Yahoo First Company To Publicly Acknowledge It Has Received National Security Letters

from the doxing-the-feds dept

Given its history of battling gag orders from the government, there's some cosmic justice contained in the fact that Yahoo is the first company to publicly disclose the contents of National Security Letters it has received. Before the passage of the USA Freedom Act, NSLs came bundled with a presumptive lifetime ban on disclosure. This wasn't statutorily-required. It's just the way things worked out when the FBI was allowed to decide if and when it was going to allow NSL recipients to publicly discuss them.

The surveillance reform law requires the FBI to "periodically" assess its NSL nondisclosure demands, which appears to have led directly to the first publication of these letters by any company. Yahoo's accompanying statement notes it will continue to publicly disclose whatever it's allowed to in the future.

Yahoo has always maintained a strong commitment to protecting our users’ safety, security and privacy. The release of these documents and information regarding NSLs today is consistent with our commitment to sharing as much information as we legally can regarding government data requests. We believe there is value in making these documents available to the public to promote an informed discussion about the legal authorities available to law enforcement. They also demonstrate the importance of hard-fought reforms to surveillance law achieved with passage of the USA Freedom Act.

The letters [PDF] are redacted but some information had still managed to seep out between the black bars. For one, it appears the FBI asks for everything Yahoo could possibly have collected about targeted users, tracing all the way back to the creation of the accounts.

In preparing your response to this National Security Letter, you should determine whether your company maintains the following types of information which may be considered by you to be an electronic communications transactional record in accordance with Title 18 United States Code § 2709.

Subscriber name and related subscriber information

Account number(s)

Date the account opened or closed

Physical and or postal addresses associated with the account

Subscriber day/evening telephone numbers

Screen names or other on-line names associated with the account

All billing and method of payment related to the account including alternative billed numbers or calling cards

All e-mail addresses associated with the account to include any and all of the above information for any secondary or additional e-mail addresses and or user names identified by you as belonging to the targeted account in this letter

Internet Protocol (IP) addresses assigned to this account and related e-mail accounts

Uniform Resource Locator (URL) assigned to the account

Plain old telephone{s) (POTS), ISDN circuit(s), Voice over internet protocol (VOIP), Cable modem service, Internet cable service, Digital Subscriber Line (DSL) asymmetrical/symmetrical relating to this account

The names of any and all upstream and providers facilitating this account's communications

The above-listed information from "inception of the targeted account to the present" if this request cannot be processed as presently written

And, while the FBI requests this information to be sent to it in electronic form, it demands any challenges to its gag orders be handled via fax machines or snail mail.

This disclosure allows Yahoo to update its previous transparency reports with real numbers, rather than the fake numbers demanded by the government.

Prior to this, Yahoo hadn't even been allowed to disclose the fact that it had received NSLs, even under the very broad disclosure range of 1-499. This is a small step towards government transparency -- one that will hopefully continue to undermine its secrecy-by-default stance.

Filed Under: doj, fbi, national security letters, nsls, transparency
Companies: yahoo

Senate Intelligence Committee Expands FBI NSL Powers With Secret Amendment To Secret Intelligence Bill

from the you'll-find-out-about-the-additions-when-you're-told-you-can't-talk dept

The annual intelligence authorization is under way, with the Senate deciding how much money the nation's spy agencies will receive next year, along with anything else they can slip in while no one's looking. The entire discussion takes place behind closed doors, so there's very little stopping the Intelligence Committee's many surveillance fans from amending the bill to increase intelligence agencies' powers.

Fortunately, there's still one person on the inside who continues to perform his oversight duties.

A provision snuck into the still-secret text of the Senate’s annual intelligence authorization would give the FBI the ability to demand individuals’ email data and possibly web-surfing history from their service providers without a warrant and in complete secrecy.

If passed, the change would expand the reach of the FBI’s already highly controversial national security letters.

[...]

The spy bill passed the Senate Intelligence Committee on Tuesday, with the provision in it. The lone no vote came from Sen. Ron Wyden, D-Ore., who wrote in a statement that one of the bill’s provisions “would allow any FBI field office to demand email records without a court order, a major expansion of federal surveillance powers.”

Wyden did not disclose exactly what the provision would allow, but his spokesperson suggested it might go beyond email records to things like web-surfing histories and other information about online behavior. “Senator Wyden is concerned it could be read that way,” Keith Chu said.

The FBI's history of abusing NSLs is well-documented. These letters allow the agency to route around judicial oversight by chanting "national security" while composing their requests. (Bonus feature: recipients are forbidden from talking about them... indefinitely.) Increasing the FBI's access with no corresponding increase in oversight is definitely not a good idea, considering it has never shown interest in self-restraint.

The FBI historically has not had access to email records via NSLs, although it did spend several years doing exactly that before being shut down by the DOJ. It obviously wants that access again and FBI Director James Comey claims the only thing standing between it and the access it always thought it had is a "typo."

If this secret amendment passes along with the authorization bill, it would weaken attempts to reform the ECPA -- the 1986 law that gives the government warrantless access to emails and other online documents more than 180 days old. But rather than fix the Senate intelligence authorization bill, legislators are looking to carve a hole in the recently (and unanimously) passed Email Privacy Act.

Sen. John Cornyn, R-Texas, is expected to offer an amendment that would mirror the provision in the intelligence bill.

Privacy advocates warn that adding it to the broadly supported reform effort would backfire.

“If [the provision] is added to ECPA, it’ll kill the bill,” Gabe Rottman, deputy director of the Center for Democracy and Technology’s freedom, security, and technology project, wrote in an email to The Intercept. “If it passes independently, it’ll create a gaping loophole. Either way, it’s a big problem and a massive expansion of government surveillance authority.”

The FBI should be sending out fruit baskets to the Senate Intelligence Committee for both expanding its surveillance reach and undercutting a much-needed reform effort. Secret laws made by secretive committees during closed-doors sessions doesn't seem very "American," but much like the super-secretive NSLs the FBI loves so much, the routine invocation of "national security" tends to ward off the scrutiny this process desperately needs.

Filed Under: 4th amendment, appropriations, ecpa, ecpa reform, fbi, national security letters, nsls, senate intelligence committee, surveillance, warrants

Judge Tells Twitter Revealing Classified Stats Isn't Protected By 1st Amendment... But Says Twitter Can Challenge Classification

from the inching-forward dept

Back in late 2014, we wrote about Twitter suing the US government over whether or not it was allowed to publish just how many National Security Letters and FISA Court orders it receives in its transparency report. This came after a bunch of other tech companies had settled a similar lawsuit with an agreement that they could reveal certain "bands" of numbers, rather than the specific number. It still boggles the mind that merely revealing the number of NSLs and/or FISC orders received would create any problem for national security, but the government seems hellbent on keeping that information secret. Probably because they don't want the public to understand how widely this system is used to obtain info.

We had mentioned this case just a few weeks ago, noting that a bunch of companies had filed an amicus brief pointing out that it's unclear if they can even admit that they've never received such a request (i.e., it's possible that warrant canaries are illegal).

Meanwhile, the DOJ has been trying to get the entire case thrown out because that's what the DOJ does. Judge Yvonne Gonzalez Rogers has now given a mixed ruling denying some of the DOJ's motion, but granting a key part concerning Twitter's First Amendment claim. The good news, though, is that the issue there is at least partially procedural, allowing Twitter to try again.

Twitter had argued, of course, that it has a First Amendment right to publish this information. But the government -- and the judge -- noted in response that you don't have a First Amendment right to publish classified information if you are a party that is "subject to secrecy obligations."

Under Executive Order 13526, information may be classified by the “original classification authority determines that the unauthorized disclosure of the information reasonably could be expected to result in damage to the national security, which includes defense against transnational terrorism, and the original classification authority is able to identify or describe the damage.”...

The First Amendment does not permit a person subject to secrecy obligations to disclose classified national security information.

That said, the court notes that this is partially a procedural issue, because Twitter can (and perhaps should) first challenge whether or not the classification on those aggregate statistics is appropriate:

The Court agrees with the Government that Twitter has not alleged that the information is not properly classified by the Government. Count I challenges the FISA non-disclosure provisions as being prior restraints of indefinite duration, but the claim does not take into account the fact that a classification decision is necessarily limited in duration by its nature, as the Government asserts. Along those same lines, Count II’s as-applied challenge contends that the FISA nondisclosure provisions are unconstitutional, but does not account for the fact that the Government has refused to permit disclosure of the aggregate numbers on the grounds that the information is classified pursuant to the Executive Order (not because of any FISA order or provision).

Again, Twitter has conceded that the aggregate data is classified. In the absence of a challenge to the decisions classifying that information, Twitter’s Constitutional challenges simply do not allege viable claims.

In short: try again, but this time challenge whether or not the aggregate data is properly classified.

On the two other issues in the case, the DOJ lost both. First, it argued that since it was the FISA Court, and not the DOJ, that classified the statistics, the challenge should be under FISA's jurisdiction and not the court that it's in. The court here, disagrees, and points out that Twitter is not challenging a specific FISA ruling, but rather the aggregate data.

The Government does not identify any order of the FISC addressing, as a general matter, publication of aggregate data about receipt of legal process, the crux of the matter before the Court here. Likewise, Twitter’s Amended Complaint does not challenge any prohibition on disclosure in any individual FISC order, FISA directive, or NSL. Rather, Twitter contends that the Government’s reliance on the FISA non-disclosure provisions as a basis for prohibiting disclosure of aggregate data about legal process directed to Twitter violates the First Amendment. Nothing in the Amended Complaint would require the Court to interpret, review, or grant relief from any particular FISC order or directive.

The other DOJ argument was that Twitter did not have standing regarding the Espionage Act. Twitter, in its lawsuit, was seeking declaratory judgment that it is not running afoul of the Espionage Act in publishing such data. It did this because the DOJ had warned Twitter that publishing such data might violate the Espionage Act. Seems fairly straightforward, right? But the DOJ told the court that Twitter's concerns are "merely speculative" and thus it had no standing on this issue. The court isn't buying it:

The Court finds that the allegations here—that Twitter presented the draft Transparency Report it planned to publish to the Government and that the Government informed Twitter that it could not publish the information because it is classified—are sufficient to show an “imminent” injury to establish Twitter’s standing here. The Government’s contention that the threat of prosecution is low because there are other avenues of recourse for Twitter to challenge individual nondisclosure orders simply does not address the issue here, reporting of aggregate data. The motion to dismiss the Espionage Act claim on these grounds is DENIED.

Of course, it's the First Amendment claims that are the main show here -- and without them, the rest of the case is pretty limited. It seems likely that Twitter will file an amended complaint now, arguing that the classification was improper, but then it just becomes a fight over classification, and the government is pretty good about screaming "national security!!!!" at the top of its lungs whenever people challenge classification decisions. The alternative, of course, is that Twitter could appeal the First Amendment decision and see if the appeals court thinks the judge here got that part wrong. Either way, I imagine we'll find out soon.

Filed Under: doj, espionage act, first amendment, fisa court, fisc, national security letters, nsls, transparency, transparency report, warrant canary
Companies: twitter

Microsoft Sues Government Over Its ECPA-Enabled Gag Orders

from the silent-service dept

Microsoft isn't the first company to sue the government over its gag orders. Google, Yahoo, Twitter, and a small ISP called Calyx Internet Access have all taken the government to court over its various demands for secrecy it ties to its National Security Letter requests.

But the more the merrier. Sooner or later, someone's going to have to side with the recipient. As Microsoft alleges in its announcement of the lawsuit, the secrecy problem is getting worse, instead of better -- despite the national discussion over domestic surveillance, expanded government power and the ongoing circumvention of due process.

It's not that Microsoft believes the government is never entitled to secrecy. It's that the demand for secrecy seems to be its default position.

To be clear, we appreciate that there are times when secrecy around a government warrant is needed. This is the case, for example, when disclosure of the government’s warrant would create a real risk of harm to another individual or when disclosure would allow people to destroy evidence and thwart an investigation. But based on the many secrecy orders we have received, we question whether these orders are grounded in specific facts that truly demand secrecy. To the contrary, it appears that the issuance of secrecy orders has become too routine.

The government is demanding information from Microsoft while telling it to shut up nearly 150 times a month.

Over the past 18 months, the U.S. government has required that we maintain secrecy regarding 2,576 legal demands, effectively silencing Microsoft from speaking to customers about warrants or other legal process seeking their data.

Worse, in a majority of these cases, Microsoft has been ordered to maintain its silence indefinitely.

Notably and even surprisingly, 1,752 of these secrecy orders, or 68 percent of the total, contained no fixed end date at all. This means that we effectively are prohibited forever from telling our customers that the government has obtained their data.

The lawsuit claims these gag orders violate multiple rights of multiple parties. Those whose data is being requested are having their Fourth Amendment rights violated by the undisclosed searches. Microsoft's First Amendment rights are being violated by the accompanying gag orders.

At the center of Microsoft's lawsuit is a terrible law: the ECPA.

Microsoft brings this case because its customers have a right to know when the government obtains a warrant to read their emails, and because Microsoft has a right to tell them. Yet the Electronic Communications Privacy Act (“ECPA”) allows courts to order Microsoft to keep its customers in the dark when the government seeks their email content or other private information, based solely on a “reason to believe” that disclosure might hinder an investigation. Nothing in the statute requires that the “reason to believe” be grounded in the facts of the particular investigation, and the statute contains no limit on the length of time such secrecy orders may be kept in place.

[...]

That antiquated law (passed decades before cloud computing existed) allows courts to impose prior restraints on speech about government conduct—the very core of expressive activity the First Amendment is intended to protect— even if other approaches could achieve the government’s objectives without burdening the right to speak freely. The statute sets no limits on the duration of secrecy orders, and it permits prior restraints any time a court has “reason to believe” adverse consequences would occur if the government were not allowed to operate in secret. Under the statute, the assessment of adverse consequences need not be based on the specific facts of the investigation, and the assessment is made only at the time the government applies for the secrecy order, with no obligation on the government to later justify continued restraints on speech even if circumstances change…

As the lawsuit points out, the outdated law isn't built to handle the reality of cloud computing. Unfortunately, law enforcement agencies like the FBI are perfectly willing to exploit the loopholes this mismatch provides. Rather than approach individuals under investigation and search their home or place of business (if that's where the communications are stored/originate) the government uses the ECPA to demand information from virtually unrelated parties like service providers, simply they provide cloud storage options.

The Fourth Amendment’s requirement that government engage only in “reasonable” searches necessarily includes a right for people to know when the government searches or seizes their property. See Wilson v. Arkansas, 514 U.S. 927, 934 (1995). For example, if the government comes into a person’s home to seize her letters from a desk drawer or computer hard drive, that person in almost all circumstances has the right to notice of the government’s intrusion. The same is true when the government executes a search of a business to seize emails from the business’s on-site server. But Section 2705(b) subjects Microsoft’s cloud customers to a different standard merely because of how they store their communications and data: the statute provides a mechanism for the government to search and seize customers’ private information without notice to the customer, based upon a constitutionally insufficient showing. In so doing, Section 2705(b) falls short of the intended reach of Fourth Amendment protections, which do not depend on the technological medium in which private “papers and effects” are stored.

It also points out how the government has used the law to treat physical searches and digital searches completely differently, thanks to the flaws in the legislation. While physical "sneak-and-peek" searches can be performed without notification of the target, the silence can only be maintained for 30-90 days. But if it goes after cloud backups, it can approach Microsoft and hit it with an indefinite demand for silence.

Considering how many ECPA reform false starts there have been over the years, Microsoft's demand -- if granted -- could render some of that effort moot. It could also help fill in some of the gaps created by the recent carve-outs that have allowed the bill to finally move out of committee.

For these reasons, Microsoft asks the Court to declare that Section 2705(b) is unconstitutional on its face.

To sum up using all the metaphors, this swing for the fences could kill several birds with one stone if the court finds in favor of Microsoft: ECPA will be hobbled badly and will no longer be the go-to justification for government gag orders and, if the gag orders themselves survive, they'll likely be limited to something less than "indefinitely" and be held to a higher level of scrutiny when they're issued.

Filed Under: ecpa, ecpa reform, email, gag orders, law enforcement, nsls
Companies: microsoft

Reddit's Warrant Canary On National Security Letters... Disappears

from the make-of-that-what-you-will dept

Well, here's something to speculate about. On Thursday, Reddit posted its latest transparency report concerning government requests for user information or content removal. This is the second such report, following its 2014 report. As one Reddit user quickly noted, the 2014 transparency report had something of a "warrant canary" concerning National Security Letters (NSLs): If you can't read that, it says:

As of January 29, 2015, reddit has never received a National Security Letter, an order under the Foreign Intelligence Surveillance Act, or any other classified request for user information. If we ever receive such a request, we would seek to let the public know it existed.

However, no such line is in the latest report. And, of course, that leads to plenty of speculation. Unfortunately, this tends to be the problem with non-standard warrant canaries. It might have disappeared due to a gag order around a NSL. Or it might have disappeared for other reasons. In fact, there is some argument that just posting such a warrant canary is not allowed under current law (which of course raises all sorts of First Amendment questions).

Reddit's CEO Steve Huffman responded in the comments in a manner that doesn't totally clear anything up at all:

Even with the canaries, we're treading a fine line. The whole thing is icky, which is why we joined Twitter in pushing back.

From there, he links to the amicus brief a bunch of internet companies filed in support of Twitter in its ongoing legal fight over the right to disclose surveillance requests. In that lawsuit, Twitter noted that the US government claimed that some information in its planned transparency report was "classified" and Twitter was not allowed to publish it.

In the amicus brief, which Reddit was a part of along with Automattic (Wordpress), CloudFlare, Wikimedia and more, it was pointed out that they're not even sure if it's legal to have that kind of warrant canary:

... this case poses a fundamental lingering question: to what extent do companies have a constitutional right to report truthful aggregate data about national security requests? Amici believe that there is no basis in law or policy for the government to prohibit recipients from disclosing the mere fact that they have or have not received a national security request, and from publishing an accurate, meaningful account of that statistic. And while the government has taken the position that it believes “[n]othing prevents a company from reporting that it has received no national security legal process at all,” ..., it remains unclear whether the First Amendment guarantees that disclosure, or whether a company that has received a national security request in the past could report zero for subsequent periods of time.

And thus, Reddit is now involved in a case over whether or not the very notion of a warrant canary itself is legal -- and that, alone, may be a reason why it chose not to include it this time around. And thus, we're still left with something of a guessing game. Of course, this is another reason why that lawsuit is so important. The level of transparency that platforms can provide to the public about how much governments (and the US government in particular) are demanding access to information is very, very important.

Filed Under: national security letters, nsls, transparency report, warrant canary
Companies: reddit

DOJ's New Restrictions On Surveilling Journalists Contain Exception For National Security Letters

from the super-secret-loopholes dept

In 2013, it was revealed the DOJ had added First Amendment-trampling to its always-cavalier treatment of the Fourth Amendment by gathering journalists' phone records. Under the guise of investigating leaks, the DOJ crossed over into totalitarian territory. Following the backlash, the DOJ "revised" its rules on surveilling the press.

How much revision actually took place is still a secret. The Freedom of the Press Foundation sued the DOJ last year for its refusal to release its secret rules on surveilling journalists. The DOJ released some documents but they were redacted into near-complete opacity, prompting the Foundation's FOIA litigation.

According to information obtained since the meeting between then-DOJ head Eric Holder and two of the targeted press entities (AP and Fox), limitations were placed on the agency's use of subpoenas to obtain information on journalists. But these new limits are mostly meaningless because they include a sizable loophole for the FBI's favorite paperwork. David McGraw at Just Security has more details.

The revised guidelines, released early in 2015, were intended to strengthen the protection afforded news gathering.

Fairly read, the revised guidelines do that — but even as the revisions were being hammered out in discussions between DOJ and representatives of the press, DOJ made clear that the guidelines would not apply to NSLs. It is a carve-out that cuts deeply.

It is not just that NSLs, typically used to obtain communication records from third parties, have none of the judicial oversight that attends to subpoenas. There is also the damaging impact of secrecy. An important element of the DOJ subpoena guidelines is providing news organizations with notice when their records are sought, subject to some specified exceptions. Notice gives an opportunity not only to make legal objections in court, but also to invite public scrutiny of government overreach.

The use of NSLs means everything is hidden and will remain so for years. Those targeted won't be informed of the government's actions until years later, if at all. The FBI has a long history of abusing NSLs, and there's no reason to believe the new guidelines the DOJ put in place will act as a deterrent towards future abuse.

NSLs operate in an accountability black hole thanks to their inherent secretive nature. The ongoing lawsuit against the DOJ has resulted in more released documents, but very little that details the use of NSLs for spying on journalists.

DOJ has said that the NSLs are “subject to an extensive oversight regime.” But it is impossible to know whether the kinds of procedures baked into the subpoena guidelines — for instance, a showing by the prosecutor of proven need and a lack of alternative ways of getting the information sought — are mirrored in NSL guidelines. If they are not, there is every incentive for investigators to look to NSLs and avoid the restrictions of the subpoena process. (In my experience, leak investigations overwhelmingly arise from reporting about national security, making them NSL-eligible.) But the classification of the NSL rules takes meaningful discussion of even such a threshold concern off the public agenda.

One of the few things that can be confirmed from the released documents is that the FBI believes the new guidelines have zero effect on National Security Letters. Beyond that, the DOJ has released nothing that would further clarify the rules put into place after its surveillance efforts were exposed. The Freedom of the Press Foundation has posted some of the documents it has liberated via litigation and they contain "useful" information like:


and:


Without further information, the released documents appear to show the FBI is issuing NSLs to obtain journalists' records. At the very least, they confirm the FBI will use NSLs to route around restrictions. And as long as it does that, the First and Fourth Amendment will just have to take a backseat to the national security concerns cited in documents no one will be able to examine for years to come.

Filed Under: doj, journalists, loopholes, national security letters, nsls, surveillance

Federal Court Finally Says That Gag Order On 11-Year-Old National Security Letter Should Be Lifted Already

from the big-win dept

Five years ago, we wrote about a pretty big victory against National Security Letters (NSLs), which the government has long used to get around the 4th Amendment, demanding information from companies, complete with a perpetual gag order. In 2007, an anonymous ISP owner fought back, speaking out against the whole gag order thing, but not even being able to say what ISP he was associated with, because of that gag order. In 2010, Nicholas Merrill, of Calyx Internet Access, was finally able to admit that he was the one fighting the gag order -- after reaching an agreement with the government (and that was after a number of trips back and forth between the district and appeals courts). Now, five years later, a federal court has finally ruled that the gag order, which was issued back in 2004, should be lifted, because the government has no "good reason" for keeping it in place and keeping the gag order would violate the First Amendment. You can read the redacted order here, which is an interesting read. Basically, a permanent gag order doesn't really fit with that whole First Amendment thing we have here in the US -- but the court prefers to focus on whether or not there's any reason to keep the order in place now.

There's a lot of procedural history here (which explains why it took this long for a ruling, but...). It turns out that in 2014, Merrill and the DOJ reached a further "agreement" that allowed Merrill to talk more about the NSL, but said he could still not discuss an attachment that explained what kinds of records the government sought. This latest part of the lawsuit is about that last remaining part of the gag order. And the court is not impressed by it at all.

Here, the Government has not demonstrated a good reason to expect that public disclosure of the parts of the Attachment that remain confidential would risk one of these enumerated harms; nor has the Government provided the Court with some basis to assure itself that the link between disclosure and risk of harm is substantial. The Government's justifications might constitute "good" reasons if the information contained in the Attachment that is still redacted were not, at least in substance even if not in the precise form, already disclosed by government divisions and agencies, and thus known to the public. Here, publicly-available government documents provide substantially similar information as that set forth in the Attachment. For that reason, the Court is not persuaded that it matters that these other documents were not disclosed by the FBI itself rather than by other government agencies, and that they would hold significant weight for a potential target of a national security investigation in ascertaining whether the FBI would gather such information through an NSL. The documents referred to were prepared and published by various government divisions discussing the FBI' s authority to issue NSLs, the types of materials the FBI seeks, and how to draft NSL requests.
<
Indeed, one of these documents is a publicly-available Department of Justice Office of Legal Education manual that provides a sample attachment that encapsulates much of the redacted-information in the Attachment here in dispute....

[....]

The Government contends that if the parts of the Attachment that remain secret are disclosed, potential targets could change their behavior to evade law enforcement. But those targets can already learn, based on publicly available infonnation, that the FBI could obtain such information through NSLs.

In the end, the court says the gag order makes no sense.

... the Court finds that the Government has not demonstrated a good reason to believe that potential targets of national security investigations will change their behavior to evade detection, or that disclosure of the Attachment in its entirety would create a substantial risk of one of the statutorily enumerated harms.

And then there's the whole First Amendment thing. The court notes that if it accepted the DOJ's arguments, the First Amendment would have an issue with that:

If the Court were to find instead that the Government has met its burden of showing a good reason for nondisclosure here, could Merrill ever overcome such a showing? Under the Government's reasoning, the Court sees only two such hypothetical circumstances in which Merrill could prevail: a world in which no threat of terrorism exists, or a world in which the FBI, acting on its own accord and its own time, decides to disclose the contents of the Attachment. Such a result implicates serious issues, both with respect to the First Amendment and accountability of the government to the people. As Judge Cardamone warned in his concurrence in Doe v. Gonzales, "a ban on speech and a shroud of secrecy in perpetuity are antithetical to democratic concepts and do not fit comfortably with the fundamental rights guaranteed American citizens," and such unending secrecy could "serve as a cover for possible official misconduct and/or incompetence."

But the court, unfortunately, refuses to take things one step further, in saying that the gag order itself violated his First Amendment rights. Instead, it focuses just one whether or not the government still has a "good reason" to keep the gag order in place. Saying that it no longer does, it says it has no need to address the more constitutional question of whether or not the gag order itself violated Merrill's rights.

Also, somewhat amusingly, because the court is ordering the DOJ to lift the gag order, but because it's technically still in place, you get some odd redactions in the ruling, where the government is pointing out why certain things should not be redacted... but they still are, likely because the gag order is still in place, even as the court has ordered it lifted. There are a lot of these kinds of examples, but here's a shorter one: And another longer one:
Oh, and then there's this glorious footnote: The court is not persuaded, but everything is blacked out anyway. Because that's how these things work. In fact, Merrill remains gagged for 90 days, and only after that can he actually reveal what the FBI asked for 11 years ago.

Filed Under: doj, fbi, first amendment, free speech, gag order, national security letters, nicholas merrill, nsl, nsls, redactions
Companies: calyx

Freedom Of The Press Foundation Sues DOJ Over Its Secret Rules For Spying On Journalists

from the a-little-transparency-please dept

The wonderful Freedom of the Press Foundation is now suing the US Justice Department for refusing to reveal its rules and procedures for spying on journalists. You can read the complaint here. The key issue: what rules and oversight exist for the DOJ when it comes to spying on journalists. As you may recall, a few years ago, it came out that the DOJ had been using some fairly sneaky tricks to spy on journalists, including falsely telling a court that reporter James Rosen was a "co-conspirator" in order to get access to his emails and phone records. In response to a lot of criticism, the DOJ agreed to "revise" its rules for when it snoops on journalists.

However, there was an important limitation on the "new" rules, as the NY Times noted at the time:

There is no change to how the F.B.I. may obtain reporters’ calling records via “national security letters,” which are exempt from the regular guidelines. A Justice spokesman said the device is 'subject to an extensive oversight regime.'

Extensive oversight regime, eh? The Freedom of the Press Foundation sought to find out just what kind of extensive oversight there really was -- and came up against a brick wall in the form of black redaction ink: That's from the DOJ's Inspector General report, concerning a situation where the FBI had used an NSL to access a journalist's communications inappropriately. As the Freedom of the Press Foundation notes, elsewhere in that same report, it appears that the FBI is actually ignoring recommendations of the Inspector General concerning these situations, despite the "First Amendment interests implicated." As the Foundation notes, the redactions here make the details entirely opaque, and the Inspector General's Office has made it clear that it disagreed with the redactions, saying that revealing the information behind that black ink "is important to the public's understanding of the FBI's compliance with NSL requirements." Given that the Foundation is now suing to find out those details. The lawsuit specifically requests that the DOJ reveal those documents in their entirety, which includes the "extensive regime, rules, guidelines, or infrastructure that oversees the issuance of NSLs or exigent letters to obtain records regarding a member of the media" as well as "the current procedures that FBI agents must undertake in advance of issuing a NSL or exigent letter to obtain records regarding any member of the media."

I'm going to go out on a limb here and say that the DOJ will reply, hysterically, that revealing this kind of information will put national security at risk and could reveal important law enforcement gathering techniques that will aid those out to harm us or some such crap. Perhaps they'll even toss in a request to dump the entire case for reasons of "national security." Just recognize that this is all busllshit. The request here is not for any details that are going to help any criminals get away with anything. All it is asking for is what process the FBI uses to make sure that it's not violating the First Amendment in spying on journalists. If that's something that needs to be kept secret, there can be only one reason: because the FBI is embarrassed by what it's doing in spying on journalists.

Filed Under: doj, fbi, first amendment, journalists, national security letters, nsls, surveillance
Companies: freedom of the press foundation

Let's Encrypt Releases Transparency Report -- All Zeroes Across The Board

from the now-let's-watch-if-anything-changes dept

We've talked a bit about the important security certificate effort being put together by EFF, Mozilla and others, called Let's Encrypt, which will offer free HTTPS security certificates, making it much easier to encrypt the web. They've been busy working on the project which is set to launch in a few months. But first... Let's Encrypt has released its first transparency report. Yes, that's right: before it's launched. As you might expect, there are a lot of zeros here: This is actually pretty important for a variety of reasons. First, it clearly acts as something of a warrant canary. And by posting this now, before launch and before there's even been a chance for the government to request information, Let's Encrypt is actually able to say "0." That may seem like a strange thing to say but, with other companies, the government has told them that they're not allowed to claim "0," but can only give ranges -- such as 0 to 999 if they separate out the specific government requests, or 0 to 249 if they lump together different kinds of government orders. Twitter has been fighting back against these kinds of rules, and others have argued that revealing an accurate number should be protected speech under the First Amendment.

Let's Encrypt is, smartly, getting this first report out there -- with all the zeroes -- before the government can swoop in and insist that it has to only display ranges. In other words, this is getting in before any gag order can stop this kind of thing. Smart move. It's also nice to see them break down all of the different possible types of orders, rather than lumping them into more general buckets. That's an important step that it would be nice to see others follow as well.

Filed Under: fisa orders, nsls, security certificates, surveillance, transparency, transparency report, warrant canary, warrants
Companies: let's encrypt

When The FISA Court Rejects A Surveillance Request, The FBI Just Issues A National Security Letter Instead

from the oversight! dept

We've talked quite a bit about National Security Letters (NSLs) and how the FBI/DOJ regularly abused them to get just about any information the government wanted with no oversight. As a form of an administrative subpoena -- with a built in gag-order -- NSLs are a great tool for the government to abuse the 4th Amendment. Recipients can't talk about them, and no court has to review/approve them. Yet they certainly look scary to most recipients who don't dare fight an NSL. That's part of the reason why at least one court found them unconstitutional.

At the same time, we've also been talking plenty about Section 215 of the PATRIOT Act, which allows the DOJ/FBI (often working for the NSA) to go to the FISA Court and get rubberstamped court orders demanding certain "business records." As Ed Snowden revealed, these records requests can be as broad as basically "all details on all calls." But, since the FISA Court reviewed it, people insist it's legal. And, of course, the FISA Court has the reputation as a rubberstamp for a reason -- it almost never turns down a request.

However, in the rare instances where it does, apparently, the DOJ doesn't really care, knowing that it can just issue an NSL instead and get the same information. At least that appears to be what the DOJ quietly admitted to doing in a now declassified Inspector General's report from 2008. EFF lawyer Nate Cardozo was going through and spotted this troubling bit: If you can't read it, it says:

We considered the Section 215 request for [REDACTED] discussed earlier in this report at pages 33 to 34 to be a noteworthy item. In this case, the FISA Court had twice declined to approve a Section 215 application based on First Amendment Concerns. However, the FBI subsequently issued NSLs for information [REDACTED] even though the statute authorizing the NSLs contained the same First Amendment restriction as Section 215 and the ECs authorizing the NSLs relied on the same facts contained in the Section 215 applicants...

In other words, the FBI had a neat way to get around a rare FISA Court rejection: just issue an NSL and ignore the First Amendment concerns.

Apparently, to some, whatever weak "oversight" there is from the FISA Court really just means "find another door in to violate the same Constitutional issues."

Filed Under: doj, fbi, national security letters, nsa, nsls, section 215, surveillance