closing the 'accidental loophole'.
[ link to this | view in chronology ]
Re: Boiling down the absurdity
It's a matter of degrees of importance. The NSLs are subject to a law created by the Congress. And speaking under oath to the Congress seems to trump any other mechanism.
[ link to this | view in chronology ]
Just to piss off the government?
[ link to this | view in chronology ]
A modest proposal
[ link to this | view in chronology ]
We need at least one limit on a gag order
[ link to this | view in chronology ]
Huzzah (a vast improvement?)!?
This statement alone most perfectly limns the current picture. To interpret: in America, you're now required to wait ONLY a year to appeal suppressions of civil rights without terror of reprisals by the secret police.
Who knows but that soon (nay, even possibly within a few generations!) one might not need to be a major corporation assisted by a major, public policy interest group to accomplish the enforcement of fundamental, Constitutional rights?
[ link to this | view in chronology ]
acertenalotofacil.org
[ link to this | view in chronology ]
[ link to this | view in chronology ]
patricia
[ link to this | view in chronology ]
beatriz
[ link to this | view in chronology ]
tiago
[ link to this | view in chronology ]
paulo
[ link to this | view in chronology ]
Alex
Very cool, I always try to follow with this logical reasoning, thank you
[ link to this | view in chronology ]
Alex
[ link to this | view in chronology ]
Lucia
[ link to this | view in chronology ]
[ link to this | view in chronology ]