Judge Orders Google To Comply With Secret FBI Demands For User Information
Once again, national security wins and privacy loses.
A Federal District Court Judge has ruled that Google must comply with a National Security Letter sent by the FBI demanding that it turn over user information:
A federal judge has ruled that Google Inc. must comply with the FBI’s warrantless demands for customer data, rejecting the company’s argument that the government’s practice of issuing so-called national security letters to telecommunication companies, Internet service providers, banks and others was unconstitutional and unnecessary.
FBI counter-terrorism agents began issuing the secret letters, which don’t require a judge’s approval, after Congress passed the USA Patriot Act in the wake of the Sept. 11, 2001, attacks.
The letters are used to collect unlimited kinds of sensitive, private information, such as financial and phone records and have prompted complaints of government privacy violations in the name of national security. Many of Google’s services, including its dominant search engine and the popular Gmail application, have become daily habits for millions of people.
In a ruling written May 20 and obtained Friday, U.S. District Court Judge Susan Illston ordered Google to comply with the FBI’s demands.
But she put her ruling on hold until the 9th U.S. Circuit Court of Appeals could decide the matter. Until then, the Mountain View, Calif.-based company must comply with the letters unless it shows the FBI didn’t follow proper procedures in making its demands for customer data in the 19 letters Google is challenging, she said.
After receiving sworn statements from two top-ranking FBI officials, Illston said she was satisfied that 17 of the 19 letters were issued properly. She wanted more information on two other letters.
It was unclear from the judge’s ruling what type of information the government sought to obtain with the letters. It was also unclear who the government was targeting.
As Declan McCullagh explains, this isn’t the first time that Federal Courts have dealt with this issue:
These aren’t the first cases to tackle whether NSLs, including gag orders, are constitutional or not. In a 2008 ruling (PDF), the Second Circuit Court of Appeals handed down a mixed decision.
A three-judge panel of the Second Circuit took an odd approach: the judges agreed that the “challenged statutes do not comply with the First Amendment” but went on to rewrite the statute on their own to make it more constitutional. They drafted new requirements, including that FBI officials may levy a gag order only when they claim an “enumerated harm” to an investigation related to international terrorism or intelligence will result.
Illston’s decision in the Google NSL case said that the FBI had submitted “classified” evidence “intended to demonstrate that the 19 NSLs were issued in full compliance with the procedural and substantive requirements imposed by the Second Circuit.”
That includes classified declarations submitted by Stephanie Douglas, executive assistant director of the FBI’s national security branch, and Robert Anderson, assistant director of the counterintelligence division at FBI headquarters.
A 2007 report by the Justice Department’s inspector general found “serious misuse” of NSLs, and FBI director Robert Mueller pledged stricter internal controls. Mueller has also called the investigative technique invaluable.
Interestingly, Illston is the same judge who ruled back in March that National Security Letters were unconstitutional. Here’s how Wired described the ruling:
Ultra-secret national security letters that come with a gag order on the recipient are an unconstitutional impingement on free speech, a federal judge in California ruled in a decision released Friday.
U.S. District Judge Susan Illston ordered the government to stop issuing so-called NSLs across the board, in a stunning defeat for the Obama administration’s surveillance practices. She also ordered the government to cease enforcing the gag provision in any other cases. However, she stayed her order for 90 days to give the government a chance to appeal to the Ninth Circuit Court of Appeals.
In her ruling, Judge Illston agreed with EFF, saying that the NSL nondisclosure provisions “significantly infringe on speech regarding controversial government powers.”
She noted that the telecom had been “adamant about its desire to speak publicly about the fact that it received the NSL at issue to further inform the ongoing public debate” on the government’s use of the letters.
She also said that the review process for challenging an order violated the separation of powers. Because the gag order provisions cannot be separated from the rest of the statute, Illston ruled that the entire statute was unconstitutional.
Illston found that although the government made a strong argument for prohibiting the recipients of NSLs from disclosing to the target of an investigation or the public the specific information being sought by an NSL, the government did not provide compelling argument that the mere fact of disclosing that an NSL was received harmed national security interests.
A blanket prohibition on disclosure, she found, was overly broad and “creates too large a danger that speech is being unnecessarily restricted.” She noted that 97 percent of the more than 200,000 NSLs that have been issued by the government were issued with nondisclosure orders.
She also noted that since the gag order on NSL’s is indefinite — unless a recipient files a petition with the court asking it to modify or set aside the nondisclosure order — it amount to a “permanent ban on speech absent the rare recipient who has the resources and motivation to hire counsel and affirmatively seek review by a district court.”
There’s no indication of what caused Illston to essentially reverse itself on this issue. Given the fact that less than three months have passed since that March order was issued it’s clear that the 9th Circuit has not issued an on the appeal.
As is usually the case with National Security Letters, we have no idea which Google users the FBI may be seeking information about. Indeed, under applicable law it is impermissible for law enforcement, Google, or the Courts to make any such information public or to notify the subject(s) of the NSL’s that they are the subject of investigation. These types of letters have been around since the 1970s, when they were primarily used in espionage and terrorism cases and could only be used against foreign powers or individuals reasonably believed to be agents of foreign powers. Indeed, originally, compliance with the letters by the companies they were sent to, principally telecommunications firms, was not mandatory. There were several cosmetic changes over the years, but it wasn’t until the PATRIOT Act that the use of NSL’s was vastly expanded to allow their use in any terrorism or espionage related investigation regardless of whether the target was a foreign citizen or an American citizen. As noted above, there have been some 200,000 NSLs issued since the PATRIOT Act became law according to Justice Department reports, a vast expansion of what had once been an little utilized law enforcement tool.
National Security Letters may indeed be necessary in some cases, but it seems quite obvious that law enforcement has been granted far too much discretion in their use to the point where the privacy of ordinary citizens can now be stripped away just be sending a letter and without judicial review unless the receiving entity decides to challenge it NSL in Court. Now that we live in an era where millions of people are storing important and private information in “the cloud, ” whether that be Google’s servers, Facebook’s servers, or any of the number of offline backup/storage sites that are now available to reasonable price to ordinary citizens. Because this data in the hands of third-parties, which means that the 4th Amendment generally does not apply and law enforcement is not required to get a warrant based on probable cause to believe that the search will lead to the discovery of irrelevant evidence. This gives law enforcement virtually unlimited power to access information from telecommunications companies with no notice to their target and little regard for privacy and constitutional rights. Clearly, we need to rethink the power we’ve granted law enforcement in this area.
Here’s the opinion: