Google's bi-annual Transparency Reports have sought to provide users with detailed information on how frequently governments request and gain access to their private data through search warrants and court subpoenas. But there's one highly secretive, often misused, and increasingly common method that members of law enforcement use to get data which has never been included in the reports: the National Security Letter, or NSL.
The FBI claims that "releasing exact numbers might reveal information about investigations."
In an update on Google's blog today, the company revealed it will begin "shedding more light" on the frequency of these secret subpoenas, which require no judge's approval or probable cause for suspicion and come with gag orders preventing recipient third parties from informing the users being targeted. But the new estimates being shown on Google's reports are so vague that they are almost useless.
After negotiating with law enforcement, Google only managed to convince the US government to let the company reveal the number of NSLs it receives in intervals of 1,000. As a result, the most accurate picture we're being allowed to see shows the number of NSLs hovering wildly between zero and 1,000 for each year between 2009 and 2012. The estimates for number of accounts targeted aren't much clearer, showing a peak range of 2,000 to 2,999 in 2010, and a range of 1,000 to 1,999 for the others. The numbers are intentionally vague: Google says it can not offer anything more accurate because the FBI, the Justice Department, and others claim that "releasing exact numbers might reveal information about investigations."
National Security Letters have contributed to an unprecedented surveillance of American citizens
But even beyond Google, the use of National Security Letters has contributed to an unprecedented surveillance of American citizens. Between 2003 and 2006, the FBI issued a total of 192,499 Letters, with the Justice Department reporting 16,511 in 2011 alone. An internal investigation led by the FBI's inspector general in 2007 documented widespread misuse and mishandling of NSLs, including more than 700 cases where they ignored the law entirely. Legislation to reform the outdated Electronic Communications Privacy Act of 1986, which fails to protect data held on third party servers from government intrusion, has repeatedly stalled in Congress. And in the courts, almost every attempt to challenge the constitutionality of NSLs has been shut down after the Justice Department invoked the government's "sovereign immunity" from lawsuits on national security matters.
One of those cases involves Nicolas Merrill, the owner of a small ISP called Calyx, who after a successful appeal in 2010 became one of the only people affected by a National Security Letter that has been allowed to speak about it. "I feel like if I was able to tell you right now who the target of the letter was and what kind of information was being sought," he told the Wall Street Journal last year, "you would be appalled." Merrill's challenge struck down one of the NSL statutes in court, but the case is currently pending appeal.