An Internet Service Provider (ISP) has finally been given permission to reveal that he was the recipient of an National Security Letter (NSL) from the Federal Bureau of Investigation (FBI) six years ago, demanding information about his clients.
Nicholas Merrill, president of the New York ISP Calyx, still can’t say on what specific date in February, 2004, he received the letter, nor the target of it from among his more than 200 clients, but he is now able to talk about the lawsuit that the American Civil Liberties Union (ACLU) filed on his behalf. He told Democracy Now! – incidentally, one of his clients – that his other clients included “household names” such as Ikea, Snapple Iced Tea, and Mitsubishi Motors, as well as nonprofit and nongovernmental organizations such as the New York Civil Liberties Union.
The letter requested that Merrill provide 16 categories of "electronic communication transactional records," including e-mail address, account number and billing information, plus several other categories redacted by the FBI, according to an article in the Washington Post.
"National security letters are a little-known FBI tool originally used in foreign intelligence surveillance to obtain phone, financial, and electronic records without court approval,” reported Mother Jones. “Rarely employed until 2001, they exploded in number after the Patriot Act drastically eased restrictions on their use, allowing NSLs to be served by FBI agents on anyone -- whether or not they were the subject of a criminal investigation. In 2000, 8,500 NSLs were issued; by contrast, between 2003 and 2005 the FBI issued more than 143,000 NSLs, only one of which led to a conviction in a terrorism case." An investigation in 2007 revealed that the FBI had broken regulations governing NSLs in more than 1,000 cases, Mother Jones continued, including failing to get proper authorization, making improper requests under the law, shoddy record keeping, and unauthorized collection of telephone or email records.
Part of the NSL that Merrill received specified that he couldn’t tell anyone he had received one, at the risk of being jailed for five years; he wasn’t even sure whether he was legally allowed to talk to an attorney, an issue that raised troubling civil liberties concerns.
“One of the things that leapt out at me about this letter was that it was not signed by a judge,” Merrill added in the Democracy Now! Interview. “It was signed by someone from the FBI. You know, it seemed to me that that undercuts the whole system of checks and balances that we have, and I didn’t believe it was legal.”
The timeline of the case is as follows, according to an article in Raw Story:
In September 2004, a federal district court ruled that the NSL statute as it stood was unconstitutional, which forced Congress to amend the law so that a recipient could challenge both the demand to hand over records and the gag order. The FBI dropped its demand that Merrill provide the records, but he was still bound by the gag order.
In 2007, Merrill received an award from the ACLU for his actions – which, ironically, due to the gag order, he was not able to accept publicly.
In 2008, an appeals court held that, even as amended, the national security letter provisions violated the First Amendment and that the FBI would have to justify any gag order that was challenged by proving to a court that disclosure would harm national security.
In 2009, the federal government provided the court with secret evidence supporting the gag order on Merrill but refused to allow him or his lawyers to see it. Since then, the ACLU worked at negotiating a settlement that allows Merrill to identify himself as long as he does not reveal the contents of the letter.
On July 30, a judge finally lifted the gag order.
"Internet users do not give up their privacy rights when they log on, and the FBI should not have the power to secretly demand that ISPs turn over constitutionally protected information about their users without a court order,” Merrill said in an ACLU press release. “I hope my successful challenge to the FBI's NSL gag power will empower others who may have received NSLs to speak out."
“As an Internet provider or a systems administrator or a telephone technician, you have a lot of information that paints a really vivid picture about people’s personal, private lives and communications,” Merrill told Democracy Now! “And I believe that comes with a great degree of responsibility, that you’re essentially a steward of people’s personal and private matters, papers. So it seemed to me it was a moral obligation I had to protect the privacy of my clients.”
And it may not be over: In July, the Obama administration proposed to expand the statute to allow the FBI to get Americans' Internet activity records without court approval or even suspicion of wrongdoing, according to the ACLU. “The administration wants to add just four words -- "electronic communication transactional records" -- to a list of items that the law says the FBI may demand without a judge's approval,” reported the Washington Post. “Government lawyers say this category of information includes the addresses to which an Internet user sends e-mail; the times and dates e-mail was sent and received; and possibly a user's browser history. It does not include, the lawyers hasten to point out, the "content" of e-mail or other Internet communication.” However, just the information the government has requested could allow investigators to perform traffic analysis.
Well, great for not releasing the Docs. I tell you something that is really scary. Around 2000, I hacked into NASA. The Virginia Consortium of Engineering and Science,Langley Research Center, With apparently sensitive data being held within the computers compromised. They threatened me with every thing under the sun including charging me with breaching national security (which carries the federal maximum for one charge of a life sentence of 60 years that includes no parole and extremely minimalistic good time. I was 18 years old, and heavily into programming. Also, nothing that I did was proved to harm any system or compromise any sensitive data or even disrupt normal usage of the system. They did every thing from offer me a job to trying to scare the life out of me to find out information about the people I associated with online. Eventually, I went to court and won out with a sentence of probation (which resulted in a violation of probation and some time in a federal correctional institution) for 5 years. They took, while on probation, my right to operate any form of computer or phone with computing capabilities and at one point had included electronic typewriters for fear it may be turned into some sort of device that could access the internet. I wasn't allowed to have cable television because I may somehow trick the signal into believing it was an internet provider. I never revealed to them information about friends or associates from any online activity even though they used a great deal of influence and pressure to attempt making me comply with their requests. First time that I've ever heard of a National Security Letter, but lets just say that this type of bullying and fear tactic psychological abuse has been the acceptable policy for a while now.