The scope of the FBI’s national security letters (NSL) has been revealed by a lifted gag order on a man who fought against compliance for 11 years.
On Monday, the United States District Court – Southern District of New York permitted the filing of a NSL received by Nicholas Merrill, founder of Calyx Internet Access, back in 2004. He has refused to comply and waged a legal battle for the past 11 years in his defense.
As reported by Reuters, national security letters have been a tool of law enforcement since the 1970s. However, their frequency and breadth have grown since the attacks of September 11th.
The FBI sends out these letters, which function like subpoenas, to force companies to disclose information as part of an investigation concerning national security. Unlike subpoenas, however, those who receive these letters are usually prevented from discussing what is explicitly asked of them.
After receiving an NSL in 2004, Merrill initiated a court challenge with the assistance of the American Civil Liberties Union, relates the New York Times. The federal government contended that as the NSL concerned a national security investigation, it had the right to keep the letter’s contents a secret. Merrill contended that this viewpoint violated his First Amendment rights.
In 2010, Merrill won the right to identify himself. The government once again voiced that the letter’s disclosure would harm national security, but a judge apparently disagreed.
“If the Court were to find instead that the Government has met its burden of showing a good reason for non-disclosure here, could Merrill ever overcome such a showing?” US District Judge Victor Marrero ruled (PDF). “Under the Government’s reasoning, the Court sees only two such hypothetical circumstances in which Merrill could prevail: a world in which no threat of terrorism exists, or a world in which the FBI, acting on its own accord and its own time, decides to disclose the contents of the Attachment.”
In August, a federal judge lifted the gag order against Merrill. Following a 90-day period during which the Justice Department could have filed an appeal, the letter has finally been made public.
The NSL (PDF) reveals that the FBI sought a number of different pieces of information with respect to one of Merrill’s customers. This included their email accounts, IP and physical addresses, DSL account data, and website information.
The federal authorities also sought radius log data, or cell site location information. According to The Intercept, the FBI no longer requests this type of information, but it would like to preserve its ability to do so going forward.
A motion to require that the FBI obtain a warrant before requesting radius log data is currently being reviewed by several district courts.
“I feel vindicated today,” said Merrill, summarizing his thoughts regarding the disclosure of the letter. “But there’s a lot more work to be done.”
The publication of Merrill’s NSL follows on the heels of the Tor Project’s allegations that the FBI paid Carnegie Mellon University $1 million to break the anonymizing service last year.