Automattic Releases Five Un-Gagged National Security Letters

from the ask-and-you-have-slightly-better-chance-of-receiving dept

Another batch of FBI National Security Letters has been released, thanks to the expedited review process instituted by the USA Freedom Act. Automattic, the company behind Wordpress, has released five NSLs dating back to 2010, as the result of successful nondisclosure challenges.

Each of the NSLs that we are publishing initially included an indefinite nondisclosure requirement that prohibited us from sharing any information about the letter or publicly acknowledging that we received an NSL. We recently requested that these nondisclosure requirements be lifted, under the “reciprocal notice” procedures of the USA FREEDOM Act. More detail on the procedures that we followed is below. In response to our requests, the FBI lifted the gag orders with respect to all information in each of the NSLs we are making available today. Before publishing the letters publicly, however, we decided to redact the following information from each letter: (1) the site URL about which the government requested information, (2) names of Automattic personnel to whom the request was addressed, and (3) name and contact information for the FBI personnel involved in making the information request. We made these limited redactions in order to protect privacy interests. The NSLs are otherwise what we received when they were served onto us.

The five NSLs are identical. (PDF links included at the bottom of the Automattic post.) Automattic responded to four of those, but had none of the information requested for the fifth. After the gag orders were lifted by the FBI, Automattic informed the targeted users.

The boilerplate NSLs ask for far more info than the FBI's own legal guidance suggests it should be able to request. A 2008 DOJ legal memo says NSLs should be constrained to "phone billing records." The FBI has apparently decided to interpret this as any and all electronic transactional records when it comes to internet service providers. Here's what's requested in the Automattic NSLs:

Subscriber name and related subscriber information

Account number(s)

Date the account opened or closed

Physical and or postal addresses associated with the account

Subscriber day/evening telephone numbers

Screen names or other on-line names associated with the account

All billing and method of payment related to the account including alternative billed numbers or calling cards

All e-mail addresses associated with the account to include any and all of the above information for any secondary or additional e-mail addresses and/or user names identified by you as belonging to the targeted account in this letter

Internet Protocol (IP) addresses assigned to this account and related e-mail accounts

Uniform Resource Locator (URL) assigned to the account

Plain old telephone(s) (POTS), ISDN circuit(s), Voice over internet protocol (VOIP), Cable modem service, Internet cable service, Digital Subscriber Line (DSL) asymmetrical/symmetrical relating to this account

The names of any and all upstream and providers facilitating this account's communications

This is where the FBI starts digging, apparently. By demanding all this info from a single service provider, the FBI can issue NSLs and subpoenas to a large number of additional third parties, even though the DOJ's legal guidance suggests the FBI's NSL requests should be far more constrained.

The recently-instituted challenge options are better than what was in place previously, but Automattic points out there's still plenty of room for improvement.

We also continue to believe that NSLs pose serious constitutional concerns, particularly because they indefinitely prevent companies like us from speaking about them, and informing our users or the public about the NSLs that we receive. The procedures used to lift nondisclosure requirements are flawed because they put the burden of seeking an end to secrecy almost entirely on the companies, like Automattic, who receive NSLs.

The FBI has almost zero legal obligation to perform proactive reviews of issued NSL gag orders. Recipients must spend their time and money challenging them. Fortunately, the challenge process now requires much less of these scarce resources. Automattic has its own boilerplate form for challenging boilerplate NSL gag orders -- one it's willing to share with any NSL recipient --- so we should be seeing more of these released in the near future.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community. Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis. While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: fbi, gag orders, national security letter, nsl, nsls, secrecy, transparency, wordpress