Google today became the first Internet company to shed light on a highly secret — and controversial — warrantless electronic data-gathering technique used by the FBI.
The technique allows FBI officials to send a secret request to Web and telecommunications companies requesting “name, address, length of service,” and other information about users as long as it’s relevant to a national security investigation. No court approval is necessary, and disclosing the existence of the FBI’s request is not permitted.
Because of that legal prohibition, Google was able to disclose only the numerical ranges of requests it receives per year. Today’s addition to the company’s Transparency Report says that the company received somewhere between zero and 999 requests from the FBI seeking data on its users, targeting a total of between 1,000 and 1,999 accounts last year.
“The FBI has the authority to prohibit companies from talking about these requests,” Richard Salgado, Google’s legal director for law enforcement and information security who’s a former Justice Department attorney, said in a blog post. “But we’ve been trying to find a way to provide more information about the NSLs we get — particularly as people have voiced concerns about the increase in their use since 9/11.”
An FBI spokesman declined to comment to CNET on Google’s publication of the NSL ranges.
While the FBI’s authority to levy the requests, called national security letters, or NSLs, predates the Patriot Act, it was that 2001 law that dramatically expanded NSLs by broadening their use beyond espionage-related investigations. The Patriot Act also authorized FBI officials across the country, instead of only in the bureau’s Washington, D.C., headquarters, to send NSLs. (NSLs also permit warrantless access to records held by financial institutions, credit agencies, and travel agencies.)
A 2007 report by the Justice Department’s inspector general found “serious misuse” of NSLs, and FBI director Robert Mueller responded by pledging stricter internal controls. Mueller has called the investigative technique invaluable.
When Nicholas Merrill, who ran an Internet provider, challenged the gag orders as unconstitutional, a federal judge in New York ruled the secrecy demands were an “unconstitutional prior restraint of speech in violation of the First Amendment.” Congress responded by allowing recipients to challenge NSLs in court. The Internet Archive subsequently fended off an FBI NSL request for “any electronic communication transactional records” with the help of the ACLU and the Electronic Frontier Foundation.
The inspector general’s report (PDF) found that the FBI made 50,000 NSL requests in 2006, which provides only a partial glimpse of how the data-gathering power is used: one NSL could request a very large set of files, for instance.
Google says its interpretation of the law — other companies may view it differently — means the FBI cannot use an NSL to “obtain anything else from Google, such as Gmail content, search queries, YouTube videos or user IP addresses.” The NSL (PDF) sent to Merrill, however, is broader and asks for “electronic communication transactional records,” a phrase that seems to sweep in Internet addresses and e-mail and Web browsing logs.
Google said its statistics on NSL requests would be updated annually.
“It would be great if this starts a trend in terms of other companies releasing this information,” says Michelle Richardson, ACLU legislative counsel. “That would be fantastic.”