Google Publishes Eight Formerly Restricted National Security Letters

As part of its transparency initiative, the company published eight national security letters, now allowed under a new provision passed as part of the USA Freedom Act of 2015.

Download the authoritative guide: The Ultimate Guide to IT Security Vendors

Google Security Letters

Google released eight lightly-redacted National Security Letters this week, giving citizens a look at the formerly ultra-secret documents that the U.S. government uses to gather information in terrorism and criminal investigations.

The eight letters requested information about specific email addresses or, in one case, the account information for two users. One letter requested information on the owners of 11 different Gmail accounts. Any information that could identify specific email accounts, telephone numbers or personal identities have been blacked out.

Google and other technology companies have fought to provide users with more information about the types of government requests that the companies have had to respond. Their efforts have helped cast light on a federal power that has little oversight, Andrew Crocker, staff attorney for the Electronic Frontier Foundation, told eWEEK.

“It is a really nice thing to see them following through on their promise to publish as much information as possible, and I sort of hope it becomes a further industry standard,” he said. “Google was an early pioneer in the release of transparency reports.”

The letters, released on Dec. 13, were originally issued from as far back as 2010. Google and other communications services companies gained the ability to release the documents as part of the USA Freedom Act of 2015. The federal legislation added some minor restrictions to the ability of federal agencies to indefinitely force companies and individuals to not disclose any details of National Security Letters, including the fact that they had received one.

“The Department of Justice (DOJ) must now regularly review disclosure restrictions in NSLs and lift those that are no longer needed,” Richard Salgado, director of law enforcement and information security for Google, stated in a blog post. “The United States Attorney General approved procedures to do this, and as we mentioned recently, the FBI has started lifting gag restrictions on particular NSLs.”

The U.S. government and other countries have increased their use of such information requests. In the first half of the year, Google responded to 44,943 requests for user information, of which National Security Letters are one kind, increasing 27 percent from the same period in 2015.

The problem with NSLs is that there is very little oversight of the process and the recipients do not get to challenge them in court, except through a process in which they state their desire to the FBI, the EFF’s Crocker said.

“NSLs are a tool in particular that give a lot of discretion to the executive branch, and the FBI gets to issue them without any involvement by a court and then gets to gag recipients without any involvement by a court, so there is a lot of potential for abuse,” he said.

Google highlighted the publishing of the eight letters with restrained hope.

“While we are encouraged by this development, we will remain vigilant in opposing legislation that would significantly expand the universe of information that can be obtained with an NSL,” Salgado said.

Robert Lemos

Robert Lemos

Robert Lemos is an award-winning freelance journalist who has covered information security, cybercrime and technology's impact on society for almost two decades. A former research engineer, he's...