• United States



Judge strips redactions from NSL, showing info FBI gets without a warrant

Dec 01, 20154 mins
Data and Information SecuritySecurity

Unredacted NSL shows info FBI gets without a warrant: purchase and web browsing history, IP addresses of people who communicate with targets, and more.

A federal judge lifted an 11-year gag order the FBI had imposed on Nicholas Merrill and removed redactions of a National Security Letter (NSL) so Americans can see the overly broad “types of electronic communications transaction records” that the FBI has sought and continues to seek through NSLs.

The FBI served the NSL back in 2004 when Nicholas Merrill owned and operated Calyx Internet Access, a small ISP with about 200 customers. After the judge found in favor of Merrill and not the government, Merrill said, “For more than a decade, the FBI has fought tooth and nail in order to prevent me from speaking freely about the NSL I received. Judge Marrero’s decision vindicates the public’s right to know how the FBI uses warrantless surveillance to peer into our digital lives. I hope today’s victory will finally allow Americans to engage in an informed debate about proper the scope [sic] of the government’s warrantless surveillance powers.”

Below are ACLU-supplied copies of the NSL in various states of redaction.

This is the “meat” of the unredacted NSL (pdf) served by the FBI in 2004, showing the broad amount of information the FBI could obtain from an ISP 11 years ago without a warrant. That includes IP addresses of people with whom a target has corresponded, records of online purchases and addresses where the merchandise was shipped, complete web browsing history, the target’s online aliases associated with an ISP account, and more.

U.S. District Judge Victor Marrero ruled (pdf) that the government “had not satisfied its burden of demonstrating a ‘good reason’ to expect that disclosure of the NSL attachment in its entirety will risk an enumerated harm.”

Merrill, according to the court document, claimed the gag order was a “permanent or effectively permanent ban on speech” guaranteed by the First Amendment.

Judge Marrero pointed out that the publicly available DOJ’s Legal Education manual included a sample attachment with basically the same information which was redacted in the NSL. A letter from the Deputy Attorney General with even more specific information was included as an appendix in the 2003 Senate Report. Therefore, since the information has been public the whole time, the judge did not agree with the government’s “substantial risk” argument that an unredacted NSL would cause “future targets of investigations to change their behavior to evade law enforcement.”

Judge Marrero found other redactions in the NSL to be “even harder to justify,” such as the alleged risk of “enumerated harm” if the public were to learn that the FBI uses NSLs to get both day and evening phone numbers. The judge also added other examples of the government’s “extreme and overly broad” redactions.

Regarding the redacted portions of the NSL demanding addresses and telephone numbers, Judge Marrero wrote that even a “dim-witted” potential target of an investigation could figure out that the redacted letter “s” on a telephone number would indicate “numbers.” He added that some of the redactions “defy common sense.”

Furthermore, Judge Marrero pointed out that the FBI wants to keep some information redacted even though it publicly said it no longer uses NSLs to obtain specific information, such as “radius log information, which is cell-tower based phone tracking information.”

“It strains credulity that future targets of other investigations would change their behavior in light of the currently-redacted information, when those targets (which, according to the Government, include ‘sophisticated foreign adversaries’) have access to much of this same information from other government divisions and agencies,” wrote Judge Marrero. The government was also wrong to consider the information in the NSL to be “classified information.”

If the government had shown a “good reason” to keep the NSL redacted, the judge asked if Merrill could ever overcome it. He added:

“Under the Government’s reasoning, the Court sees only two such hypothetical circumstances in which Merrill could prevail: a world in which no threat of terrorism exists, or a world in which the FBI, acting on its own accord and its own time, decides to disclose the contents of the Attachment. Such a result implicated serious issues, both with respect to the First Amendment and accountability of the government to the people.”

11 years is long time in terms of life, as well as technology. Other than the FBI no longer using NSLs to nab cell-tower-based phone tracking records, there’s no telling what else has changed in NSLs. As ACLU Policy Counsel Michael German, formerly an FBI special agent for 16 years, pointed out in 2007, The DOJ’s Inspector General had identified “numerous FBI abuses and misuses of their NSL authority;” that includes permanently keeping all the records obtained via NSLs as well as sharing those records with other government agencies.

ms smith

Ms. Smith (not her real name) is a freelance writer and programmer with a special and somewhat personal interest in IT privacy and security issues. She focuses on the unique challenges of maintaining privacy and security, both for individuals and enterprises. She has worked as a journalist and has also penned many technical papers and guides covering various technologies. Smith is herself a self-described privacy and security freak.