An Internet Service Provider (ISP) has finally been given permission to reveal that he was the recipient of an National Security Letter (NSL) from the Federal Bureau of Investigation (FBI) six years ago, demanding information about his clients.
Nicholas Merrill, president of the New York ISP Calyx, still can't say on what specific date in February, 2004, he received the letter, nor the target of it from among his more than 200 clients, but he is now able to talk about the lawsuit that the American Civil Liberties Union (ACLU) filed on his behalf. He told Democracy Now! - incidentally, one of his clients - that his other clients included "household names" such as Ikea, Snapple Iced Tea, and Mitsubishi Motors, as well as nonprofit and nongovernmental organizations such as the New York Civil Liberties Union.
The letter requested that Merrill provide 16 categories of "electronic communication transactional records," including e-mail address, account number and billing information, plus several other categories redacted by the FBI, according to an article in the Washington Post.
"National security letters are a little-known FBI tool originally used in foreign intelligence surveillance to obtain phone, financial, and electronic records without court approval," reported Mother Jones. "Rarely employed until 2001, they exploded in number after the Patriot Act drastically eased restrictions on their use, allowing NSLs to be served by FBI agents on anyone -- whether or not they were the subject of a criminal investigation. In 2000, 8,500 NSLs were issued; by contrast, between 2003 and 2005 the FBI issued more than 143,000 NSLs, only one of which led to a conviction in a terrorism case." An investigation in 2007 revealed that the FBI had broken regulations governing NSLs in more than 1,000 cases, Mother Jones continued, including failing to get proper authorization, making improper requests under the law, shoddy record keeping, and unauthorized collection of telephone or email records.
Part of the NSL that Merrill received specified that he couldn't tell anyone he had received one, at the risk of being jailed for five years; he wasn't even sure whether he was legally allowed to talk to an attorney, an issue that raised troubling civil liberties concerns.
"One of the things that leapt out at me about this letter was that it was not signed by a judge," Merrill added in the Democracy Now! Interview. "It was signed by someone from the FBI. You know, it seemed to me that that undercuts the whole system of checks and balances that we have, and I didn't believe it was legal."
The timeline of the case is as follows, according to an article in Raw Story:
- In September 2004, a federal district court ruled that the NSL statute as it stood was unconstitutional, which forced Congress to amend the law so that a recipient could challenge both the demand to hand over records and the gag order. The FBI dropped its demand that Merrill provide the records, but he was still bound by the gag order.
- In 2007, Merrill received an award from the ACLU for his actions - which, ironically, due to the gag order, he was not able to accept publicly.
- In 2008, an appeals court held that, even as amended, the national security letter provisions violated the First Amendment and that the FBI would have to justify any gag order that was challenged by proving to a court that disclosure would harm national security.
- In 2009, the federal government provided the court with secret evidence supporting the gag order on Merrill but refused to allow him or his lawyers to see it. Since then, the ACLU worked at negotiating a settlement that allows Merrill to identify himself as long as he does not reveal the contents of the letter.
- On July 30, a judge finally lifted the gag order.
"Internet users do not give up their privacy rights when they log on, and the FBI should not have the power to secretly demand that ISPs turn over constitutionally protected information about their users without a court order," Merrill said in an ACLU press release. "I hope my successful challenge to the FBI's NSL gag power will empower others who may have received NSLs to speak out."
"As an Internet provider or a systems administrator or a telephone technician, you have a lot of information that paints a really vivid picture about people's personal, private lives and communications," Merrill told Democracy Now! "And I believe that comes with a great degree of responsibility, that you're essentially a steward of people's personal and private matters, papers. So it seemed to me it was a moral obligation I had to protect the privacy of my clients."
And it may not be over: In July, the Obama administration proposed to expand the statute to allow the FBI to get Americans' Internet activity records without court approval or even suspicion of wrongdoing, according to the ACLU. "The administration wants to add just four words -- "electronic communication transactional records" -- to a list of items that the law says the FBI may demand without a judge's approval," reported the Washington Post. "Government lawyers say this category of information includes the addresses to which an Internet user sends e-mail; the times and dates e-mail was sent and received; and possibly a user's browser history. It does not include, the lawyers hasten to point out, the "content" of e-mail or other Internet communication." However, just the information the government has requested could allow investigators to perform traffic analysis.