According to a recent transparency report by the Office of the Director of National Intelligence, the FBI issued less National Security Letters this year than last year by a 5% margin. National Security Letters (NSL) fall into a semi-shady area of law enforcement—partially because of the lack of oversight surrounding them. Additionally, the NSLs come with a gag order, more times than not. This places companies in an awkward position as the letters function as secret warrants, despite their lack of complete authority compared to an actual warrant. The company, if issued a gag order along with the NSL, can face serious legal consequences if even a word of the letter slips out.
Companies prefer not to violate their user’s trust but certainly don’t want to violate a NSL gag order. It is a tough position. The letters are often used for collecting user data from email providers, cellular data from telecom companies – basically everything one would expect. The NSL can compel an ISP to release even a customer’s Internet history.
All without the suspect or target knowing. Some companies attempt to bypass this by using a “warrant canary.” Warrant canaries are the exact opposite of notifying the public or the target of the NSL. They take the form of a privacy disclosure that mentions that the company did not receive a NSL up until a certain date. That entire clause or phrase gets deleted once the NSL lands. This method is heavily scrutinized and even companies that practiced the canaries at one point question whether or not the warrant canary would hold up in court.
Back to the year’s NSLs from the FBI. The Office of the Director of National Intelligence wrote, in the report, that the FBI issued 12,150 NSLs. The year prior, they issued 12,870. This number fell rapidly after Edward Snowden sparked the creation of the Freedom Act—the Patriot Act’s far less ominous replacement. According to ZDNet, the FBI issued the highest number of NSLs in 2004, clocking in at 56,507 letters.
Since then, as written on ZDNet, the, “relaxation of secrecy” regarding NSLs increased. While they are far from an exciting prospect for a company, the decreased number of letters in circulation indicate that the FBI no longer throws NSLs at every issue they face.
Additionally, many tech companies actively fight for the ability to publish their letters. If not a full letter, then a redacted one. If not redacted, at least the number of letters received during a certain time frame. As transparency reports grow more common and expected, companies have shown a willingness to be open about NSLs or government requests for information. Another standard practice is publishing the number of law enforcement requests where they received stay they wanted vs. the number that went ignored, opposed, or otherwise disregarded.
Open Whisper Systems published the results of a grand jury subpoena that ended poorly for law enforcement. While not a NSL, the picture OWS painted looked excellent on paper. The subpoena requested the following: subscriber names, addresses, telephone numbers, email addresses, method of payment, IP registration, IP history logs and addresses, account historytoll records, upstream and downstream providers, any associated accounts acquired through cookie data, and any other contact information from redacted accounts. The organization, most known for an endorsement from Edward Snowden for the encrypted messaging app “Signal,” sent this in response: