In a post today, Google published a series of eight National Security Letters, in which the Federal Bureau of Investigation secretly requested subscriber information on specific accounts. The letters range from 2010 to 2015, but follow a nearly identical format, identifying a number of accounts and sometimes a specific time frame but providing no evidence or suspicion to justify the request.
Google was legally prohibited from disclosing the requests when they were first issued, but that prohibition has since been lifted. The letter lifting each so-called “gag order” is also included in the post. Google first acknowledged the declassification in a transparency report earlier this year, updating the range of “NSLs received” from 0-499 to 1-499.
“we will remain vigilant.”
In most cases, the FBI’s request is limited to the name, address and length of service for the given account, although two of the letters also ask for “electronic communications transactional records” associated with the account. That category of records, which was the subject of some debate in 2010, can include the IP addresses from which the service was accessed, although it does not include the content of emails. All eight of the orders were justified under Executive Order 12333, a controversial Reagan-era decree that is used to authorize a significant amount of domestic web surveillance.
Today’s post from Google is part of a wave of recently declassified data requests, In keeping the USA Freedom Act’s new classification guidelines, the Department of Justice has undertaken a broad review of the classification status of existing National Security Letters, which has resulted in a number of newly public data requests. In Google’s case, each of the published letters was declassified in the last six months.
The Internet Archive published its own National Security Letter earlier this month, although the result was heavily redacted.
While these eight requests are now public, it’s unlikely they constitute all of the National Security Letters that Google has received, and many other requests may still be under gag order. Google’s transparency report makes it clear the company has never received more than 500 such letters in a six-month period, but Google is still legally prohibited from saying more than that.
“While we are encouraged by this development,” Google’s Richard Salgado wrote in the post, “we will remain vigilant in opposing legislation that would significantly expand the universe of information that can be obtained with an NSL.”