FBI's Spy Tool Details Exposed After Gag Order Is Lifted - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Government
Commentary
12/2/2015
08:06 AM
Larry Loeb
Larry Loeb
Commentary
50%
50%

FBI's Spy Tool Details Exposed After Gag Order Is Lifted

Following an 11-year battle, Nicholas Merrill finally gets to publicly talk about the FBI's National Security Letter, which demanded he hand over a wide swath of private information about one of his ISP customers.

8 iPhone Security Apps To Keep Your Data Safe
8 iPhone Security Apps To Keep Your Data Safe
(Click image for larger view and slideshow.)

Nicholas Merrill, founder of a small ISP, disclosed publicly on Monday how broadly the FBI has secretly issued National Security Letters (NSLs) that allow the collecting of data about US citizens without a warrant or judicial oversight.

Merrill's disclosure -- which follows an 11-year legal battle -- is made even more chilling when one considers that an NSL almost always comes with a built-in gag order. This order prevents the recipient from disclosing the letter to its target, or to the public.

That unrestrained gagging was central to the decision by a federal district court to invalidate the gag order in full.

U.S. District Judge Victor Marrero on Aug. 28 found that "the non-disclosure requirement enforced against him [Merrill] was overly broad and could not be supported by a 'good reason.' "

[Read The NSA, Surveillance, And What CIOs Need To Know.]

There was a stay on the order for 90 days to allow for an appeal. Since there was none, as of this week, Merrill is free to speak about the case.

He told Reuters that Judge Marrero's ruling is significant "because the public deserves to know how the government is gathering information without warrants on Americans who are not even suspected of a crime."

(Image: nikauforest/iStockphoto)

(Image: nikauforest/iStockphoto)

The NSL became part of the USA Patriot Act in the wake of the Sept. 11, 2001 terror attacks. According to a Justice Department inspector general report, the FBI issued 143,074 NSLs between 2003 and 2005. Merrill's case marks the first time an NSL gag order has been lifted in full, according to a Yale Law School blog post.

"For more than a decade, the government has refused to allow Mr. Merrill and other NSL recipients to tell the public just how broadly the FBI has interpreted its authority to surveil individuals' digital lives in secret using NSLs," the blog noted. 

Merrill's legal journey began in 2004 when the FBI issued him an NSL targeting one of the customers of his ISP, Calyx Internet Access, in New York. The FBI subsequently dropped the demands, but Merrill fought the gag order attached to the NSL.

"The FBI has interpreted its NSL authority to encompass the websites we read, the Web searches we conduct, the people we contact, and the places we go. This kind of data reveals the most intimate details of our lives, including our political activities, religious affiliations, private relationships, and even our private thoughts and beliefs," Merrill told Ars Technica

According to court documents, the FBI was asking for:

  • DSL account information
  • Radius log
  • Subscriber name and related subscriber information Account number
  • Date the account opened or closed
  • Addresses associated with the account
  • Subscriber day/evening telephone numbers
  • Screen names or other on-line names associated with the account
  • Order forms
  • Records relating to merchandise orders/shipping information for the last 180 days
  • All billing related to account
  • Internet service provider (ISP)
  • All e-mail addresses associated with account
  • Internet Protocol (IP) address assigned to the account
  • All website information registered to the account
  • Uniform Resource Locator (URL) address assigned to the account
  • Any other information which you consider to be an electronic communication transactional record

In 2007, Merrill wrote an anonymous op-ed piece for the Washington Post in which he accused the FBI of withholding documents. "The inspector general's report confirms that Congress lacked a complete picture of the problem during a critical time [re-authorization of the Patriot Act]: Even though the NSL statute requires the director of the FBI to fully inform members of the House and Senate about all requests issued under the statute, the FBI significantly underrepresented the number of NSL requests in 2003, 2004 and 2005, according to the report," he wrote.

President Obama's Intelligence Review Group in 2013 noted that there are about 60 NSLs issued per day.

NSLs are routinely sent to major tech firms such as Facebook and Microsoft.

Perhaps sensing that the tide is turning against the government, President Obama told the Justice Department to amend the gag order in January 2014 so that it is not permanent.

**New deadline of Dec. 18, 2015** Be a part of the prestigious InformationWeek Elite 100! Time is running out to submit your company's application by Dec. 18, 2015. Go to our 2016 registration page: InformationWeek's Elite 100 list for 2016.

Larry Loeb has written for many of the last century's major "dead tree" computer magazines, having been, among other things, a consulting editor for BYTE magazine and senior editor for the launch of WebWeek. He has written a book on the Secure Electronic Transaction Internet ... View Full Bio
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
larryloeb
50%
50%
larryloeb,
User Rank: Author
12/2/2015 | 9:06:20 AM
Re: spying
Well, there is a mindset that was very popular during the FirstColdWar that said "If you knew what we know, you would agree with what we do."

It's come back.  This time its all about "terrorism", scaring Moms that think anyone who is not the same as they are are coming to behead them.

The FBI doesn't want you to know what one case officer can get on you without a warrant or oversight..
Ariella
50%
50%
Ariella,
User Rank: Author
12/2/2015 | 8:55:29 AM
spying
"the public deserves to know how the government is gathering information without warrants on Americans who are not even suspected of a crime." Agreed. We demand that much from our apps, which we choose to install. Certainly, we're entitled to know what kind of information is collected.
Slideshows
What Digital Transformation Is (And Isn't)
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/4/2019
Commentary
Watch Out for New Barriers to Faster Software Development
Lisa Morgan, Freelance Writer,  12/3/2019
Commentary
If DevOps Is So Awesome, Why Is Your Initiative Failing?
Guest Commentary, Guest Commentary,  12/2/2019
White Papers
Register for InformationWeek Newsletters
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
Video
Current Issue
Getting Started With Emerging Technologies
Looking to help your enterprise IT team ease the stress of putting new/emerging technologies such as AI, machine learning and IoT to work for their organizations? There are a few ways to get off on the right foot. In this report we share some expert advice on how to approach some of these seemingly daunting tech challenges.
Slideshows
Flash Poll