FBI's Spy Tool Details Exposed After Gag Order Is Lifted
Following an 11-year battle, Nicholas Merrill finally gets to publicly talk about the FBI's National Security Letter, which demanded he hand over a wide swath of private information about one of his ISP customers.
8 iPhone Security Apps To Keep Your Data Safe
8 iPhone Security Apps To Keep Your Data Safe (Click image for larger view and slideshow.)
Nicholas Merrill, founder of a small ISP, disclosed publicly on Monday how broadly the FBI has secretly issued National Security Letters (NSLs) that allow the collecting of data about US citizens without a warrant or judicial oversight.
Merrill's disclosure -- which follows an 11-year legal battle -- is made even more chilling when one considers that an NSL almost always comes with a built-in gag order. This order prevents the recipient from disclosing the letter to its target, or to the public.
That unrestrained gagging was central to the decision by a federal district court to invalidate the gag order in full.
U.S. District Judge Victor Marrero on Aug. 28 found that "the non-disclosure requirement enforced against him [Merrill] was overly broad and could not be supported by a 'good reason.' "
[Read The NSA, Surveillance, And What CIOs Need To Know.]
There was a stay on the order for 90 days to allow for an appeal. Since there was none, as of this week, Merrill is free to speak about the case.
He told Reuters that Judge Marrero's ruling is significant "because the public deserves to know how the government is gathering information without warrants on Americans who are not even suspected of a crime."
The NSL became part of the USA Patriot Act in the wake of the Sept. 11, 2001 terror attacks. According to a Justice Department inspector general report, the FBI issued 143,074 NSLs between 2003 and 2005. Merrill's case marks the first time an NSL gag order has been lifted in full, according to a Yale Law School blog post.
"For more than a decade, the government has refused to allow Mr. Merrill and other NSL recipients to tell the public just how broadly the FBI has interpreted its authority to surveil individuals' digital lives in secret using NSLs," the blog noted.
Merrill's legal journey began in 2004 when the FBI issued him an NSL targeting one of the customers of his ISP, Calyx Internet Access, in New York. The FBI subsequently dropped the demands, but Merrill fought the gag order attached to the NSL.
"The FBI has interpreted its NSL authority to encompass the websites we read, the Web searches we conduct, the people we contact, and the places we go. This kind of data reveals the most intimate details of our lives, including our political activities, religious affiliations, private relationships, and even our private thoughts and beliefs," Merrill told Ars Technica.
According to court documents, the FBI was asking for:
DSL account information
Radius log
Subscriber name and related subscriber information Account number
Date the account opened or closed
Addresses associated with the account
Subscriber day/evening telephone numbers
Screen names or other on-line names associated with the account
Order forms
Records relating to merchandise orders/shipping information for the last 180 days
All billing related to account
Internet service provider (ISP)
All e-mail addresses associated with account
Internet Protocol (IP) address assigned to the account
All website information registered to the account
Uniform Resource Locator (URL) address assigned to the account
Any other information which you consider to be an electronic communication transactional record
In 2007, Merrill wrote an anonymous op-ed piece for the Washington Post in which he accused the FBI of withholding documents. "The inspector general's report confirms that Congress lacked a complete picture of the problem during a critical time [re-authorization of the Patriot Act]: Even though the NSL statute requires the director of the FBI to fully inform members of the House and Senate about all requests issued under the statute, the FBI significantly underrepresented the number of NSL requests in 2003, 2004 and 2005, according to the report," he wrote.
President Obama's Intelligence Review Group in 2013 noted that there are about 60 NSLs issued per day.
NSLs are routinely sent to major tech firms such as Facebook and Microsoft.
Perhaps sensing that the tide is turning against the government, President Obama told the Justice Department to amend the gag order in January 2014 so that it is not permanent.
**New deadline of Dec. 18, 2015** Be a part of the prestigious InformationWeek Elite 100! Time is running out to submit your company's application by Dec. 18, 2015. Go to our 2016 registration page: InformationWeek's Elite 100 list for 2016.
About the Author
You May Also Like
2024 InformationWeek US IT Salary Report
May 29, 20242022 State of ITOps and SecOps
Jun 21, 2022