Federal Court Dismisses Twitter's Long-Running Lawsuit Over NSL Reporting
from the tiny-win-in-the-margins dept
All the way back in 2014, Twitter sued the DOJ over its National Security Letter reporting restrictions. NSLs are the FBI's weapon of choice in all sorts of investigations. And they almost exclusively come packaged with lifetime bans on discussing them publicly or disclosing the government's request for info to NSL targets.
Things changed a little with the passage of the USA Freedom Act and a couple of related court decisions. The DOJ is now required to periodically review NSLs to see if the ongoing silence is justified. The Act also finally provided a way for companies to challenge gag orders, which has resulted in a somewhat steady stream of published NSLs.
What's still forbidden is publishing an actual count of NSLs a company has received. Supposedly the security of the nation would be threatened if Twitter said it had received 118 NSLs last year, rather than "0-499." The reforms in the USA Freedom Act didn't change that aspect of NSL reporting and the government still argues any accurate reporting would allow the terrorists to win… or somehow avoid being targeted by an NSL.
Twitter argued the publication of an accurate number was protected speech. The government, of course, argued the opposite. The federal judge handling the case ruled that accurate reporting wasn't protected speech back in 2016, but did say Twitter could move forward with its challenge of the classification of this data.
Roughly a year later, the court changed its mind. The government's motion to dismiss was denied by the court, which said it needed to come up with better arguments if it wanted to escape Twitter's lawsuit. The court pointed out that denying Twitter the right to accurately report NSLs was a content-based restriction that couldn't be justified by the government's bare bones assertions about national security.
Nearly three years later, we're back to where we were four years ago. The court has dismissed Twitter's lawsuit, denying its attempt to escape the "banding" restrictions that limit the transparency it can provide to its users. (via Politico)
The decision [PDF] -- which ends nearly six years of litigation -- says the court believes the things the government says about detailed NSL reporting. Since these declarations tend to be delivered in ex parte hearings and/or under seal, we have to believe them, too. Actual numbers are more dangerous than vague numbers.
The declarations explain the gravity of the risks inherent in disclosure of the information that the Government has prohibited Twitter from stating in its Draft Transparency Report, including a sufficiently specific explanation of the reasons disclosure of mere aggregate numbers, even years after the relevant time period in the Draft Transparency Report, could be expected to give rise to grave or imminent harm to the national security. The Court finds that the declarations contain sufficient factual detail to justify the Government’s classification of the aggregate information in Twitter’s 2014 Draft Transparency Report on the grounds that the information would be likely to lead to grave or imminent harm to the national security, and that no more narrow tailoring of the restrictions can be made.
And that's it. The restrictions stay in place and recipients of NSLs will only be able to deliver government-approved information about them. The good news is there's a bit of a loophole -- one the court discusses in a footnote. The DOJ may want to restrict almost all NSL reporting, but the court isn't convinced companies can be limited to using the DOJ-approved "bands" only.
The [complaint] alleges a facial constitutional challenge to FISA’s secrecy provisions to the extent they categorically prohibit the reporting of aggregate data. The Court does not find that they do so restrict the aggregate data at issue here. The Government has, in part, argued that FISA’s statutory nondisclosure provisions, applicable to the existence and contents of individual orders, logically prohibit reporting of aggregate data about the number of such orders. The Court has never found the Government’s logic persuasive on this point. The requirement not to disclose a particular order is completely distinct from disclosing the aggregate number of orders.
This seems to say companies can accurately report the total number of NSLs they've received, rather than using the far more vague 0-499, etc. reporting they've been limited to. It's not a lot but it's an improvement.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: fisa warrants, national security, nsl reporting, transparency, transparency reports
Companies: twitter
Reader Comments
Subscribe: RSS
View by: Time | Thread
Can NSL recipients report the date they received a given (or each) NSL? Can they report each NSL as it is received, which could amount to the same information? This could provide helpful clues to the NSL content / targeted info.
[ link to this | view in chronology ]
Re:
They may be able to, but they also know if they do they'll be in court because they pissed off the government. While being subjected to various investigations at the same time (DoJ, IRS, SEC).
[ link to this | view in chronology ]
Re: Re:
I know what you say is true. And that sucks because it shows just how similar identical the government and organized crime really are.
[ link to this | view in chronology ]
Re:
I would believe the answer to be "not only no, but hell no". Precisely because it would "provide helpful clues to the NSL content / targeted info."
Hmm. This raises a possible reason that the government doesn't want a precise count of NSLs to be available. Assume an ISP maintains a web page with an up to date count of NSLs they've received updated in real time. With such a page, an observer could determine when a new NSL is issued and therefore get "helpful clues to the NSL content / targeted info" which of course the government would find objectionable.
[ link to this | view in chronology ]
Re: Re:
The government, and apparently you, are suggesting that some mind reader might pick a particular twit out of the thousands (millions) of twits posted daily that that NSL, that likely took at least several days to procure and transmit, would be a clue as to which twit it was? Would you, and the government please share what your smoking?
[ link to this | view in chronology ]
Re:
Since the gag order forbids discussing specific NSLs in any way, you can set up a flag to indicate that you have not received one today.
Since claiming you have not received one is a discussion of the one you received today, you cannot leave the flag up on a day you received one.
Outside observers watching to see what days you have your flag up can get a ballpark estimate on how many days you've received one, though it won't help if you get 2 or more in one day.
[ link to this | view in chronology ]
I wonder sometimes...
How we got along BEFORE the internet..
The internet, a location where people can say/express/piss off to anyone that reads those Sections of the net, that interest them.
With an understanding. That there are ways to create privacy and only Have contact Directly to any individual you wish, with the right programs. And the gov, has 5-10 years to Unscramble the encoded Text/voice/video that is shared with others.
I have always wondered about the Scrutiny, given the Citizens/immigrants, over being able to monitor our Corps and the bad blood they have created Before and after year 2000.
Hasnt it been shown recently that the corps have lied to stockholders? Shouldnt our Gov. have backdoors into the corps communications? Wouldnt they be able to have stopped some of the CRAP, thats happened recently?
H! Humm, we sit and watch and pay thru our noses for this capitalist system.
[ link to this | view in chronology ]
Another good reason to move (part of) your operations outside of US jurisdiction, in such a way that responding to an NSL would require that information to go to place where the US has no jurisdiction, and having things set up in such a way that that will automatically lead to its disclosure (for example, because the other jurisdiction requires such disclose, e.g. under GDPR rules in the EU; Iceland or Switzerland are probably also good jurisdictions to have in the chain.)
Then the only possible response to the the NSL would be: we are unable to comply, since we do not have the means to provide the requested information without revealing the NSL. Trying to do otherwise will be physically blocked by parties out of our control. You can go through the legally available channels following international treaties to obtain the requested information in this or that country.
[ link to this | view in chronology ]
Re:
Kim.com??
[ link to this | view in chronology ]
Re:
And the Very strange idea that you can Block anything on the net.
It can popup in every country, that you DONT block.
Liek the right to be forgotten, in the EU, should NOT cover laws and regs in the USA.. but they Can be enforced.
[ link to this | view in chronology ]