Google on Tuesday disclosed the contents of eight National Security Letters it received between 2010 and 2015, becoming the latest company under reforms afforded by the USA Freedom Act to do so. The requests made by United States Federal Bureau of Investigation were made to Google to identify 21 customer accounts and related account data.
The release stems from a loosening of restrictions by the federal government on publicly sharing National Security Letters. In 2015 Congress passed the USA Freedom Act, which removes an indefinite gag restriction on National Security Letters and allowed companies such as Google to disclose some information about the requests they receive.
Richard Salgado, director of law enforcement and information security at Google, wrote Tuesday in blog post:
“As we have described in the past, we have fought for the right to be transparent about our receipt of NSLs. This includes working with the government to publish statistics about NSLs we’ve received, successfully fighting NSL gag provisions in court, and leading the effort to ensure that Internet companies can be more transparent with users about the volume and scope of national security demands that we receive.”
Information about the subjects of the eight NSLs has been redacted from the letters. What can be seen is that each of the requests are for information related to Gmail accounts. Referencing (18 U.S. Code § 2709) Google is duty-bound to provide law enforcement name, address, length of service and electronic communications transactional records associated with the accounts.
A review of the request yields little to nothing as to the nature of the inquiries. In one NSL dated March 1, 2010, the FBI requests: “While fulfilling your obligations under this letter, please do not disable, suspend, lock, cancel or interrupt service to the above-described subscribers (s) or accounts.”
The FBI uses National Security Letters to require technology companies, service providers, banks and other organizations to turn over specific customer records in national security investigations. Gag orders accompany the letters prohibiting recipients from disclosing receipt of a NSL and from informing the customers who are the subjects of investigations.
In June, Yahoo disclosed three National Security Letters, making it the first time a company had made disclosures since the passage of the USA Freedom Act.
Google, Yahoo, Microsoft, and others have challenged National Security Letters consistently, seeking the ability to be more specific about the number of letters they receive. The use of National Security Letters has come under sharp criticism in the aftermath of the Snowden disclosures. The secret nature of the court that issues the letters and the letters themselves worries privacy advocates. Google and others have challenged the restrictions on the disclosure of NSLs arguing users have a right to know how often these orders are used.
Last year Google challenged 19 National Security Letters in court and fought to for the right to inform Wikileaks of government requests for their data and won.