Yahoo Is First to Legally Disclose National Security Letter Contents
You can expect that more NSLs will be revealed by a growing number of email and Internet providers, phone companies and financial institutions as the process moves forward. While the USA Freedom Act made issuing a National Security Letter more complicated, it didn't end the practice; so the FBI can still issue them, they still include the gag orders, and providers are still required to honor them. There's still no requirement for a court order. Although judicial review is possible, it's still extremely difficult. In addition, where they've been challenged in court, the orders themselves have been found unconstitutional on First and Fourth Amendment grounds by a series of federal courts, but appeals by the Justice Department have kept the practice alive. Part of the reason that the NSLs have been allowed to exist at all is that they don't demand the actual contents of communications or other content information. Instead, like the metadata you've heard about in other surveillance activities, the information that the government is seeking are things like account numbers, activity, transactions, IP addresses and the like.This information is then used to develop a picture of ongoing relationships—which, in turn, can be used as the basis for a request for a warrant to reveal the contents of the communications. If it looks like the FBI is skirting the borders of constitutional limits, you'd be right. That's why Congress overwhelmingly passed the USA Freedom Act, which is intended to put some limits and some accountability into the surveillance activities of the government as it applies to U.S. citizens. Of course, like most things in government, the fact that the law exists isn't the same thing as changing the practices covered by the law, which is why a full year has passed since the Freedom Act went into effect and we're only now seeing the first results. Still, the announcement by Yahoo is a first critical—if very small—step. For once, the existence and content of an NSL has been revealed by the recipient without a court fight, and that's very important. A few dozen more changes like that and perhaps the U.S. IT industry can move past the suspicions of Web users and companies around the world that currently must assume that everything they do online is being watched in detail by U.S. government agencies.
While transaction data demanded by the FBI doesn't reveal the contents of a message, it can still reveal a great deal of information that most would consider private. That information can include with whom the subject of an investigation communicated, when it happened, how long it took and how many times the communication happened.