There May Be A New Boss At The DOJ, But The Government Still Loves Its Indefinite Gag Orders

from the inalienable-right-to-STFU dept

Despite the DOJ recently drawing heat for its targeting of journalists during internal leak investigations, a lot still hasn't changed about the way demands for data are handled by the feds. Over the past couple of decades, the DOJ and its components have been asking for and obtaining data from service providers, utilizing subpoenas and National Security Letters that come with indefinite gag orders attached.

These orders swear recipients like Microsoft and Google to secrecy, forbidding them from notifying targeted customers and users. (Even Techdirt has been hit with one.) Unlike regular search warrants, where the target is made aware of the rummaging by the physical presence of law enforcement officers, warrants, subpoenas, and NSLs allow the government to go about its rummaging unnoticed.

Reforms to surveillance powers by the USA Freedom Act have at least forced the government to perform periodic reviews of ongoing gag orders. It has also given companies a way to challenge gag orders and demands for data, but that's only useful if the companies have some idea who is being targeted. As this report on the ongoing abuse of gag orders by Jay Greene and Drew Harwell for the Washington Post points out, it's not always clear who the government is seeking information about. (Alternative link here.)

[T]ech company officials said it is often difficult to tell which orders are worth fighting. The orders are often vague — sometimes just email addresses — and the owner of the account isn’t always obvious.

Microsoft provided two secrecy orders to The Post with the names of the customers redacted. Each is only about four paragraphs long and declares that notifying the customer about the existence of the data request could lead to evidence tampering or flight from prosecution.

Neither order offers any support for those claims, or any details to indicate why secrecy is necessary. Microsoft complied with both orders and notified customers of the seizure only after the orders expired.

Even with those limitations, some companies are doing what they can to push back on these unreasonable restrictions.

Microsoft said it generally complies with secrecy orders because it is legally required to do so. At Google, director of law enforcement and information security Richard Salgado said the company will challenge nondisclosure orders if there are “external signals” that the orders lack merit.

But those are the exceptions, not the rule. Nearly 70% of the 62,000 government requests Facebook received during the last six months of 2020 came with gag orders attached. Microsoft receives far fewer requests, but still sees 7-10 requests with gag orders per day. Add in Google and Apple and the number of requests easily tops 100,000 per year. If Facebook is an outlier, it's still probably safe to assume nearly half of those come with gag orders. That's a lot of secrecy and it's absolutely certain all of it isn't justified.

The government claims the courts keep it honest, but given the dearth of challenges, it's a claim the feds can make only because the pushback is so limited. And it's deliberately limited. If a judge clears it, recipients have to assume the secrecy is warranted.

But agencies like the FBI issue their own paperwork and gag orders that don't require any judicial oversight. NSLs begin and end inside agencies, reliant only on whatever internal oversight there is to ensure these aren't abused. And history shows they are abused -- something the FBI turns to when its demands for information or data are rejected by the judicial oversight the DOJ claims keeps its vast power in check.

Even when targets are finally notified, they aren't given all the information. The Washington Post article details a former Defense Department contractor (Ryan Lackey) who was informed the government demanded data from Facebook, a platform he has used regularly for the last 15 years. Even though he was told the government sought his data, he was unable to find out what the government sought and for what time period. And that notification arrived nearly two years after Facebook had handed over his data.

The government won't answer any questions about it. Neither will Facebook, which suggested he get a lawyer.

After receiving the March email, Lackey asked Facebook what information it had handed over and what time frame the request covered. In an emailed response reviewed by The Post, the tech giant wrote that it couldn’t give him “legal advice” and suggested that he “consult with an attorney.”

Lackey said he has been left with “low-level anxiety” and lots of unanswered questions.

“I’m not opposed to helping law enforcement with a legitimate investigation,” he said. “But if it’s a civil liberties violation or a fishing expedition, I don’t want to help them in that.”

Legislative efforts continue to rein in these powers and limit demands for indefinite secrecy. But the feds are fond of these 9/11-enabled powers and in no hurry to see them restricted. Claims about public safety and national security tend to be all that's needed to convince certain legislators that the government's business should continue as usual. Those pushing back have limited information to work with, thanks to years of deference in service to the never-ending War on Terror.

This shouldn't be considered business as usual in a free country where citizens have inalienable rights that are supposed to protect them against unchecked snooping by the government, as well as grant them the ability to challenge unjustified demands for their possessions and papers. But a handful of wars engaged in by the government against its citizens (Terror, Drugs) have reduced these rights to privileges only very occasionally recognized by the agencies engaging in unwarranted seizures and only slightly more occasionally recognized by the courts, which have largely shrugged off their obligations to keep the government in check.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: 1st amendment, doj, fbi, gag orders, journalism, national security letters, nsls
Companies: google, microsoft


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 4 Oct 2021 @ 11:19am

    Lackey said he has been left with “low-level anxiety” and lots of unanswered questions.

    I wonder how long it will be before spammer/scammers/asshats start faking those sorts of emails (or maybe they already are and I just haven't noticed)./

    link to this | view in chronology ]

  • icon
    That Anonymous Coward (profile), 4 Oct 2021 @ 11:23am

    Simple solution.
    Demand the number of cases resulting in conviction from using this sort of shit.
    The number is going to be very low, leaving questions about why they are using them so often when the resulting data gathered doesn't do anything useful.

    One can understand why in some cases altering a target might be a bad thing, but it is also a very bad thing when they can just fire these letters off, get whatever they want, and then have nothing to show for it.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 4 Oct 2021 @ 11:57am

    These seem very much like General Warrants, which are not allowed. They also seem rather a lot like wiretaps, which require a warrant. Wht is the FBI allowed to get away with this nonsense?

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 4 Oct 2021 @ 12:21pm

      Re:

      Third Party Doctrine.

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 4 Oct 2021 @ 12:56pm

      Re:

      They're not general warrants, because they are requesting specific data from the accounts of specific people.

      They're not wiretaps, because they are not requesting data in motion (data which is "on a wire"), only data that is stored. The stored communications act is the most applicable legislation, and while it did increase the prior (essentially non-existent) protections for stored data, it does not requrie a warrant for "remote computing services," which has historically included such things as electronic communications which have been opened/downloaded. The sixth circuit declared this illegal in Warshak (though there has been no follow up from the sixth circuit, nor agreement from the other circuits), and the Carpenter decision has limited this for cell location data, but in general the SCA still holds.

      link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.