It seems like just yesterday the FBI was taking legal action to force Apple to unlock the San Bernardino terrorist’s iPhone. Ultimately, in the case, the FBI found a way to unlock the phone and no longer needed Apple’s help. But, as a previous blog by Rhian Mayhew pointed out, although the “tension between the FBI and Apple is halted [the] tension between national security and privacy will persist.”
Just a few months after the FBI’s request to Apple, Yahoo announced that the FBI had sent the tech company three National Security Letters (“NSLs”), which are “controversial government demands for information usually accompanied by a gag order and rarely made public.” While these NSLs, which are authorized by Executive Order 12333, can be seemingly innocuous and “limited to the name, address and length of service,” they can “also ask for ‘electronic communications transactional records’ associated with the account . . . [which] can include the IP addresses from which the service was accessed” among other things. Critics of NSLs claim that they are “a strikingly broad tool operating with little transparency or oversight.” Unfortunately for these critics, there has been legislation proposed to further the reach of NSLs to include “senders and receipts of emails, some information about websites a person visits and social media log-in data.” However, “[t]he legislation failed amid opposition from some major technology companies and civil liberties advocates, but lawmakers have said they intend to pursue the expansion again.”
Shortly after Yahoo’s announcement, Google came forward, in December 2016, and published eight NSLs it had received from the government. Google declared that it would “remain vigilant in opposing legislation that would significantly expand the universe of information that can be obtained with an NSL.”
Now, just over a month after Google’s announcement, Twitter, who is currently suing the government over the transparency of NSLs, has disclosed two “warrantless surveillance” NSL requests which “appear to go beyond the scope of existing legal guidance in seeking certain kinds of internet records.” In Twitter’s case, the government requested the aforementioned “electronic communication transaction records, which can include some email header data and browsing history, among other information.”
Although “a 2008 Justice Department legal memo . . . concluded that [NSLs] should be constrained to phone billing records,” in practice it the NSLs are going far beyond that and intruding on the privacy of users, exceeding what is allowed.
This sentiment is echoed by Andrew Crocker, a staff attorney at the Electronic Frontier Foundation, who believes “This [to be] an ongoing practice [that] is significantly beyond the scope of what is intended.” Twitter’s associate general counsel Elizabeth Banker noted that although the government requested “a large amount of data, Twitter [only] provide[d] a very limit set of data.”
The national security interest in each case varies, but the risk to user privacy remains constant. In the San Bernardino case the national security interest was high and the public was aware of what the FBI stood to gain, but Apple realized the risk to privacy and stood tall to protect users from harmful precedent. With NSLs, the national security interest, for better or worse, is known only to the FBI, but the risk of harmful precedent to everyday tech users remains. Users will have to keep an eye on Twitter’s legal battle (Twitter v. Lynch) to see if the fight for increased transparency regarding NSLs will prove successful. Hopefully the tech industry and the FBI can find a mutually beneficial middle ground that both protects privacy and ensures national security.